CERT-In Empanel Org

EMPANELLED INFORMATION SECURITY AUDITING ORGANISATIONS by CERT-In
The List of IT Security Auditing Orgnisations, as given below, is up-to-date valid list of CERT-In
Empanelled Information Security Auditing Orgnisations. This list is updated by us as soon as there is
any change in it.
1. M/s AAA Technologies Pvt Ltd

278-280, F-Wing, Solaris-1,
Saki Vihar Road, Opp. L&T Gate No. 6,
Powai, Andheri (East),
Mumbai – 400072.
Website URL : http://www.aaatechnologies.co.in
Ph : 022-28573815
Fax: 022-40152501
Contact Person : Mr. Anjay Agarwal, Chairman & Managing Director
Mobile : +91 09322265876, 9821087283
E-mail : anjay[at]aaatechnologies.co.in
2. M/s AUDITime Information Systems (I) Ltd.
A-504, Kailash Esplanade,

L B S Marg, Ghatkopar (West),
Mumbai – 400086
Ph: 022 40508210
Fax: 022 40508230
Contact Person :Mr. Madhav Bhadra, Director
Mobile : +91 9320253902
E-mail: mmb[at]auditimeindia.com
3. M/s AKS Information Technology Services Pvt Ltd
E-52, 1st Floor,

Sector-3,
Noida – 201301.
Website URL : http://www.aksitservices.co.in
Fax : 0120-4243669
Contact Person : Mr. Ashish Kumar Saxena, Managing Director
Mobile : +91 9811943669
E-mail : ashish[at]aksitservices.co.in
4. M/s Aujas Networks Pvt Ltd
#595, 4th floor, 15th Cross, 24th Main, 1st Phase,

JP nagar,
Bangalore, Karnataka- 560078.
Website URL : http://www.aujas.com/
Ph : 080-26087878
Fax: 080-26087816
Contact Person : Mr. Jaykishan Nirmal, Vice President
Mobile : +91 9980238005
E-mail : Jaykishan.Nirmal[at]aujas.com
5. M/s AGC Networks
2nd Floor, Equinox Business Park,

Tower 1, (Peninsula Techno Park),
Off Bandra Kurla Complex, LBS Marg,
Kurla (West), Mumbai – 400070, INDIA
Ph : 0 22-6661 7466
Fax: +91 22 6704 5888
Contact person :Mr. Atul Khatavkar, VP - ITGRC
Mobile: +91 9930132135
E-mail: atul.khatavkar[at]agcnetworks.com
6. M/s Cyber Q Consulting Pvt Ltd.
622 DLF Tower A,Jasola

New Delhi-110044
Website URL: http://www.cyberqindia.com
Ph : 011-41077560
Fax : 011-41077561
Contact Person : Mr. Debopriyo Kar, Head-Information Security
Mobile: +91 9810033205 / 9968846947
E-mail : debopriyo[dot]kar[at]cyberqindia.com
7. M/s Control Case International Pvt Ltd
203, Town Center-1, Andheri-Kurla Road,

Saki Naka, Andheri(E)
Mumbai-400059
Ph: 91-22-66471800
Fax: 91-22-66471810
Contact Person :Mr. Satyashil Rane
Mobile : +91 919769812324
E-mail : srane[at]controlcase.com
8. M/s Centre for Development of Advance Computing (C-DAC),
Plot No. 6 & 7, Hardware Park,

Sy No. 1/1, Srisailam Highway,
Pahadi Shareef Via Keshavagiri (Post)
Hyderabad - 500005
Ph: 040-23737124
Fax: 040-23738131
Mobile :9248920122
Contact Person: Shri Ch.A.S. Murthy, Principal Technical Officer
Email: cswan [at]cdac.in
9. M/s Cyber Security Works Pvt. Ltd.
Shri M.Ram Swaroop , President

No.3, III – Floor, E- Block,
599, Anna Salai,
Chennai – 600 006
Email:info[at]cybersecurityworks.com
Mobile:9790702222
10. M/s Cigital Asia Pvt Ltd
Prestige Blue Chip TechPark,

3rd block 4th floor, No.9 Hosur Road,
Bangalore – 560 029
Contact Person: Mr. Amarnadh Kolli (Director Operations).
Mobile : +91 99001 92727
E-mail : akolli[at]cigital.com
11. M/s Deccan Infotech Pvt. Ltd.
Shree Dilip H Ayyar , Director

13 J, Jakkasandra Block.
7th Cross ,
Koramangala ,
Bangalore - 560 034
Email:dilip[at]deccaninfotech.in
Mobile:096864-55399
Tel: 080 - 2553 0819
Fax:080 - 2553 0947
12. M/s Digital Age Strategies Pvt. Ltd.
Shri Dinesh S Shastri , Director

No. 28 , Om Arcade "3"rd Floor,
Thimmappa Reddy Layout,
Hilimuavu Gate,
Bannerghatta Road ,
Banglore-560076
Email: audit[at]digitalage.co.in, dinesh.shastri[at]digitalage.co.in
Mobile: 9448088666 , 9448055711
13. M/s Ernst & Young Pvt Ltd
Tidel Park, 6th floor (601), A block, 4, Rajiv Gandhi Salai,

Taramani Chennai- 600113, Tamil Nadu
Website URL: www.ey.com/india
Ph : +91 124 6121380
Contact Person: Mr. Vidur Gupta, Director – Advisory Services
Mobile : +91-9650711300
E-mail : Vidur.Gupta[at]in.ey.com
14. M/s HCL Comnet Ltd
A-104, Sector 58, Noida - 201301

Ph: 0120-4362800
Fax: 0120-2539799
Contact person : Mr. Sreekumar KU, AVP
Mobile : +91 9650263646
E-mail : sreekumarku[at]hcl.com
15. M/s isec Services Pvt. Ltd
607-608 Reliable Business Center, Near Heera Panna Mall,

Anand nagar, Oshiwara, Jogeshwari (West) - 400102
Contact Person: Mr. Naman Chaturvedi, Information Security Analyst
Mobile: 9167188483
Email: contactus[at]isec.co.in
16. M/s KPMG
8th floor, Tower B, DLF Cyber City,Phase-II, Gurgaon- 122002

Website URL: www.kpmg.com
Ph : 0124-3074134
Fax: 0124-2549101
Contact Person: Mr. Atul Gupta, Director
Mobile : +91 09810081050
E-mail : atulgupta[at]kpmg.com
17. M/s Lucideus Tech Private Limited
NSIC Campus,
Software Technology Park Extn,
Okhla Phase III,
New Delhi - 110020
Contact person:Mr. Srivathsan Sridharan, Vice President- Sales
Mobile: 9599057764
Email: sri.s[at]lucideus.com
18. M/s Locuz Enterprise Solutions Ltd
401, Krishe Sapphire, Main Road,

Madhapur, Hyderabad – 500081.
Phone: +91-40-45004600
Fax: +91-40-45004601.
Contact person: Mr. M Srikanth, Vice President
Mobile:- +91 9246599600
Email:-Srjtabth.m[at]locuz.com
19. M/s Mahindra Special Services Group
212, 2nd Floor, Rectangle One, Commercial Complex D4,

Saket, New Delhi-110017
Ph: 022-24984213
Fax: 022-24916869
Contact person :Mr. Dinesh K Pillai, Chief Executive Officer
Mobile : +91 9769693764
E-mail : dinesh.pillai[at]mahindrassg.com
20. Madhya Pradesh Agency for Promotion of Information Technology
(Dept. of Science & Technology, Govt. of M.P.)
Shree Roopak Srivastava ,Principal Consultant – Program Management & Head - Center of
Excellence State IT Center, 47-A Arera Hills,
Bhopal 462011 (M.P.)
Mobile:+91-9977203089
Email: roopak.srivastava[at]mapit.gov.in
Website: http://www.mapit.gov.in
21. M/s Netmagic IT Services Pvt. Ltd
Lighthall 'C' Wing, Hiranandani Business Park,

Saki Vihar Road, Chandivali, Andheri (East)
Mumbai 400 072
Website URL: www.netmagicsolutions.com Ph : 022-40099099
Fax: 022-40099101
Contact Person: Mr. Yadavendra Awasthi, Chief Information Security Officer
Mobile: +91 09987172584
E-mail : yadu[at]netmagicsolutions.com
22. M/s Network Intelligence India Pvt Ltd
204-Ecospace IT park, Off old Nagardas road,

Near Andheri Sub-way, Andheri East, Mumbai- 400069
Website URL: www.niiconsulting.com/
Ph : 1800 2700 374 (Toll Free)
Fax: 022-40052628
Contact Person: Mr. K K Mookhey, Director
Mobile: 1800 2700 374 (Toll Free)
E-mail : kkmookhey[at]niiconsulting.com
23. M/s Net-Square Solutions Pvt. Ltd.
1,Sanjibaug, Nr. Parimal Crossing

Paldi, Ahmedabad-380007 , India
http://www.net-square.com
Contact Person : Mr.Hiren Shah, President
Mobile : +91 98694 23839
Ph : +91 22 6695 4004
24. M/s Paladion Networks
Shilpa Vidya 49, 1st Main, 3rd Phase, JP Nagar, Bangalore- 560078
Website URL: www.paladion.net
Ph : 080-42543444
Fax: 080- 41208929
Contact Person: Mr. Amit Tewari, Sales Manager
Mobile: +91 09910301180
E-mail : amit.tewary[at]paladion.net
25. M/s PricewaterhouseCoopers Pvt Ltd
Building 8, 7th & 8th floor, Tower- C,

DLF Cyber city, Gurgaon- 122002
Website URL: www.pwc.com/in/en
Ph : 0124-4620000
Fax: 0124-4620620
Contact Person: Mr. Rahul Aggarwal,Director
Mobile : +91 09811299662
E-mail : Rahul2.aggarwal[at]in.pwc.com
26. M/s Payatu Technologies Pvt. Ltd.
Shree Murtuja Bharmal , Director

502,Tej House,
5 MG Road,Camp,
Pune-411001
Email: murtuja[at]payatu.com
Mobile:- 9850998411
27. M/s Qadit Systems & Solutions (P) Ltd.
1st Floor, Balammal Buildings, 33 Burkit Road,

T. Nagar, Chennai 600017
Ph: 4442791150
Fax: 4442791149
Contact Person : Mr. V Vijayakumar, Director
Mobile: 9444019232
Email : vijay[at]qadit.com
28. M/s RSM Astute Consulting Pvt. Ltd.
3rd Floor, A Wing, Technopolis Knowledge Park,

Mahakali Caves Road, Andheri (East),
Mumbai – 400093
Tel: 91-22- 6108 5555
Fax: 91-22-61085556
Contact Person :Mr. Iqbal Zafar, Associate Director
Mobile: 9867443769
Website : www.rsmindia.in
29. M/s Recon Business Advisory Pvt. Ltd.
Shree Capt. Satya Yadav , CEO & MD

F-8, 3rd Floor,
Kalkaji Main Road,
New Delhi - 110019.
Email: Satya.yadav[at]reconglobal.in
Mob: 8130986963 , 9599586718
Tel: 011-46661010
Web: www.reconglobal.in
30. M/s Sumeru Software Solutions Pvt Ltd
#20, 1st floor, 11th main 39 A Cross,

Jayanagar 4T Block Bangalore- 560041
Website URL: http:// www.sumerusolutions.com
Ph : 080-28432802
Fax: 080-28432800
Contact Person: Mr. Rajagopal Venkataraman, Vice President
Mobile:+91 09620104046
E-mail : raj.venkat[at]sumerusolutions.com
31. M/s Sysman Computers Pvt Ltd
312, Sundram, Rani Laxmi Chowk,

Sion Circle, Mumbai- 400022
Website URL: www.sysman.in
Ph : 022-24073814
Contact Person: Dr. Rakesh M Goyal, Managing Director
Mobile: 91-99672-48000 / 99672-47000
E-mail : rakesh[at]sysman.in �ससमैन@�ससमैन.भारत
32. M/s SISA Information Security Pvt Ltd
SISA House, No. 3029B, Sri Sai Darshan Marg

13th Main Road,HAL II Stage, Indiranagar,
Bangalore - 560008,India
Ph: 91-80-4910 4100
Fax: 91-80-4910 4125
Contact Person : Mr. Nitin Bhatnagar
Mobile : 91-98208 85922
E-mail : Sales[at]sisainfosec.com
33. M/s STQC Directorate
Electronics Niketan, 6 CGO Complex,

Lodhi Road, New Delhi- 110003
Website URL: www.stqc.gov.in
Ph : 011 24301816
Fax: 011 24363083
Contact Person: Mr. Aashish Banati, Scientist 'F',
E-mail : abanati[at]stqc.gov.in
Mobile: 9968314724
34. M/s Suma Soft Pvt. Ltd.
Shri Milind Dharmadhikari , Practice Head - IT Risk & Security Management Services
2nd Floor, SumaCenter,
Opposite Himali Society,
Erandwane,
Near Mangeshkar Hospital ,
Pune, Maharashtra 411004
Email: infosec[at]sumasoft.net
Mobile: 9870006480 , 9822600489
35. M/s Security Brigade InfoSec Pvt. Ltd.
Shri Yash Kadakia , Chief Technology Officer

165 A to Z Industrial Estate,
Ganpatrao kadam marg,
Lower Parel(W),
Mumbai,
Maharashtra 400013
Email: yash[at]securitybrigade.com , certin[at]securitybrigade.com
Mobile: 9833375290
36. M/s Sify Technologies Limited
II Floor, Tidel Park, No 4 Canal Bank Road,

Taramani, Chennai - 600113
Contact Person:Mr Palaniraja muthukumarasamy, Associate General Manager
Mobile: 9677083666
Email: palani.raja[at]sifycorp.com
37. M/s Sandrock eSecurities Pvt Ltd
E-46, Rani Garden Extension,

Shastri Nagar, Delhi - 110031
Contact Person: Rachna Agarwal, Head – Business Operations
Mobile: 9560211616
Email: pentest[at]sandrock.in
38. M/s Torrid Networks Pvt. Ltd.
M/s Torrid Networks Private Limited

C-171, 2nd Floor, Sector-63
Noida-201301 Uttar Pradesh
Ph: +91-120-4270305, +91-120-4216622
Fax: 012-04235064
Contact Person :Mr. Salil Kapoor
Mobile : + 91 92 666 666 91
E-mail : apac[at]torridnetworks.com
39. M/s Varutra Consulting Private Ltd.
Corporate Office :
A-302 & A-303, Oxy Primo,
Gate No. 599, Bakori Phata,
Pune-Nagar Highway,Opp. Jain College,
Wagholi, Pune-412207, Maharashtra, India.
Ph: 2040222891
Fax: 2040222891
Contact Person : Shrushti Sarode
Email : shrushti[at]varutra.com
Mobile: 840 8891 911
40. M/s ValueMentor Consulting LLP
'Chandanam' Infopark Thrissur

Koratty,
Kerala- 680308
Ph No: 4872970700
Contact Person : Mr. Binoy Koonammavu, CEO & Principal Consultant
Email : cert[at]valuementor.com
Mobile :91 974 5767 949
41. M/s Vista Infosec Pvt. Ltd.
VISTA InfoSec, 001, North Wing, 2nd Floor, Neoshine House,

Opp. Monginis Factory, Link Road, Andheri (West), Mumbai,
Maharashtra, India.
Contact person :Mr. Narendra S Sahoo, Director
Mobile : +91 9820223497
E-mail : narendra.sahoo[at]vistainfosec.com
42. M/s Wipro Ltd
Wipro Infotech,
480-481, Udyog Vihar, Phase-III,
Gurgaon, Haryana
Ph No: 0124-3084000
Fax : 0124-3084269
Contact Person : Mr. Prabir Kumar Chaudhuri
Mobile : +91 9818600990
Fax: 0124-3084269
E-mail : prabir.chaudhuri [at]wipro.com
43. M/s Xiarch Solutions Pvt Ltd
352, 2nd Floor Tarun Enclave,

Pitampura, New Delhi-110034
Ph: 011-45510033
Fax:011-66173033
Contact Person:Utsav Mittal, Principal Consultant
Email: utsav[at]xiarch.com / cert[at]xiarch.com
Mobile :9810874431
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
M/s AAA Technologies Pvt Ltd
1. Name & location of the empanelled Information Security Auditing Organization :
AAA Technologies Private Limited, Mumbai, Delhi, Bangalore, Lucknow
2. Carrying out Information Security Audits since : 2000
3. Capability to audit , category wise (add more if required)
• Network security audit (Y/N) : Yes

• Web-application security audit (Y/N) : Yes
• Wireless security audit (Y/N) : Yes
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
4. Information Security Audits carried out in last 12 Months :
Govt. : 160+
PSU : 75+
Private : 20+
Total Nos. of Information Security Audits done : 255+
5. Number of audits in last 12 months , category-wise (Organization can add categories

based on project handled by them)
Network security audit : 75+

Web-application security audit : 200+
Wireless security audit : 25+
Compliance audits (ISO 27001, PCI, etc.) : 25+
6. Technical manpower deployed for information security audits :
CISSPs : 4+
BS7799 / ISO27001 LAs : 25+
CISAs : 12+
DISAs / ISAs : 5+
Any other information security qualification : 30+
Total Nos. of Technical Personnel : 60+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
S. Name of Duration with Experience in Qualifications related

No. Employee <organization> Information Security to Information security
1) Anjay Agarwal 16 22 ISMS LA, CISA, ISA,
CEH, ECSA, LPT,
COBIT Certified
Assessor
2) Venugopal M. 15 14 ISMS LA, ISA
Dhoot
3) Ruchi Agarwal 12 12 ISMS LA
4) Venugopal 10 20 CISSP, ISMS LA,

Iyengar CISM, CISA
5) D.K.Agarwal 13 14 CISA
6) Vidhan Srivastav 12 12 CISSP, ISMS LA
7) Sudhir Lad 5 15 CISA

8) Supriya Moni 5 7 ISMS LA
9) Rajesh Sharma 5 8 ISMS LA, CEH
10) Ravi Naidu 6 9 ISMS LA, CEH
11) Harpreet Singh 3 3 CEH

Dhanjal
12) Bharati Pawar 3 3 CEH
13) Rahul Verma 3 4 ISMS LA
14) Raja Yadav 1 3 ISMA LA, CEH
15) Shailendra Rawat 1 3 ISMA LA, CEH
16) Atul Raj 1 3 ISMS LA, CEH
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Information Security Audit including SAP Audit for a Municipal Corporation for above Rs. 1
Crore
Consultancy for Implementing ISO 27001 for 17 Data Centers across India including
Vulnerability Assessment and Penetration Testing for Rs. 54.57 Lakhs
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):
Commercial
i. Acunetix
ii. Core Impact
iii. Nessus Pro
iv. Nipper
v. Burp Suite
Freeware
i. Nmap
ii. DOMTOOLS - DNS-interrogation tools
iii. Nikto - This tool scans for web-application vulnerabilities
iv. Firewalk - Traceroute-like ACL & network inspection/mapping
v. Hping – TCP ping utilitiy
vi. Dsniff - Passively monitor a network for interesting data (passwords, e-mail, files,
etc.). facilitate the interception of network traffic normally unavailable to an attacker
vii. HTTrack - Website Copier
viii. Tools from FoundStone - Variety of free security-tools
ix. SQL Tools - MS SQL related tools
x. John - John The Ripper, Password-cracking utility
xi. Paros - Web proxy for web application testing
xii. Wikto - Web server vulnerability assessment tool
xiii. Back Track
xiv. Meta Sploit
xv. Ethereal - GUI for packet sniffing. Can analyse tcpdump-compatible logs
xvi. NetCat - Swiss Army-knife, very useful
xvii. Hping2 - TCP/IP packet analyzer/assembler, packet forgery, useful for ACL inspection
xviii. Brutus – password cracking for web applications, telnet, etc.
xix. WebSleuth - web-app auditing tool
xx. HTTPrint – detect web server and version
xxi. OpenVas
xxii. W3af
xxiii. Owasp Mantra
xxiv. Wire Shark
xxv. Ettercap
xxvi. Social Engineering Tool Kit
xxvii. Exploit database
xxviii. Aircrack-Ng
xxix. Hydra
xxx. Directory Buster
xxxi. SQL Map
xxxii. SSL Strip
xxxiii. Hamster
xxxiv. Grimwepa
xxxv. CAIN & Able
xxxvi. Rips
xxxvii. Iron Wasp
xxxviii. Fiddler
xxxix. Tamper Data
Proprietary
i. AAA - Used for Finger Printing and identifying open ports, services and
misconfiguration
ii. Own developed scripts for Operating System and Database Audit
10. Outsourcing of Project to External Information Security Auditors / Experts : No
( If yes, kindly provide oversight arrangement (MoU, contract etc.))
*Information as provided by < AAA Technologies Private Limited> on <24/11/2016>
Back
M/s AUDITime Information Systems (India) Limited
AUDITime Information Systems (India) Limited

Registered Address:
A-504, Kailash Esplanade,
LBS Marg, Ghatkopar (W)
Mumbai 400 086
Tel: 022 40508210
Fax: 022 40508230
Communication & Correspondence Address:

A-101, Kailash Industrial Complex,
Park Site, New Hiranandani Road
Vikhroli (West), Mumbai 400079)
Tel.: (022) 40508200
Fax: (022) 40508230
2. Carrying out Information Security Audits since : 12 Years
• Network Security Audit : Yes

• Web Application Security Audit : Yes
• Wireless Security Audit : Yes
• Compliance Audits (ISO27001, PCI, etc.) : Yes
• IT Policy Drafting : Yes
• IT Risk Assessment : Yes
Govt. : 6
PSU : 2
Private : 33
Total Nos. of Information Security Audits done : 41
5. Number of audits in last 12 months , category-wise
Network Security Audit 6
Web-Application Security Audit 3
Compliance Audits - ISO 27001 1
Compliance Audits - SOX IT General 1

Control Testing
Regulatory Compliance Audits - Exchange 22
Members Annual Compliance System
Audit, etc.
Regulatory Compliance Audits - CVC 1
Guidelines Compliance Audit
Application Audit 2
Billing Audit 1
IT Consultancy Projects - Consultancy for 1

CBS, Data Migration and Load Testing
Pre & Post Migration Audit of Core 1
Banking Solution
Payment Gateway Audit 1
Third Party Security Audit 1
Wireless Security Audit Nil
Total 41
6. Technical manpower deployed for information security audits : Refer Annexure I
Total Nos. of Technical Personnel: 18 Nos.
Critical sector organizations Refer Annexure II
etc.) Along with project value. Refer Annexure_III & Purchase order copies attached.
S. No. Client Name Scope Title PO Value

1 Federal Bank IS Audit of Branches Rs.33,25,000/
2 Infocepts • ISO 27001 & SAS 70 controls Rs.6,00,000/
Technologies Pvt. Preparation
Ltd. • Training one batch of ISMS Internal
Audit
3 Hindustan • ISO 27001 Implementation Rs.64,00,000/-
Petroleum • Quarterly vulnerability Assessment &
Corporation Penetration Testing
Limited. (IBM) • Security Operation Centre Management
• ISMS and Information Security
Awareness Training
4 Bayer Business IBM Rational Appscan & Consultancy Rs.17,38,810/-
Services Services of Intranet Web Application
Vulnerability Assessment
5 Vijaya Bank IS Audit of Core Banking Solution Rs.7,90,000/-
6 Andhra Bank IS Audit of Critical Areas in CBS Rs.3,00,000/-
7 Andhra Bank IS Audit of Smart Card Project for Rs.4,50,000/-
Government Benefit Distribution
8 The Oriental Comprehensive Audit of CBS Application Rs.99,27,000/-
Insurance Co. Ltd. and Data Migration Audit

Refer Annexure IV
(If yes, kindly provide oversight arrangement (MoU, contract etc.))
Information as provided by AUDITime Information Systems India Limited on 22nd May

2013
Back
ANNEXURE – I
S. No. Employee Name Designation Certification
1. Mr. Paresh Desai Managing Director CA, CISA, CISM, CGEIT

2. Mr. Madhav Bhadra Director CA, CISA, CISM
3. Mr. Chetan Director CA, CISA, CISM, CRISC
Maheshwari
4. Mr. Deepesh Chitroda Asst. Vice CEH, CHFI, ECSA, CCISO, CCSECA, IBM
President
5. Ms. Dhruti Patel Asst. Vice CISA
President
6. Mr. Narendra Singh Asst. Vice CISA, LA27001
Badwal President
7. Mr. Ritesh Kotecha Asst. Vice CA, CISA
President
8. Mr. Deval Kapadia Asst. Vice CISA
President
9. Ms. Jayabharthi M. Sr. Manager CISA, CISM, CISSP, LA27001,CEH
10. Mr. Hiren Shah Sr. Manager LA27001
11. Mr. Shomiron Sr. Manager CISA, CISSP, LA27001, CEH
Dasgupta
12. Mr. Balamurugan Sr. Manager CISA, CISM, CISSP, LA27001, CEH
13. Mr. Deepak Yadav Manager CISA,CS-MARS,CSM, CEISB, CCSA, CCNA
14. Ms. Swati Dhamale Audit Executive GNIT
15. Mr. Adish Karkare Audit Executive CISA, LA27001, CEH, SWAT, RHCE, JNCIA-SEC,
CCSA
16. Mr. Nikhil Parashar Audit Executive CEH
17. Mr. Satyasandeep Audit Executive JNCIA-SEC, CCNA, MCSA
18. Mr. Laxmi Narayan Audit Executive CEH,CCNA
Back
ANNEXURE – II
Details of technical manpower deployed for information security audits in Government and
Critical sector organizations
S. No Name of Duration Experien Qualifications related to Information

Employee with ce in security
<organiza Informati
tion> on
Security
1 Deepesh Chitroda +7.5 Years Yes. + 13 • Certified Ethical Hacker (CEH)
years • Computer Hacking Forensic Investigator
(CHFI)
• Eccouncil Certified Security Analyst (ECSA)
• Certified Chief Information Security Officer
(CCISO)
• Cambridge Certified Security Associate
(CCSECA)
• IBM Technical Professional
• Jetking Certified Hardware & Networking
Professional
2 Jaya Bharathi M. +5 years Yes. + 24 • MCA
years • Post Graduate Diploma in Computer
Applications (PGDCA)
• ISO 27001 implementer and lead auditor
• CEH
• CISA
• CISM
• CISSP
3 Hiren L Shah +6 years Yes. + 9 • ISO27001 Implementer
years
4 Deepak Yadav +2.5 years Yes. • MCA
• CISA
• ITIL V3 Foundation Certification
• CCSA
• CCNA
• CEISB
• CSM
• CS-MARS
5 N Lakshmi +1.5 years Yes. • CCNA
Narayana • CEH
• Post Graduate Diploma in
• Networking & Telecommunications
• Bachelor of Technology in
• Electronics & Communications
6 Swati Prakash +1.5 years Yes. +3.5 • GNIIT
Dhamale years
7 S. Satyasandeep +1.5 years Yes. • B.Tech
• CCNA
• JNCIA
• MCSA
8 Adish Karkera +1 years Yes. +7 • B.E.,
years • CISA
• LA 27001 Implementer
• Certified Ethical Hacker
• Star Web Application Security
• Red Had Certified Engineer
• Juniper Networks Certified Internet Specialist
• Check Point Certified Security Administrator
9 Nikhil Parasher +0.5 years Yes. +2.5 • B. Tech - IT
years
Back
ANNEXURE - III
Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) Along with project value.
Sr. Client Name Project Title Particulars of Projects

No.
1. Federal Bank Branch IS Audit IS Audit of Branches

• Finacle and related applications such as ATM and
other payment systems, interfaces to CBS etc.
• Internet Banking
• Mobile / Tele Banking
• HR software (peoplesoft)
• Email
• Treasury - LaserTX
• We covered all the key applications under IS Audit
• Finacle and related applications such as ATM and
other payment systems, interfaces to CBS etc.
• Internet Banking
• Mobile / Tele Banking
• HR software (peoplesoft)
• Email
• Treasury - LaserTX
Scope includes
1. IS Audit of Application Controls - Evaluating the
adequacy and effectiveness of controls in a particular
application
2. IT Environment Review - Evaluation of controls
addressing the general risks associated with the
operation of information technology viz. change
control, disaster recovery, physical upkeep of the
surroundings such as cleanliness, physical access to
the computers, fire-fighting readiness, etc.;
3. IT Technical Review - Evaluation of the network
architecture and the vulnerability of the IS
environment to the risks such as unethical hacking,
etc.
a) Information System Security Policy
(ISSP)
b) Implementation of ISSP
c) Physical Access Controls
d) Operating System Controls
e) Database controls
f) Network Management
g) IS Audit Guidelines
2. Infocepts • ISO 27001 & I. PREPARATION FOR ISO 27001 ISMS

Technologies SAS 70 controls 1. Ascertaining structure of organization and scope of
No.
Pvt. Ltd. Preparation Information Security (IS)
• Training one requirement
batch of ISMS 2. Establishing the extent of compliance with the
Internal Audit mandatory requirements of ISO/IEC 27001
3. Using 133 controls listed in ISO/IEC 27002 (the Code
of Practice) as a framework, Identifying preliminary
GAPs in Information Security controls in place within the
organization
4.ISMS Over Training and IS Security Awareness Training
5. Assessing Policy / Procedures / Technical IS
improvements that would be necessary to achieve
compliance with the ISO/IEC 27001 standard
6. Report on findings of GAP Analysis and make
recommendations for remedial action / strategy to
achieve compliance requirements of ISO/IEC 27001
7. Assistance in Stage I & II Audit
II. SECURITY AWARENESS TRAINING FOR 300
EMPLOYEES
1. Information Security and its Concepts
2.Company’s IT Security Policies
3.Countermeasures against IT Risks and Threats
III. PERIODIC AUDIT – 6 AUDITS

Covering Core Three IT Domains:
• IT Management Controls
• Certification, Accreditation and Security Assessment
• Planning
• Risk Assessment
• System and Services Acquisition
• IT Operations Controls
• Awareness and Training
• Configuration Management
• Contingency Planning
• Incident Response
• Maintenance
• Media Protection
• Physical and Environmental Protection
• Personnel Security
• System and Information Integrity
• IT Technical Controls
• Access Controls
• Audit and Accountability
• Identification and Authentication
No.
• System and Communications Protection
IV. SAS 70 TYPE II AUDIT PREPARATION

Analysis of existing control structure
Gap identification. Documentation and training on SAS 70
controls
Internal audit of SAS 70 requirements
Support during SAS 70 Type 2 Audit
3. Hindustan • ISO 27001 Security assessment of HPCL’s web site jobs.hpcl.co.in as
Petroleum Implementation per the following vulnerabilities indicated by open web
Corporation • Quarterly application security project (OWASP).
Limited vulnerability a. Cross site scripting (XSS).
Assessment & b. Broken authentication and session
Penetration management.
Testing
c. Insecure direct object references.
• Security
Operation Centre d. Cross site request forgery.
Management e. Security misconfiguration.
• ISMS and f. Failure to restrict URL access
Information g. Invalidated redirects and forwards.
Security h. Injection flaws.
Awareness i. Insufficient transport layer protection.
Training
2. Gap analysis report of the application as compared to
the Application Security best practices suggested by
OWASP.
3. Provide specific remediation / mitigation
recommendations to the gaps identified. The
recommendations would suggest implementable
solutions, which would mitigate the application security
risk. Remediation Recommendations will be implemented
by HPCL.
4. After implementing mitigation recommendation by
HPCL, Vendor will again do the security assessment and
provide the required compliance certificate to HPCL.
5. During the remediation phase Vendor will provide
support for implementing remediation measures
suggested
6.Information related to HPCL website will be provided by
HPCL
4. Bayer IBM Rational To provide Internal Vulnerability Assessment Service for
Business Internal / Intranet Web Based Applications
Services
5. Vijaya Bank IS Audit of Core 1. Introduction
Banking Solution 1.1. Core Banking Application Suite
As on 31-12-2011 there are 1417 service outlets

including branches, extension counters and offices on the
Core Banking Platform using the ‘Finacle’ solution of M/s.
Infosys Technologies Limited (and 669 networked ATM’s).
The following application packages have been covered
under the Core Banking Solutions Project.
i. Core Banking Solution
ii. Trade Finance solution
iii. Internet Banking solution
iv. Government Business Module
v. New products and services such as
Electronic Bill Payments, Pilgrimage
services, Electronic Ticketing, Collection
/ Payment services, Utility Bill Payment
etc as part of the Internet Banking
Services.
vi. Availability of interfaces of the following
modules with the Core Banking
No.
Solutions:-
a. Anti-money laundering solution
b. Credit appraisal solution –RLOS
& CLAPS
c. Customer Relationship
Management Solution
d. Internally developed and
outsourced /procured third party
systems
e. ATM Interfaces
f. Mobile Banking – SMS / WAP
g. Tele Banking Solution
1.2. Products and Services
The Bank has a rich portfolio of Deposits, Loans,

Remittances, Bills, Foreign Exchange Business and other
fee based products. An illustrative list is given below.
i. Demand deposits (Domestic as well as foreign
currency)
• Current Deposits
• Savings Bank Deposits
• Flexi deposits
• Capital Gains Deposits
• NRO/NRE Deposits
ii. Time deposits

• Fixed deposits
• Simple interest
• Cumulative interest
• Units Based Deposits
• FCNR/NRE/NRO
• Capital Gains
• Recurring deposits (Domestic)
• Fixed installment
• Variable installment
• Daily Deposits
iii. Working Capital Finance

• Cash credit accounts against stocks and book debts
(CCH)
• Cash credit against Immovable Properties and
Govt. Securities (CCM)
• Packing Credit/Export Finance
• Post Shipment Credit
• iv. Term Lending (Domestic as well as foreign
currency)
• Short term
• Medium Term
• Long Term
• Consortium/Syndicated Loans
v. Trade Finance – non-fund based
• Letter of credit
• Bank Guarantee
• Deferred Payment
vi. Bills Business

• Collection of bills and cheques - Inward and
outward
• Purchase/Discounting of sales/drawee bills (clean
and documentary) / Cheques
• Bills Related Advances
• Retail Loans
• Vehicle loans – Simple Interest, Compound

No.
Interest & EMI Based facilities.
• Housing loans – Simple Interest, Compound
Interest, & EMI Based facilities.
• Consumer loans - EMI Based facilities.
• Education loans–Simple Interest, Compound
Interest & EMI Based facilities.
• Personal loans - EMI Based facilities.
• Schematic Lending Activities
• Product based loans like V-Equip, V-Cash, V-Rent –
EMI Based etc.
• Commercial Loans to
Trade/Industry/Service/Profession
viii. Industrial/Corporate Loans

ix Remittances
• Demand Draft – Issue/payment
• Banker’s Cheque/Pay Orders – Issue/Payment
• Fund Transfer – NEFT/RTGS
• Inter-branch Transactions – originating/responding
x. Government Business
• Pension payments (State / Central / Railways)
• Direct Tax collection
• RBI Relief Bonds
• Indirect Tax - Excise
xii. Miscellaneous Services

• Locker Services
• Merchant Banking Services
• Dividend/Interest/Refund Warrants
• Agency Arrangement with other Banks
1.3. Modules in core banking

• Savings Products
• Current Products
• Overdraft Products
• Cash Credit Products
• Term Deposits Products
• Term Loans Products
• Inland Bills Products
• Foreign Bills Products
• Trade Finance Activities
• Forward Contracts
• Remittance Products
• Packing Credit Products
• Service Branch Functions
• Government Business Products
• Various Office Accounts Functions
2. AUDIT OBJECTIVE
2.1. The Bank is presently using the ‘Finacle’ (Version
7.0.13) Core Banking Solution of M/s. Infosys
Technologies which was earlier audited by one of the IS
Auditors, during the year 2007-2008. The Bank proposes
to migrate to Version 7.0.25 of Finacle Core banking
Solution. The Bank wishes to appoint a competent
Service Provider (SP) for conducting Information Systems
(IS) Audit of the Core Banking application, as per the
scope defined elsewhere, before moving this version to
the production systems. IS audit shall, inter-alia, include
the following activities:-
a) Confidentiality, integrity and availability of the

applications
No.
b) Perform required functionality test of the
application to test the end-to-end functionality
and its usage
c) The security / controls are efficient and effective in
the Core Banking application.
d) To get independent assurance over effectiveness of
controls exercised by out-sourced Service
providers for technology services
e) IT operations are carried out in a controlled
environment
3. SCOPE OF IS AUDIT PROJECT:
The Bank expressly stipulates that the SP’s selection
under this RFP is on the understanding that this RFP
contains only the principal provisions for the entire
assignment and that delivery of the deliverables and the
services in connection therewith are only a part of the
assignment. The SP shall be required to undertake to
perform all such tasks, render requisite services and
make available such resources as may be required for
the successful completion of the entire assignment as per
the fulfillments / deliverables required in the RFP.
The SP’s involvement is expected to be spread across a
period of, at least, 60 days from the date of commencing
the audit.
3.1. Service Provider has to cover the following aspects

while auditing the CBS application:-
A. Functionality perspective:
o Service provider shall take into account Final Audit

Report of the earlier auditor for current version,
who have conducted earlier IS audit, as one of
the inputs.
o Study the implemented functionality of the Core
Banking Application as per the scope of this audit
tender.
o Perform Application Functionality & Controls
Review
o Development of suitable testing methodology /
testing strategy document
o Conduct various tests to verify existence and
effectiveness of the controls for all functionalities,
schemes and products supported by the
applications under review
o Perform a test of controls and functionality setup in
the Finacle core banking application.
o Identify ineffectiveness of the intended controls in
the software and analyze the cause for its
ineffectiveness
o Controls over automated processing /updations of
records, review or check of critical calculations
such as interest rates, etc., review of the
functioning of automated scheduled tasks, output
reports design, reports distribution, etc.
o Audit-ability both at client side and server side
including sufficiency and accuracy of event
logging, SQL prompt command usage, Database
level logging etc.
o Extent of parameterization.
o Internal control built in at application software
level, database level, server and client side
No.
o Backup/Fallback/Restoration procedures and
contingency planning.
o Suggestion on segregation of roles and
responsibilities with respect to application
software to improve internal controls.
o Adequacy, Accuracy, Data Integrity of the MIS
Reports and Audit Reports
o Manageability with respect to ease of configuration,
transaction roll backs, time taken for end of day,
day begin operations and recovery procedures
o Special focused audit is to be made on following
items:-
o Hard coded & Virtual user-id and password
o Interfaces with CBS software of many other
applications / services both in house and third
party systems / solutions – security,
confidentiality, integrity , accuracy and non-
repudiation of the data between systems
o Recovery and restart procedures
o Review of customizations done to the software and
the SDLC policy followed for such customizations.
o Proposed change management procedure during
conversion, migration of data, version control,
application replication, etc.
o Suggest any application specific Audit tools or
programs
o Adequacy of Audit trails and Logs
o Adherence to Legal and Statutory Requirements.
B. Controls perspective
As part of the scope, following controls have to be

thoroughly analyzed
a. Input Controls
b. Output Controls
c. Processing Controls
d. Interface controls
e. Authorization controls
f. Data integrity
g. Database controls
h. Volume Test
i. Server Controls – Application, Web,
Database, Firewall, etc.
j. Backup/ Fall Back/Restoration Procedures
k. Authentication mechanism
l. Security checks/controls
m. Access controls & Logical Access Controls
n. Operating system controls
o. Management controls
p. Change Management
i. Incident Management
ii. Logs management
q. Aspects related to Segregation of Duties
r. Adequacy of audit trails
s. Adherence to legal, statutory requirements
1.20 Performance controls
1.21 Controls on Parameter Setup /Verification/Testing,
etc.,
1.22 Regression Testing
1.23 Prevalence of proper version controls
C. Security Controls perspective:-
No.
Application Security Controls Review inter-alia, cover
following:-
a) Review the application security setup supported by
the Finacle core banking solution to ensure :
b) Access level controls are appropriately built into the
application
i. Only authorized users should be able to edit, input or
update data in the application.
i. Access on a ‘need-to-know’ and ‘need to-do basis’
i. Appropriate user maintenance and password policies
being followed
b. Benchmark the application security parameters and
setup to the Bank’s Security Policy and leading practices
c. Identify gaps in the application security parameter
setup in line with the bank’s security policies and leading
practices
d. Provide a report highlighting gaps in application
security controls with options for improving application
security.
e. Provide a report highlighting the gaps in the
application security setting with respect to the security
policy defined by the Bank
3.2. Review:
After first audit there may be some modifications
required as per suggestions. Once these are
implemented over a period of two months, auditor has to
review the system again and give review audit report.
3.3. General:
No module or segment should be left out on the plea that
it is not specifically mentioned under the scope.
However, the Bank reserves its right to change the scope
of the RFP considering the size and variety of the
requirements and the changing business conditions
4. Deliverables:
• Audit Plan and procedure for each of the CBS
application packages as per the scope.
• Interim report covering all the points as mentioned
under the Scope of Work including specific observations
on the previous IS Audit Report. All observations will be
thoroughly discussed with the process owners before the
finalization of the report
• Final Audit reports with sign off by the Bank and the
Service Provider IS Auditor. (To be submitted within 6
working days of completion of audit and the report
should be submitted in soft copy as word document and
pdf format document besides a signed hardcopy). This
should also include report on the regression test. The
Final report shall , inter-alia, contain:-
o Present status of the pending observations of the
previous audit.
o List of bugs found and key functionalities not supported,
as per the current audit assignment, segregating them as
‘Critical’, ‘Medium’ and ‘Minor’.
o List of enhancements required & feasibility analysis of
these requirements in the CBS.
o Suggestions for improvement in the performance of the
software audited.
o Report highlighting gaps in input, processing and output
controls with recommendations to remedy the gaps.
o Screen Dumps of testing and testing reports
o Security Process Audit Report and recommendations
against best practices
• Report on Risk Analysis and Risk Mitigation
Methodologies
• Review Audit Report – covering the latest status at the
time of review, of all the observations made in the Final
No.
Audit Report.
6. Andhra Bank IS Audit of Critical Sl. Audit Points
Areas in CBS No
1 Proper maintenance of Visitor Register at the DIT
Main Entrance
2 The Data Center is installed with Surveillance
System to monitor
the movement of the Personnel and activities in
and out of the data center.
The continuity of the recording is ensured at
periodic intervals.
3 Maintenance of Access Permissions and Register
for entry into
Data Center.
4 Access to Internet, Limited access vs Unlimited
access etc.,
5 Whether users with administrative privileges are
forced to
change password at periodical interval .
6 Whether user management standard operating
procedure are
in place and the same are being followed
7 Maintenance of Users List (Active Directotry),
disabling
redundant users, periodical review of Users etc.,
8 Periodical review of activities of privileged users.
9 Adequacy of procedures followed at the time of
providing
access to Data Center and other sensitive areas.
10 IT Asset Management - Maintenance and Review
of IT Assets database.
11 Maintenance of documents and records with
respect to Hardware.
12 Comprehensive Insurance covering for critical IT
Assets
13 UPS for backup supply of electricity including
batteries.
14 Whether Air-conditioning, ventilation and
humidity control was
found adequate and the same is monitored and
reviewed on a regular intervals.
15 Installation of Smoke Detector / Heat rise / hot
spots detectors.
16 Whether the installation of Hub / Switches in the
Data Center are
adequately secured
17 Maintenance of Backup Media, Safe Keeping,
Proper Indexing
and Storage,
18 Logs and Audit Trails in Finacle
19 Whether VAPT is conducted periodically on
various surrounding
applications
20 Service Level defined for Helpdesk Management
as well as for Call
Center Management was reviewed and where
details pertaining
to average time of resolution, abandon calls, first
call resolution, cycle time rate, etc. was
recorded.
21 Carrying electronic devices in to the Data Centre.
22 Whether patches issued by OEM are analysed
and same is applied
after satisfactory test are conducted before
entering into production.
No.
23 Assets Management, Configuration Management,
Problem Management and Change Management
using HP OVSC
24 Whether DR drills are conducted periodically
25 Whether the change management processes are
in place and
the same are being followed
26 Whether proper approvals are in place for
emergency / show-stopper
changes
27 System event logs of the application server logs
monitoring using
log logic;
28 Use of IBM ISS Internet Scanner for the
vulnerabilities
29 Vulnerability scanning
30 Working of CSA (HIDS) in the servers
31 Maintenance and periodical updation of network
design, security
controls etc.,
32 Application of patches in accordance with the
defined change
management process
33 Verification of loading of latest Service Packs on
Critical Servers.
34 Existence of default OS Accounts
35 Whether audit trail policy is enabled with

Success and Failure for Account Logon Event,
Directory Services Access and System Events.,
Account Management, Object Access and Policy
Change.
36 Whether the shared folders are permitted with
Everyone - Full Control,Access to the shared
folders should be granted only to the authorized
users and necessary procedures for sharing of
folders on the network are properly documented.
37 Whether USB Drive, Floppy Drive and CD-ROM
are disabled on Admin Nodes.
38 Loading of unauthorised applications on the
systems.
39 Loading of Antivirus Software, periodical updating
of versions, sample checking etc.,
40 Enabling IPSec is which is used for data
transmission through remotely.
41 Whether the Backupof router as wellas firewall
(Core Switch) configuration is taken on a weekly
basisand the same in not stored at offsite
location,
42 Whether all Access Control Entries (ACEs) should
be configured to log..
43 Periodical review of Access Lists configured in the
Firewall
44 Internet Banking - Segregation of duty between
Information Security (IS) team and
Implementation team
45 Appointment of network and database
administrator and clear allocation of roles and
responsibilities.
46 Web application errors justification for any critical
information
being exposed to external world.
Interest and Charges Verification

No.
47 Verification of charges on a random sample basis
Charges on cheque book issue
Cheque return charges
Account closure with in 12 months
Account closure after 12 months
Stop Payment charges
Inward / outward clearing reject charges
Charges for violating Minimum Balances for Metro
and Rural Branches
Cash Remittance Charges
DD cancellation charges
Duplicate statement charges
ABB Charges
Cash handling charges
Speed clearing Charges
48 Term Deposits - verification on a random sample
basis
Interest Application
Charges Application
49 Advances - verification on random sample basis
Monthy and Quarterly interest calculation on
advances
Appraising Charges for gold loans
Processing charges for housing loans, mortgage
loans, kisan sampatti loans etc.
Upfront fee for Term Loans
Upfront fee for Agriculture Term Loan
Administrative charges for consumer loans
50 Trade Finance - verification on random sample
basis
Interest on Inaland bills for various tenors
Export bills against undrawn balance
Interest on overdue bills etc
Collection charges for Local cheque collection,
Out station cheques collection
Collection of bills with or without LC for sight and
Usance
Commitment charges for Inland LC
Amendment charges for LC amount wise, period
wise
7. Andhra Bank IS Audit of Smart SCOPE
Card Project for Security & Control Audit of:
Government 1) Equipments used of capturing of Bio-metric details,
Benefit capturing of Personal data of customer and also the
Distribution process of linking them,
2) Equipments capable of reading & writing the data
to smart cards duly capturing the data on Samrat card &
validating with the central server data.
3) Mobile equipments for capturing the finger prints of
customers, data from smart cards, encapsulating them,
communicating with the central data (or) validating with
off-line data on smartcard, authenticating & recording the
transaction etc.
4) Mobile communication with data encryption/
decryptions as per standards etc.
5) Servers, access control, software’s controls
security t\etc. at the Data Centre of the service provides.
No.
6) Network, Network equipments, interface between

the mobile equipments and servers at the data centre of
the service provide.
7) Accounting, reconciliation, data verifications &
integrity checks.
8) Communication with the Bank’ DC and interface
etc., at the Bank DC.
Operational control Audit like.
1. Software controls & Interfaces Controls.
2. Reconciliation Process.
3. Data Synchronization, Integrity Check etc at DC of
the Bank/Service Provider
8. The Oriental Comprehensive Functional Test Audit
Insurance Co. Audit of CBS
Ltd. Application and A comprehensive functional test of applications to ensure
Data Migration that all the functionality implemented are functioning
Audit accurately as per the current business requirements of
OICL.
Interact and collect all necessary inputs, clarification and

confirmations regarding business requirements/processes
from respective user departments of OICL.
The bidder is expected to perform the following minimum

set of activities related to testing for all the modules,
applications, delivery channels, products, processes:
• Development of suitable testing methodology with

supporting processes and templates and develop test
data.
• Develop testing strategy document
• Development of test calendars
• Development of business test case scenarios with
related test cases, and test data to execute
• Conduct individual application testing for the core
insurance solution, modules, products, processes,
interfaces
• Daily, weekly status reporting.
• Train the OICL’s team in test script development and
testing methodology.
• Correctness of data being presented in the reports
• Point out gaps, errors, bugs.
• Explain the bugs, errors and gaps to OICL and System
Integrator.
• Provide Application Audit reports
• Submit all documents on methodology, strategy, test
cases, test documentation, customization requests,
solution etc. to OICL.
• Testing will have to be in conformity of Requirements of
OICL, OICL’s existing product and processes
Application Security and Governance
The Bidder is required validate whether the application is

functioning as per standard security and governance
procedures with following minimum activities :
• Authorization, authentication and access control review
• Review of privileges assigned to users/ user groups/
DBAs
• Control procedures on various database operations
• Vulnerability and Penetration Testing
• Application controls review – covering various inputs,
processing and output controls
Available across INLIAS application
• Controls for application usage – covering segregation of
responsibility
No.
• Controls for master data updation
• Availability of appropriate audit logs
• Batch processing procedures and controls
• Availability of required reports
• Availability of alerts etc. for relevant business cases
such as high value underwriting
Compliance Test
One round of defect correction testing after the

corrections or implementation of recommendations is
done by the system integrator (3i-Infotech).
The compliance test will be executed either on

implementation of corrections by system integrator or
after 90 days of submission of final report whichever is
earlier.
Automated Tool to be used
The auditor will use Quick Test Pro (QTP) for the purpose
of auditing the application
Data Migration Audit
Scope of work
The scope for data migration validation would cover the

following:
To tabulate from INLIAS the number and amount of

claims migrated to INLIAS (line of
business wise) for each office. This would include the
number and Outstanding amount for
each class of business, office-wise, available in INLIAS.
This figure ( number and amount)
would be required for each deptt. as under:
a. Fire
b. Engineering
c. Marine Cargo
d. Marine Hull
e. Motor
f. RID
g. Aviation
h. Workmen Compensation
i. Miscellaneous
To confirm from INLIAS the total number and amount of
unexpired policies migrated to
INLIAS (line of business wise) for each office. This would
be for each class of business,
Office-wise, available in INLIAS. This figure ( number and
amount) would be required for
each deptt. as under:
a. Fire
b. Engineering
c. Marine Cargo
d. Marine Hull
e. Motor
f. RID
g. Aviation
h. Workmen Compensation
i. Miscellaneous
To confirm from INLIAS that relevant Masters had been
migrated to INLIAS like :
a. Agent Master
b. Development Officer Master
c. Employee Master
d. Office Master, etc.
No.
Back
ANNEXURE- IV
Details of the Audit Tools

Freeware
S. No. Tool Name Description
1. Achilles A tool designed for testing the security of Web Applications.
2. Brutus A Windows GUI brute-force tool for FTP, Telnet, POP3, SMB,
HTTP, etc.
3. CrypTool A Cyptanlaysis Utility
4. cURL Curl is a tool for transferring files with URL syntax,
supporting FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET,
DICT, FILE and LDAP
5. Exploits Publicly available and home made exploit code for the
different vulnerabilities around
6. Fscan A command-line port scanner, supporting TCP and UDP
7. Elza A family of tools for arbitrary HTTP communication with
picky web sites for the purpose of penetration testing and
information gathering
8. Fragrouter Utility that allows to fragment packets in funny ways
9. HPing A command-line oriented TCP/IP packet assembler/analyzer.
It supports TCP, UDP, ICMP and RAW-IP protocols, has a
traceroute mode, the ability to send files between a covered
channel, and many other features.
10. ISNprober Check an IP address for load-balancing.
11. ICMPush A tool that sends ICMP packets fully customized from
command line
12. John The Ripper A password cracker
13. L0phtcrack NTLM/Lanman password auditing and recovery application
14. Tenable Nessus A free, powerful, up-to-date and easy to use remote security
scanner. This tool could be used when scanning a large
range of IP addresses, or to verify the results of manual
work.
15. Netcat The swiss army knife of network tools. A simple utility which
reads and writes data across network connections, using
TCP or UDP protocol
16. NMAP The best known port scanner around
17. p0f Passive OS Fingerprinting: A tool that listens on the network
and tries to identify the OS versions from the information in
the packets.
18. Pwdump Tools that grab the hashes out of the SAM database, to use
with a brute-forcer like L0phtcrack or John
19. SamSpade and Graphical tool that allows to perform different network
Dnsstuff queries: ping, nslookup, whois, IP block whois, dig,
traceroute, finger, SMTP VRFY, web browser keep-alive, DNS
zone transfer, SMTP relay check,etc.
S. No. Tool Name Description
20. ScanDNS Script that scans a range of IP addresses to find DNS names
21. Sing Send ICMP Nasty Garbage. A little tool that sends ICMP
packets fully customized from command line
22. SSLProxy, STunnel Tools that allow to run non SSL-aware tools/programs over
SSL
23. Strobe A command-line port scanner that also performs banner
grabbing
24. Telesweep Secure A commercial wardialer that also does fingerprinting and
brute-forcing
25. THC A freeware wardialer
26. TCPdump A packet sniffer
27. TCPtraceroute Traceroute over TCP
28. UCD-Snmp - (aka Various tools relating to the Simple Network Management
NET-Snmp) Protocol including snmpget, snmpwalk and snmpset.
29. Webinspect CGI scanning, web crawling, etc
30. Webreaper, wget Software that mirrors websites to your hard disk
31. Whisker The most famous CGI scanner. has updated the scanning
databases with checks for the latest vulnerabilities
32. Acuentix Free Web Web Vulnerability Scanner and Exploit Tool
Vulnerability Scanner
33. Auditor, Pentoo, Penetration Live Distort

BackTrack and
Phalak
34. NetTools V 5.0 Various bundle pack Network Hacking, Penetration, Tracing
and information gathering Tool
35. Rainbow Password Tool containing pre-hashed computed password list.
Cracker
36. Cain & Able Freeware, Multi-purpose hacking tool
Back
M/s AKS Information Technology Services Pvt Ltd
1. Name & location of the empanelled Information Security Auditing Organization:
AKS Information Technology Services Pvt. Ltd., E-52, Sector-3, Noida-201301 (UP)
• Network security audit (Y/N) : YES

• Web-application security audit (Y/N) : YES
• Wireless security audit (Y/N) : YES
• Compliance audits (ISO 27001, ISO 22301 etc.) (Y/N) : YES
• Telecom Security Audit (Y/N) : YES
• Industrial Control System Audit (Y/N) : YES
• Mobile app security testing (Y/N) : YES
• ERP Audit (Y/N) : YES
• Payment Gateway Audit (Y/N) : YES
• Compliance audit as per Government of India Guidelines
(IT Act, CVC, RBI, SBI etc.) (Y/N) : YES
Govt. : 794
PSU : 60
Private : 180

Network security audit : 85

Web-application security audit : 845
Wireless security audit : 20
Compliance audits (ISO 27001, PCI, etc.) : 06
ERP Audit : 05
Telecom Security Audit : 03
External Penetration Testing : 35
Industrial Control System Audit : 10
Compliance audit with Government Guidelines (IT Act, CVC, RBI, SBI etc.) : 25
CISSPs : 02
BS7799 / ISO27001 LAs : 06
CISAs : 02
DISAs / ISAs : 00
CEH/OSCP/CCNA/CASP/MBCI : 28
Total Nos. of Technical Personnel : 40
S. Name of Working with Experience in Qualifications

No. Employee AKS Since Information related to
Security (Years) Information security
1. Ashish Kumar Sep 2006 17 CISSP, CISA, MBCI,
Saxena ISO 27001 LA
2. Anil Malik Feb 2016 16 BS 7799 LA, ISO
27001 (Implementer –
Trained)
3. Anshul Saxena Nov 2014 4 MS (Information
Security), CASP
4 Rohit Srivastava June 2011 5.5 ISO 27001 LA, ISO
20000, BS 25999
5. Ravi Mohan May 2013 15 ISO 27001 LA, CEH
Chaubey
6. Neha Rani June 2012 4.5 ISO 27001, CEH
Srivastava
7. Areeb Naqi June 2013 3.5 CEH, OSCP, ISO 27001
LA
8. Anshul Jain June 2014 2.5 CEH
9. Nidhi Singh June 2014 2.5 CASP
10. Jatin Kumar June 2014 2.5 CEH
11. MK Prasad Nov 2014 2.7 CEH,CPISI
12. Ather Ali Aug 2015 1.5 CEH
13. Rahul Yadav Aug 2015 1.5 CASP
14. Rishabh Pandey Nov 2015 1 CEH
15. V. Balaji Dec 2015 2 CEH
16. Devesh Rawat Dec 2015 1 CEH
17. Surej Sekhar Jan 2016 1 CEH
18. Nikhit Kumar June 2016 1.5 CASP
19. Yogendra Singh May 2016 2.5 CASP
20. Ravi Ranjan April 2016 4 CEH
21 Sarthak April 2016 1 CEH
Chaudhary
22 Siddharth Shukla Jan 2015 2 CASP
23 Raghwendra Sep 2016 1 CASP
Kumar
24 Jakkamsetti Sep 2016 1 CASP
Madhuri
25 Arya Anindyaratna Sep 2016 1 CASP
Bal
26 Aniket Prasad Oct 2016 1 CEH & ISO 27001
27 Rashmi Rani April 2016 1 CASP
28 Anil K. Murkha Mar 2016 1 CEH
29 Samaksh Kaushik Oct 2016 1.5 CEH
30 Saurabh Koshti May 2016 1 CEH
31 Shivangi Feb 2016 1 CEH
Srivastava
32 Pragya Varshney June 2016 1 CASP
33 Pankaj Badera Nov 2016 1 CASP
34 Ruchika Berry June 2016 1 CASP
35 Vinod Prakash May 2016 1 ISO 27001
Chandra
36 Shiva Sunar June 2016 0.6 CEH
37 Onkar Babbar Sep 2013 1 CEH
38 Dilpreet Kohli July 2015 1 CASP
39 Shreya Goyal July 2016 0.5 CASP
40 Karan Tanwar July 2015 1 CASP
• Carried out Infrastructure, Process & Security Audit of one of the competition exam
conducted online. Total Number of Nodes were approx. 2,00,000. 31 different cities
with 276 locations. Project value was approx. 70 Lakh
• Carrying out Cyber Security Audit for one of the National Level Power Sector Project
including audit of SCADA system, Project value is approx. 40 Lakh
Freeware Tools
• Nmap, Superscan and Fport - Port Scanners

• Metasploit framework, Netcat, BeEF , Cain & able, Hydra, John the ripper - Penetration
Testing & Password cracking
• Process explorer, Sigcheck, Kproccheck - Windows Kernel & malware detection
• Netstumbler , Aircrack-ng suite & Kismet – WLAN Auditing
• OpenVas, W3af, Nikto - Vulnerability scanner
• Social Engineering ToolKit – Social Engineering testing
• Wireshark – Packet Analyser
Commercial Tools
• Nessus, Nexpose – Vulnerability Scanner

• Burp Suite, Acunetix - Web application auditing
• Passware: Password Cracking
• Mange Engine, Solarwind – Network Performance Testing
• Sawmill: Log Analysis
• Proprietary Tools
• ISA Log Analyzer
*Information as provided by AKS Information Technology Services Pvt. Ltd. on 25th Nov
2016
Back
M/s Aujas Networks Pvt Ltd
Aujas Networks Pvt Ltd

Locations: Bangalore (India), Mumbai (India), Delhi (India),
Dubai (UAE), New Jersey (US), Cupertino (US)
2. Carrying out Information Security Audits since : <2008>
3. Capability to audit, category wise (add more if required)
• Network security audit : (Y)

• Web-application security audit : (Y)
• Wireless security audit : (Y)
• Compliance audits (ISO 27001, PCI, etc.) : (Y)
Govt. : <4>
PSU : <0>
Private : <140>

Network security audit : <50>

Web-application security audit : <70>
Wireless security audit : <15>
Compliance audits (ISO 27001, PCI, etc.) : <10>
CISSPs : <9>
BS7799 / ISO27001 LAs : <45>
CISAs : <15>
DISAs / ISAs : <2>
Any other information security qualification: <number of>
CEH : 57
CISM : 2
CHFI : 2
CSSLP : 3
CCNA : 26
S. Name of Employee Duration with Experience in Qualifications related to

No. <organization> Information Information security
Security
1.56 10.23 OSCP, CEH
1 Sohail N
1.54 3.04 CEH,ACSE,OSCP, IBM
2
Appscan certified
Shaik D professional
1.56 6.08 CEH,ECSA,CISE

3 Dhruv S
3.21 6.01 CEH; ITIL v3, CHFI, IBM
4
Appscan Certified
Avinash S
Professional, SANS
GICSP, CCSA, CPISI
2.56 5.81 ISO 27001 LA, IBM
5
Appscan certified
Reinal S professional, CEH, IBM
Appscan certified
professional
8.07 9.82 SCJP, SCWCD, CSSLP,
6 Amit R
OSCP
1.12 6.45 RHCE, CEH, OSCP
7
Tom K
2.50 6.08 CEH

8
Prakash J
1.98 8.98 CISA

9
Amarpreet S
One of the largest banks in Middle East (We cannot declare the name of banks we have NDA
signed with them). Three Geographical Locations: India, SA, and London
Complexity: Project involved Network Security Architecture Review, Wireless Security Audit,
Internal Vulnerability Assessment and Penetration Testing, Social Engineering, Security
Configuration Review, Phishing Diagnostics, Physical Security Review, Application Penetration
Testing, Risk Assessment, Polices and Procedures Review
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):
Name Description
Open Source Tools
Nmap Port Scanner, Fingerprinting
Netcat Network Utility
SuperScan Port Scanner
Snmp Walk SNMP Scanner
User2SID Windows Service Identifier
Sid2User Windows Service Identifier
John the Ripper Unix and Windows Password Analyzer
Metasploit Exploit Framework
Backtrack Live CD Exploit Framework
Paros HTTP/S Interception Proxy
Burp Suite HTTP/S Interception Proxy
Brutus Brute force password utility
Cookie Editor Firefox Plug-in to Edit Cookies
Netstumbler Wireless Network Detector / Sniffer
Kismet 802.11 Wireless Network Detector / Sniffer
MySQL Administration Tool Administration tools for SQL Database
GoCR OCR Reader
Commercial Tools
Accunetix Web Vulnerability Scanner
Burp Suite Pro Web Vulnerability Scanner & Interceptor
Nessus Network Vulnerability Scanner
CheckMarx Source Code Review
Custom Tools
PHP Security Audit Script Web application configuration review tool
10. Outsourcing of Project to External Information Security Auditors / Experts: No

We don’t outsource information security audit to outside vendors. Aujas execute its entire
project undertaken.
*Information as provided by < Aujas Networks Private Limited> on <24-Nov-16>
Back
M/s Cyber Q Consulting Pvt Ltd.
CyberQ Consulting Pvt. Ltd.

#622, DLF Tower A, Jasola, New Delhi-110025
• Network security audit : Yes

• Web-application security audit : Yes
• Wireless security audit : Yes
• Compliance audits (ISO 27001, PCI, etc.) : Yes
• Information Security Policy preparation, review and assessment against
best security practices : Yes
• Process Security Testing : Yes
• Physical Access Controls & Security Testing : Yes
• Penetration Testing : Yes
• PKI Audit : Yes
• Industrial Control System Security Audit : Yes
4. Information Security Audits carried out in last 12 Months:
Govt. : 28+
PSU : 6+
Private : 8+

Compliance audits (ISO 27001, PCI, etc.): 10+
CISSPs : -
BS7799 / ISO27001 LAs : 2
CISAs : 3
DISAs / ISAs : -
Any other information security qualification: 7
Total Nos. of Technical Personnel : 15+ Information Security Experts having an experience
from 1 to 15+ years.
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (indicative list only)

No. CyberQ Information Information security
Security
1 Debopriyo Kar 15+ 16+ Years - CISA
- Technical Expert for JAS-
ANZ (Australia)
- IRCA Certified ISO
27001
- COBIT Foundation
Certified
2 Mathew Verghese 02+ 7+ Years - CISA
- ISO 27001 LA
3 Ram Chandak 06+ 6+ Years CISA
4 Abhishek Gaur 01 7+ Years CCNA
5 Abhishek Tyagi 05+ 8+ Years CEH
6 And many more
….
etc.) along with project value: CyberQ has executed a number of large projects:
- Geographical locations – India, South-east Asia, SAARC, Middle East, Africa and Europe
- Industry – Government, Telecom, BFI, IT, Power, BPO, Automotive
- Services provided – IT Security Audit, ISMS Consultancy /Audit, Application Security audit,
Performance audit, PKI audit, Industrial Control Systems security audit, etc.

- Nessus
- Sam Spade
- Solar Winds
- IP Scanner
- nmap
- Brutus
- Burp Proxy
- Web Scarab
- Echo Mirage
- Ethereal
- WebSphinx
- Winhex
- Tamper IE
- Proprietary Tools etc
10. Outsourcing of Project to External Information Security Auditors / Experts : NO

*Information as provided by CyberQ Consulting Pvt. Ltd. on Nov 24, 2016.
Back
M/s Control case India Pvt. Ltd.
1. Name & location of the empanelled Information Security Auditing Organization
ControlCase International Pvt. Ltd.

203, Town Center I, Andheri-Kurla Road, Andheri East
Mumbai - 400059
• Network Security Audit

• Web-application Security Audit
• Web Application Source Code Review
• Advanced Penetration Testing Training
• Wireless Security Audit
• Compliance Audits (ISO 27001, PCI DSS, PA DSS, HIPPA, EI3PA)
• Virtualization Security Assessment
• Mobile Application Security Audit
Govt. : 15
PSU : 03
Private : 500+
Network Security Audit : 100+

Web-application Security Audit : 100+
Web Application Source Code Review : 15
Advanced Penetration Testing Training : 10
Wireless Security Audit : 10
Compliance Audits (ISO 27001, PCI DSS, PA DSS, HIPPA, EI3PA) : 400+
Virtualization Security Assessment : 5
Mobile Application Security Audit : 20
CISSPs : 8
BS7799 / ISO27001 LAs : 15
CISAs : 10
CEH : 8
PCI QSA : 15
PA QSA : 4
ASV : 3
CISM : 1
CRISC : 1
CCNA : 3
ITIL : 3
PMP : 2
Total Nos. of Technical Personnel : 50 plus
S. No. Name of Duration Experience in Qualifications

Employee with Information related to
ControlCase Security Information
security
1. Satyashil Rane 5+ Years 10+ Years PCI QSA, PA QSA,
CISSP, CEH, ASV,
ISO 27001 LA
2. Pramod 3+ Years 10+ Years PCI QSA, PA QSA,
Deshmane CISA, CEH, ISO
27001 LI
3. Nitin Patil 2+ Years 4+ Years CEH
4. Abhishek Roy 2+ Years 4+ Years MS Cyber Law and
Info Sec
4. Rajesh Jayaswar 2+ Years 4+ Years MS Cyber Law and
Info Sec, CISA, CEH,
ISO 27001 LA, ISO
20000, BS 25999
5. Shashank Vaidya 2+ Years 3+ Years CEH
etc.) along with project value:
S.No Client Description of services ( Project Value

Relevant to Scope of Work in
this RFP, give reference number
only)
1. One of the largest Compliance as a Services – CAAS Rs. 40 lacs plus per year for 3
bank in Kuwait Which includes years
PCI certification,
Fire wall rule set review,
Configuration scanning of IT
Assets,
Application Security scanning,
Log Monitoring 24 x 7,
Internal vulnerability scan,
External vulnerability scan,
Internal and external penetration
testing,
Review and updating of policies,
Annual security awareness
trainings,
Risk assessment
2. One of the largest PCI DSS Certification Rs. 35 lacs plus in one year
bank in Vietnam Application Penetration Test
testing
3. One of the largest Application Security Review Rs. 12.5 lacs plus
bank in Brunei Code review
4. One of the largest Compliance as a Services – CAAS Rs. 10 lacs plus per year for
payment transaction Which includes two years
service provider in PCI certification,
Mauritius Fire wall rule set review,
Configuration scanning of IT
Assets,
Log Monitoring 24 x 7,
testing,
Review and updating of policies,
Annual security awareness
trainings,
Risk assessment
5. One of the Top BPOs, Compliance as a Services – CAAS Rs. 30 lacs plus per year-
with Global Which includes Three years contracts
operations- multiple PCI certification, ISO Certification
sites Configuration scanning of IT
Assets,
testing,
Commercial :
IBM Rational Appscan

Armorize Code Secure
Tenable Nessus
Beyond Trust Retina (Privously owned by eEye)
Burp Suite Professional
Nipper
Freeware / Open Source (Includes but not limited to below) :
Backtrack / Kali Linux Framework – Nmap, Netcat, cryptcat, Hping, Sqlmap, JTR, OpenVAS,
SET, MSF, Aircrack suite, Dirbuster, Cain
Rapid 7 NExpose
Fiddler
Charlse Proxy
Eco Mirage
Proprietary :
ControlCase GRC - ControlCase GRC is a consolidated framework that quickly and cost-
effectively enables IT governance, risk management and compliance (GRC) with one or
several government or industry regulations simultaneously. It allows IT organizations to
proactively address issues related to GRC and implement a foundation that is consistent and
repeatable.
ControlCase Compliance Manager (CCM) - Built upon the ControlCase GRC (CC-GRC)
platform and provides an integrated solution to managing all aspects related to compliance.
CCM allows organizations to implement the processes, integrate technologies and provide a
unified repository for all information related to Compliance.
Card Data Discover (CDD) - ControlCase Data Discovery (CDD) addresses key need of
Credit Card Data Discovery and is one of the first comprehensive scanners that not only
searches for credit and debit card data on file systems, but also in most commercial and open
source databases, and all this searching is done WITHOUT installing any agents on any
scanned system. It scans the whole enterprise from one location.
ControlCase Compliance Scanner - ControlCase Compliance Scanner allows QSAs/Auditors

and consultants to streamline and automate the process of evaluating PCI compliance during
onsite engagements. Results from leading vulnerability scanners and application scanners,
along with cardholder data search features are processed by the Compliance Scanner to pre-
populate approximately half the controls of PCI DSS.
JDBF – Jet database Fuzzer, used to automate exploitation of discovered injection
vulnerability in Jet Database to fuzz for databases, tables and associated columns.
NPTO – Network Penetration Testing Optimizer, focuses on elimination of the need to perform
various analysis steps such as live IP identification, active information gathering using port
scanners such as Nmap, optimizing security scanners such as Nessus / OpenVAS to perform
vulnerability identification based on obtained results and providing verified results.
*Information as provided by ControlCase International Pvt. Ltd. on 23/May/2013
Back
M/s Ernst & Young Pvt Ltd
Ernst & Young LLP, Chennai
2. Carrying out Information Security Audits since : January 2001
• Network security audit (Y/N)

• Web-application security audit (Y/N)
• Wireless security audit (Y/N)
• Compliance audits (ISO 27001, PCI, etc.) (Y/N)

Govt. : 11
PSU : 15
Private : 90

Web-application security audit : > 80

CISSPs : 9
BS7799 / ISO27001 LAs : 17
CISAs : 69
DISAs / ISAs : 2
S. Name of Duration with Experience in Qualifications related to

No Employee Ernst & Young Information Information security
LLP Security
1 Ponkumar 12.10 years 12.5 years CISM
Venkatesh
2 Rajesh kumar 6 years 13 years CISSP
D
3 Vishal jain 12.7 years 12 years CISSP

4 Mini Gupta 9.6 years 11years CISM, Lead Auditor Course
(BS25999)
5 Abhijit Kumar 6.5 years 14 Years CISA, Lead Auditor Course
(27001:2005)
6 Parab Ganesh 2 years 1.7 Years CHFI (EC-Council), CEH,
CIPP/IT
7 Rushit Choksey 10.6 years 8 Years CISM, CISA, CIPP/IT,
Diploma in Cyber Law,
ISMS Implementation
course (27001:2005)
8 Kartik Shinde 3.8 years 12 Years CISSP, CEH, GCFW, MCSE,
Certified BS7799
Implementer
9 Nikhil 3.4 years 7 Years CISA, CEH, ISO 27001
Wagholikar Lead Auditor, CHFI, CPISI,
CNSM
10 Vineet Shetty 2.10 years 2 Years CEH

11 Rahul Rishi 14.5 years 14 Years BS25999, CFE
12 Vibhor Jain 11.6 years 11 Years CISA, CISSP
13 Munish Arora 2 .7years 2 Years CDCP
14 Krunal 2.3 years 1.10 Years CDCP, CDCS, CCNA
Sidhpura
15 Jamaal Raazi 2.9 Years 2 Years CDCP
16 Navin Kaul 5.4 years 4.9 Years CISA, ISO 27001,
BS25999
17 Arindam 4.1 years 3.7 Years ITILv3
Mandal
18 Pritam Patnaik 2.10 years 2 Years ITILV3
19 Rahul 1 year 1 Year CEH
Choudhary
• ERP application audit (Application Security review - 500+ screens across various Roles )
• State Wide Area Network (SWAN) (Vulnerability Assessment - 500+node)
Freeware
1. Nmap -- Port scanner
2. Nessus -- Vulnerability scanner
3. Nikto -- Web server/application vulnerability scanner
4. Metasploit Framework – Exploit code development framework for penetration tests
5. Peach – Python based fuzzer framework
6. Libnet – High level API for construction & injection of network packets
7. WireShark – Network protocol analyzer
8. Ettercap - Terminal-based network sniffer / interceptor / logger for ethernet LANs
9. Somersoft -- Security configuration, registry entries and access control lists on systems
running the Windows operating system.
Commercial
1. App Detective -- Vulnerability assessment and review of security configuration of MySQL,

Oracle, Sybase, IBM DB2, MS SWQL Server, Lotus Notes/Domino, Oracle Application
Server, Web Applications.
2. Bv-Control Suite -- Security assessment -Microsoft Windows, Active Directory, Microsoft

Exchange, Microsoft SQL Server, UNIX (Sun Solaris, HP-UX, AIX, Red Hat and SUSe
Linux), Internet Security, Check Point Firewall I
3. HP WebInspect – Web application security assessment
4. IPLocks VA – Database configuration and vulnerability assessment

5. Immunity Canvas – Vulnerability exploitation framework for penetration tests
6. eTrust -- Online vulnerability management framework.
7. Bv-Control -- Security and segregation of duty review for SAP
Proprietary
1. iNTerrogator -- Review of security configuration of systems running the windows operating

system.
2. *nix scripts -- A collection of scripts to assess the security configuration including file level
ACLs on *nix systems (SCO OpenServer, Linux, HP-Ux, AIX, Solaris, *BSD).
3. Spider -- Web application security assessment
4. FakeOra -- Security assessment of 2-tier applications that use Oracle 8i (and above) as
the RDBMS).
5. S-SAT -- A traveling SAP Security tool.
6. Permit -- ERP risk assessment and control solution tool.
7. Assessor -- Configuration review of Oracle Financials system.
8. WebSmack – Web application inventory and vulnerability assessment
9. EY/Mercury – Web based technical work plan generator to perform security configuration
review of IT infrastructure
10. Outsourcing of Project to External Information Security Auditors /Experts : Yes/No

*Information as provided by Ernst & Young LLP on 12/11/13
Back
M/s NETMAGIC IT SERVICES PVT. LTD.
Netmagic IT Services Pvt. Ltd.

Lighthall 'C' Wing, Hiranandani Business Park,
Saki Vihar Road, Chandivali, Andheri (East)
Mumbai 400 072

Govt. : 0
PSU : 0
Private : 20
Total Nos. of Information Security Audits done: 20
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
Network security audit: 4

Web-application security audit: 13
Wireless security audit: 0
Compliance audits (ISO 27001, PCI, etc.): 3
CISSPs : <1>
BS7799 / ISO27001 LAs : 15
CISAs : NA
DISAs / ISAs : NA
Any other information security qualification : 10

No. Employee <organization> Information Security to Information
security
1. Srinivas Prasad 9 years 9 years CISC, CPH, CPFA, ISO
27001 LA, CPISI
2. Subramaniam 2 years 7 years CISSP, CCSP, CCNP
Mariappan
3. Homesh Joshi 5 Years 11 Years ISO 27001 LA
Netmagic’s one of the largest and complex project was to carry out Information Security
Assessment / Audit for one of India’s new age finance company which has recently acquired
banking license. The scope of entire activity includes:
 Vulnerability Assessment / Penetration Testing

 Configuration Audit of Network Devices
 Technical /Configuration Assessment of (Windows and Unix) Servers
 Policy and Process review & Audit
The project value was approximately 42+ Lacs and managed security services worth 1 Cr. INR.
Open Source
 Webscarab/Paros/Burp
 Grendle scan/Nikto/w3af
 KALI Linux
 Dir buster
 WebSecurify
Commercial
 Nessus
 Hacker Guardian
 Netgear Wi-Fi Scanner
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No

(If yes, kindly provide oversight arrangement (MoU, contract etc.)) No
*Information as provided by Netmagic IT Services Pvt. Ltd. on 24-11-2016.
Back
M/s Network Intelligence India Pvt. Ltd.
Network Intelligence India Pvt. Ltd.,

Mumbai
3. Capability to audits, category wise (add more if required)
• Network security audit: Yes

• Web-application security audit: Yes
• Wireless security audit: Yes
• Compliance audits (ISO 27001, PCI, etc.): Yes
• SCADA security audit: Yes
• Telecom security audit: Yes
Govt. : 25
PSU : 3
Private : 90

Wireless security audit: 20
CISSPs : 4
BS7799 / ISO27001 LAs : 10
CISAs : 3
DISAs / ISAs : None
Any other information security qualification: 10
S. No. Name of Duration with Experience Qualifications

Employee <organization> in related to
Information Information
Security Security
1 TAS 5 5 CEH
2 VT 5 5 CCNA, RHCE,
CPH, CPFA
3 WH 4 4 CPH
4 Omair 3 7 CEH, OSCP,
Juniper
Certified,
RHCE, VMware
Certified
5 SY 4 4 CWASP, CPH
6 DR 4 4 CWASP, CPH
7 ST 3 3 CPH, CPFA,
CWASP, OSWP
8 RD 1 6 CISSP
9 DM 3 5 CISSP, CISA
10 KKM 11 11 CISSP, CISA,
CISM, CRISC
11 DR 1 8 CISSP
12 JP 3 6
Powergrid Corporation of India Ltd.

More than 50 network devices, 1000+ end-points, 50+ servers, SCADA systems
Spread over 5 locations of the country
Project value: approximately INR: 15 lakhs
Proprietary: AuditPro, Firesec
Commercial: Netsparker, Burp Suite Pro, Nessus, GFI, Havij, Appscan, Acunetix,
Checkmarx, Veracode, Cenzic Hailstorm
Freeware: Nmap, Backtrack, Metasploit, Browser Add-ons, Fiddler, .NET Reflector,

Microsoft Threat Modeling Tool, Nikto, Wikto, FuzzDB, Cain & Able, BinScope, Numerous
Malware Analysis Tools, JTR, Crack, ADInfo, Hyena, Wireshark, Sysinternals Tools,
SNMPWalk, Hping, netcat, and many others too numerous to list all of them.

*Information as provided by Network Intelligence India Pvt. Ltd. on 14/09/2012
Back
M/s Net-Square Solutions Pvt. Ltd
Net-Square Solutions Pvt. Ltd, Ahmedabad
Network security audit : Y

Web-application security audit : Y
Wireless security audit : Y
Mobile application audit : Y
Application Code Reviews : Y
IT security design consulting : Y
Social Media Threat Evaluations : Y
Compliance audits (ISO 27001, PCI, etc.) : N
Govt. : 2
PSU : 1
Private : 20

Web-application and mobile application security audit : 17
Code reviews and secure coding training : 4
Social Engineering and security process audits : 2
6. Technical manpower deployed for information security audits : CISSPs : 1 CISAs : 1 Any other
information security qualification:
MCTS : 1
CCNA Security : 1
CEH : 3
Cyber Security Specialists : 2
Certified Forensics Professionals : 2
sector organizations (attach Annexure if required)
Sr Name Designation Duration with Experience in Technical

No. Net-Square Information Certifications
Solutions Security
1. Saumil Shah CEO 13+ years 17+ years Certified Information
Systems Security
Professional (CISSP)
2. Hiren Shah President 2.5 years 15+ years a. Certified Information
Security Auditor (CISA)
b. Certified in the
Governance of
Enterprise IT (CGEIT )
3. Aditya Modha Team Lead - 2.5 years 4 years Microsoft Certified
Consulting Technology Specialist
(MCTS) in .NET
Framework 2.0 Web
Applications
4. Rohan Braganza Security Analyst 1.5 years 2.5 years a. Certified Ethical
Hacker (CEH)
b. Cisco Certified
Network Associate
(CCNA)
c. Cisco Certified
Network
Associate(CCNA) –
Security
5. Yogesh Security Analyst 1 year 1 year a. Certified Professional
Deshpande Hacker (CPH )
b. Certified Information
Security Consultant
(CISC)
c. Certified Professional
Forensics Analyst (CPFA)
6. Shyam Kumar Security Analyst 6 months 1 year a. Certified Ethical
Hacker (CEH)
b. Certified Cyber
Security Expert
c. L1 Ethical Hacking
Expert
7. Girish Shrimali Security Analyst 6 months 2 years a. Certified Ethical
Hacking Expert
b. Certified Cyber
Security Expert
8. KEP Vasudeva Security Analyst 4 months 1.6 years a. Certified Cyber
Security Expert
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
- Annual Information Security project with client based out of multiple locations in India and USA.
Project having work scope of 24 man months which includes testing of web applications, client server
applications and network and security reviews of offshore sites. The total project value has been US $
200,000.
Sr. Name of Tool What will it be used for Commercial/freeware

No. / proprietary
1 BURP Suite Professional HTTP request interception and Commercial
(licensed to Net-Square) modification
2 BURP Extensions (custom Enhances burpsuite and makes it Proprietary
developed) easier to work with it.
3 VMware Workstation/Player Helps to install and run one or more Commercial
os(s) virtually.
4 Backtrack 5 R3 virtual Used to install backtrack os. Freeware
machine image
5 DirBuster Used to bruteforce the directories in a Freeware
webapp.
6 Tilde Scanner Find the files on windows IIS server Freeware
which
7 NMap Used to scan for the open ports and Freeware
services on a webserver.
8 W3af Web Application audit and attack Freeware
frameworkused for auditing and
exploitating web apps.
9 Metasploit framework The framework enables us to run the Freeware
exploits, create sessions and exploit
vulnerable apps.
10 Nikto A Webapplication vulneribility scanner Freeware
that can test all the posibile
vulnerabilities in a webapplication.
11 Nessus A Webapplication Commercial
vulnerablity/network scanner that can
be used in local machine to test the
web
10. Outsourcing of Project to External Information Security Auditors / Experts: No ( If yes, kindly
provide oversight arrangement (MoU, contract etc.))
*Information as provided by Net-Square Solutions Pvt. Ltd. on 22nd May 2013
Back
M/s Paladion Networks Pvt Ltd
Paladion Networks Pvt Ltd

Head Office
Shilpa Vidya 49, 1st Main,
3rd Phase, JP Nagar,
Bangalore-560078
2. Carrying out Information Security Audits since : <Year>: 2000

• Source Code Review : Yes
Govt. : more than 5

PSU : more than 5
Private : more than 50
Total Nos. of Information Security Audits done : more than 100
Network security audit : 1000+ IP addresses

Web-application security audit : 500+ applications
Wireless security audit : 20+ locations
CISSPs : 10+
BS7799 / ISO27001 LAs : 25+
CISAs : 10+
DISAs / ISAs : 5+
Any other information security qualification : 50+ CEH
Critical sector organizations (attach Annexure if required):
We have 700+ technical personnel who are into information security projects. Here
are a few of them-
S. Name of Duration Experience in Qualifications

No. Employee with Information related to
Paladion Security Information security
1. Balaji V 10+ yrs 10+ yrs CISSP
2. Sanjeev Verma 9+ yrs 9+ yrs CISSP
3. Prashant Kumar 9+ yrs 10+ yrs CISSP, Digital Evidence

Verma Analyst, Cyber Crime
Investigator, Qualys
Certified Specialist
4. Santosh Jadhav 5+ yrs 10+ yrs CEH, CISSP
5. Shahabuddin 6+ yrs 8+ yrs Certified Web Hacking

Siddiqui & Security,
Professional, ITIL v3,
Qualys Certified
Professional
6. Dawood Haddadi 6+ yrs 8+ yrs Certified Web Hacking
Security Professional,
ISO 27001 Lead
Auditor
7. Hardik kumar 5+ yrs 8+ yrs CISA (1297325),
Vashi ISO27001 LEAD
AUDITOR
(ISM01MO913-0103),
CCNA
(CSCO11433404), QSA
8. Hariharan Anantha 5+ yrs 8+ yrs ISO 27001, CEH, QSA
Krishnan
We execute 500+ projects each year globally. Here are a few of them-
S.No Customer Details Scope Project Value
1 Global Bank with Delivery a) Secure configuration review Rs. 5 crore+

Centre in India
b) Firewall rule base audit
c) Internal penetration test
d) External penetration test
e) Host discovery
f) Web application vulnerability scan
2 A large PSU in Western a) Secure configuration review Rs. 1 crore+

India
b) Source Code Review
c) Internal penetration test
d) External penetration test
e) Policy and Procedures
f) Web application penetration
3 A large Private Bank in India a) Security Testing Rs. 3 crore+
b) Security Monitoring
c) Threat Advisory
4 Large IT company in South 25 Web Application Per quarter, Rs. 1 crore+

India 30IPs Per Quarter-Network
Penetration Testing, 10 Applications
Per Year-Code Review, 10 Mobile
Application Testing
S. No Activities Security Audit tools
1 Network Penetration Testing KALI Linux, Nslookup, Dnsrecin, Dnsmap, Metagoofil,

fragroute, whisker, Nmap, Firewalk, SNMPc, Hping,
xprobe, Amap, Nessus, Nikto, L0phtcrack, John the
ripper, Brutus and Sqldict.
2 Wireless Penetration Testing AirSnort, WinDump, Ethereal, WEPCrack, NetStumbler,

Kismet, AirTraf, WaveStumbler, Aircrack-ng Suite &
Ettercap
3 Internal Vulnerability Scanning Qualys Guard & Nessus Professional
4 Application Security Assessment Burp Proxy and Scanner, Paros Proxy and Scanner,
Wireshark, Winhex, , CSRF Tester, Elixan, OpenSSL,
tHCSSLCheck, Firefox Extensions, NetSparker
5 Social Engineering KALI Linux, Paladion tools
6 ASV Scans Qualys professional
7 War Driving Netstumbler, Kismac, or Kismet
8 Source Code Review Checkmarx & Paladion Preparatory tool
9 Configuration Review RISKVU IST, Tenable Nessus

*Information as provided by Paladion Networks Pvt Ltd. on 10/09/2012
Back
M/s PricewaterhouseCoopers Pvt. Ltd
PricewaterhouseCoopers Pvt. Ltd.

Building 8, 7th Floor, Tower C, Dlf Cyber City,
Gurgaon, Haryana 122002
2. Carrying out Information Security Audits since: 1992

Govt. : 50+
PSU : 32+
Private : 50+
• Network security audit : 50+

• Web-application security audit : 300+
• Wireless security audit : 25+
• Compliance audits (ISO 27001, PCI, etc.) : 25+
CISSPs : 5+
BS7799 / ISO27001 LAs : 5+
CISAs : 5+
DISAs / ISAs : -
Any other information security qualification : CEH – 20+
S. No. Name of Employee Duration with Experience in Qualifications related to

PwC Information Security Information security
1. Rahul Aggarwal 11 Years 8 16 years CISSP, ISO 27001,
months BS25999
2. Manish Kumar 4 Years 2 6 Years CEH
Gupta Months
3. Pravesh Janartha 1 Years 10 5 Years CEH, ISO 27001, ISO
Months 31000
4. Saurabh 3 Years 4 3 Years CEH, ISO 27001
Srivastava Months
5. Atiq Anwar 1 Year 10 6 Years CEH, ISO 27001
Months
6. Nagesh Gautam 1 Year 10 5 Years CEH
Moths
7. Rajinder Singh 2 Years 6 6 Years CISSP, CEH, CISRA,
Months ISO 27001, CIPP, CCNA
8. Debayan Mitra 6 Years 10 8 Years CEH, ISO 27001
Months
9. Anil Keshava 4 Years 8 Years CISM, ISO 27001, ISO
Mallaya 22301
10. B. Ashish Kumar 2 Years 11 8 Years CEH, CISSP, CISA,
Months CISM, ISO 27001
Design and monitor the Information Security and Performance as part of the
Governance, Risk and Compliance (GRCP) initiative of the largest biometric service
provider
M/s. PricewaterhoouseCoopers Pvt. Ltd. has been engaged to facilitate creation of a robust,
comprehensive, secure environment for UIDAI ecosystem including setting up the GRCP
framework for the organization, carrying out compliance assessment of more than 250+
ecosystem partners based on ISO standards and organization’s information security policy,
conducting vulnerability assessment, penetration testing and application assessment for the entire
ecosystem based on OWASP guidelines.
Project Value: Approx. 2.5+ million USD
Implementation and Monitoring of GRC Framework for the IT consolidation Project for
a
Department under Ministry of Finance (GoI)
PwC has been engaged with the client to assist in design, implementation and monitoring of
framework aimed towards achieving secure virtualization of processes/ systems supporting
generation, processing and creation of sensitive tax-payer data. Broadly our scope includes:
• Review of Security governance framework covering three data centers and select other
locations
• Review of the security policy and procedures and assistance in ISMS implementation
• Performance measurement for all large vendors for SI, Data Centre, LAN, WAN and MPLS
services
• Periodic Security audit for critical site locations including Data Centers, Custom and Excise
Houses
• Application Audit and SDLC review for all the 5 business critical applications used by the
department
• Periodic Vulnerability Assessment and Penetration Testing (both Internal and External) of the
centralized IT Infrastructure.
• Periodic Configuration review of the supporting network devices at the Data Centres
• Periodic Security Assessments of the web applications
Project Value: Approx. 1+ million USD
15. list of Information Security Audit Tools used ( commercial/ freeware/proprietary):
S. No. Type of Tool Tools

1. Commercial 1. Webinspect
2. Nessus Professional Feed
3. Maltego
4. Accunetix
5. Burp Professional Suite
6. HPE Fortify
7. Others
2. Open Source 1. Nmap
2. Metasploit
3. Backtrack
4. Nessus Home Feed
5. Others
3. Proprietary 1. Phish Pro
2.PwC Windows Script
3. PwC Unix Script
4. PwC SQL/Oracle Script
5. PwC Server Script
6. Others
16. ourcing of Project to External Information Security Auditors / Experts: No

*Information as provided by PricewaterhouseCoopers Pvt. Ltd. on 17 January, 2017.
Back
M/s STQC Directorate
STQC Directorate,
6 CGO Complex and STQC IT Centers at Delhi, Kolkata, Mohali, Pune, Bangalore, Hyderabad,
Trivandrum, Chennai.

• Wireless security audit : No

Govt. : 57
PSU : 36
Private : 27
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
Wireless security audit : Nil

CISSPs : NIL
BS7799 / ISO27001 LAs : 17
CISAs : NIL
DISAs / ISAs : NIL
Any other information security qualification:
CEH : 10
Certified Professional for Secure software engineering : 6
7. Total Nos. of Technical Personnel : 27

No. <organization> Information Security Information security
Mr. Sanjeev Center Security, Appl.

1 Kumar 1993 Security 2
Secure software
development, ISMS
2 Mr. Manoj Saxena 1985 LA, Master Trainer 2
3
B.K. Mondal Jan-90 ISMS LA, CEH 13
4
Aloke Sain Nov-91 ISMS LA, CEH 11
5
Subhendu Das Jun-89 ISMS LA, CEH 13
6
Chittaranjan Das Nov-86 ISMS LA, CEH 5
Tapas
7
Bandyopadhyay May-91 ISMS LA, CEH 9
8 Malabika Ghose Jul-89 CEH 9
9 Manikanta Das Mar-84 ISMS LA, CEH 9

CEH, Master Trainer
10 Arpita Datta Jun-95 (ISEA Project) 9
11 Debasis Jana Sep-82 ISMS LA, CEH 13

CPSSE (Certified
Professional for
Secure Software
12 Sanjay K. Prusty Dec-95 Engineering) 9
13 Arup Datta Apr-98 CNSM 3
14 Subrata Giri Jan-13 CNSM 1
15 Himadri Roy Feb,1989 ISMS LA 5
16 E.Kamalakar Rao Oct-89 ISMS LA 7

S.P.Tharesh
17 Kumar Mar-00 CNSM 4
18 V P Yadav January, 1984 -- 4

ISMS -LA, STQC-
S.Velmourougan 1990
19 CISP, CEH
ISMS LA, Wireless
TV Subramanyam Feb-87 LAN Security, Secure 3
20 Software Engineering
MV ISMS LA, STQC CISP,
Sep-86 7
21 Padmanabhaiya STQC CIISA
ISMS LA, Master
Trainer (ISEA
Sushil Kumar Project), Secure
22 Nehra Jun-93 Software Engineering, 13
23 Kamini Malik May-86 ISMS LA 13

ISMS LA, ITSM LA,
24 A K Sharma Oct-89 ITIL Process Manager 13
25 Arvind Kumar Sep-86 ISMS LA 13

ISMS LA, ITSM LA,
Rakesh ITIL Process
Aug-87 13
Maheshwari Manager, Master
26 Trainer (ISEA Project)
App Sec Training,
Network Security, CC,
Dhawal Gupta May-08 5
ISEB Intermediate,
27 CNSM
along with project value. 28 number of Important Government website hosted at various
locations.
10. List of Information Security Audit Tools used ( commercial/ freeware/proprietary) :
Appscan, Nessus, SAINT exploit, Acunetix wvs, Metasploit,Paros, Burp, Webscraber,

Proprietary scripts, SSL Digger, whois, nmap etc
*Information as provided by STQC Directorate as on 07 January 2014
Back
M/s SUMERU SOFTWARE SOLUTIONS PVT LTD
SUMERU SOFTWARE SOLUTIONS PVT LTD Address

#20, 1ST FLOOR, 11TH MAIN
39 A CROSS, JAYANAGAR 4T BLOCK BANGALORE
KARNATAKA PIN - 560041
Telephone (with STD code) - 080-28432802
Fax:- 080-28432800

• Secure code review : Yes
• Mobile application security audit : Yes
• Security code training : Yes
• Application security training : Yes
• Hardening training : Yes
• Forensic security audit : Yes

Govt. : 42
PSU : 23
Private : 20
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 17
CISAs : 1
DISAs / ISAs : NIL

1. VASANTHANAG Jan 2016 4 Years – ISMS 2 ISMS LA, CWHH,
GB Years, 7 months – CCNA, MCP
IT
2. Jitendra Kumar Jan 2014 2+ years CEH
Sharma
3. Ajan Kancharla Dec 2015 2 Years, 5 months ISMS Lead
Implementer
CEH v7
HP ArcSight ESM 6.5
Administration
4. Ravikumara S D July 2014 4 Years, 8 months ISMS LA
QMS LA
5. ARUL P Feb 2015 1 Year, 1 month CEH ,EJPT
6. Abhinav Rajput Aug 2015 1 Year, I month(8 CCNA –(CISCO
months in HCL as Certified Network
Network Engineer) associate)
7 Vyankatesh Feb 2015 1 year Certified Ethical Hacker
Paskanti (CEH)
8 Sandeep V Feb 2015 EC Council- Certified
Ethical Hacker v8 –
2+ Years Cert No:
ECC25199916210
Udemy- Basics Of Web
Application Penetration
Testing –
UC-DJU4VFMX
eLearnSecurity Junior
Penetration Tester -
EJPT-200191
eLearnSecurity Web
application Penetration
Tester –
EWPT – 200
Offensive Security
Certified Professional
(OSCP)
9 Morsa Jagadeesh July 2014 1 Year, 8 months EC Council- certified
Babu Ethical Hacker v8
(CEHv8) - Cert
No: ECC56126713211,
eLearn security Junior
Penetration Tester
(eJPT) - Cert No: EJPT-
200245,
Udemy Basics of Web
Application Penetration
Testing - Cert No: UC-
WVFHUEM8
10 Sasikumar TM Oct 2014 1 Year, 6 months ISO 27001: 2013 LA,
OCJP(Oracle Certified
Java Programmer)
11 Siva T Oct 2015 3+ Years CEH
12 Sathish T Aug 2016 1 Year CEH
13 Ranjith R Aug 2016 1 Year CEH
14 Shivsankar B Mar 2015 1+ Year ISO 27001:2013 LA
15 Shashank Pramod July 2008 7 Years, 5 months OSCP, CISSP
Dixit
16 Krishna Kumar Aug 2008 7 years 8 months GREM, GMOB, GPEN,
Sengoda GWAPT, GWEB, eCPPT,
eWPT
17 Rajesh M Dec 2007 13+ (5 years of ISO 27001:2013 LA
information security
experience)
18 Sandeep Erat Jan 2003 13 +years CISA, ISO 27001:2013
LA
19 V.Rajagopal Jan 2010 7 Years ISO 27001:2013 LA &
ISO 9001 2008 LA
Large Global Presence Hotel- 95 hotels, both network and web applications, Across
the globe.
Project value : RS 120,00,000.00 (1.2 Crores)
Commercial – Burp Suit Professional, Nessus, Netsparker
Freeware –
Kali Linux Operation system

Mallory
Putty, Echomirage
HPing2
Dsniff
GFI Languard
Samspade
Superscan
Saint
Sara
Firewalk
Xprobe2
Toolsets
Hunt
Brutus
Fragroute
Shadow Security Scanner
Nmap
*Information as provided by < organization> on <date>
Back
M/s. Sysman Computers Private Limited
Sysman Computers Private Limited

312, Sundram, Rani Laxmi Chowk, Sion Circle, Mumbai 400022
Contact : Dr. Rakesh M Goyal, Managing Director
Phone – 99672-48000 / 99672-47000
Email – rakesh@sysman.in / �ससमैन@�ससमैन.भारत
3. Date of empanelment by CERT-In : Since 2005
• Network security audit (Y/N) - YES

• Web-application security audit (Y/N) - YES
• Mobile-application security audit (Y/N) - YES
• Wireless security audit (Y/N) - YES
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) - YES
• Main business application audit - YES
• Cyber Forensics - YES
• IT GRC Consulting - YES
• Techno-legal compliance/consulting - YES
• Audit of Certifying Authorities/e-sign/RA/ASP - YES
• Audit of UIDAI ASA / KSA - YES
Govt. : <number of> 21

PSU : <number of> 10
Private : <number of> 17 (over 210 branches)
Total Nos. of Information Security Audits done : 48 organisations

(Organization can add categories based on project handled by them)
Network security audit: <number of> 16

Web-application security audit: <number of> 45
Mobile-application security audit: <number of> 06
Wireless security audit: <number of> 04
Compliance audits (ISO 27001, PCI, RBI): <number of> 240
Cyber Forensics 21
IT GRC Consulting/Audit 06
Audit of Certifying Authorities/e-sign/RA/ASP 05
Audit of UIDAI ASA / KSA 03
CISSPs : <number of> 01

BS7799 / ISO27001 LAs : <number of> 05
CISAs : <number of> 04
DISAs / ISAs : <number of> 01
Any other information security qualification: <number of> 04

No. Sysman Information Security Information security
1 Dr. Rakesh M Feb 1985 26 years PhD, CISA, CISM,
Goyal CCNA, CFE, CCCI
2 Vaibhav Banjan May 2007 14 years CISA, DISA
3 Anand Tanksali April 2010 10 years CCNA, CCSA
4 Winod P Karve Sep 1999 18 years CISA, ISO27001 LA
5 Mohammad Khalid March 2011 7 years CCNA, ISO27001 LA
6 Pallavi Goyal April 2010 6 years ISO27001 LA,
CCNA,CEH
7 Ankur Goyal March 2012 8 years ISO27001 LA
8 Kiran Chugh June 2015 9 years CISA, CISSP,
ISO27001 LA
1. IT Infrastructure with 150 servers, 2500+ nodes, 120 switches, 30 routers

spread over 50 locations all over India alongwith matching DR site.
2. Application audit with 32 modules used by 6000 people
3. e-governance Web-application with 23 modules exposed to world
Mostly used - Nmap. Superscan, Nessus, Metasploit, SecurityForest,

kproccheck, sqlmap, MBSA, Belarc, w3af, GFI, Aircrack, Nikto, Kismet,
NetStumbler, WebSecurify, Burp Suite, Temper data, N-stalker, ZAP, Secure
Auditor, Web developer toolbar. (others depending upon requirement).
Finally Manual exploitation.
11. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No ( If yes,
kindly provide oversight arrangement (MoU, contract etc.)) –
No. No outsourcing of assignment. But engagement of external known

experts alongwith Sysman team is done, based on special skills required for
the assignment.
For this, we have (a) Confidentiality and Non Disclosure Agreement; (b)
adherence to IT Security and other Policies and (c) clear cut scope of work,
with clear knowledge of client.
*Information as provided by Sysman Computers Private Limited on 24 November 2016
Back
M/s SISA Information Security Pvt Ltd
SISA Information Security Pvt Ltd

SISA House, #3029, SISA House, 13th Main Road,
HAL 2nd Stage, Indiranagar, Bangalore - 560 008. India
• Network security audit (Y/N) Yes

• Web-application security audit (Y/N) Yes
• Wireless security audit (Y/N) Yes
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) Yes
• RBI PSS Audits Yes
• Forensic Investigation Yes
• Mobile Application security audit Yes
• Information Security Awareness and Trainings Yes
• Secure Code review Yes
Govt. : <0>
PSU : <2>
Private : <280+>
Total Nos.nof Information Security Audits done : 282
Network security audit : <75+>

Web-application security audit : <35+>
Wireless security audit : <2+ >
Compliance audits (ISO 27001, PCI, etc.) : <156+>
Forensic Audit : <8+>
Secure Code Review : <6+>
CISSPs : <3>
BS7799 / ISO27001 LAs : <7>
CISAs : <10>
DISAs / ISAs : <1>
Any other information security qualification : <26>
S. No. Name of Duration with Experience in Qualifications related to

Employee <SISA> Information Information security
Security
1 Renju Varghese October 2006 10 Years 1 CISA, CISSP, GCFA, PCI
Jolly month QSA, PA QSA
2 Vishnu Ganesh October 2014 4 Years M.Tech (Information
Kamat Security and Management)
3 Girish Karehalli February 2015 5 years 2 CISA, CRISC , PCI QSA,

Venkatappa months CEHv8, ISO 27001 LA
4 Lohith January 2015 3 Years 6 M.B.A IT, MSc ISS and
Narayana months Trained in: CEH, ECSA,
Sans IDS, Sans CF, Sans
IHHT, BSI 27001
No. of Computer Approx – 3600

Systems :
No. of servers : 600 – 620
No. of switches : 75 – 80
No. of routers : 280 – 300
No. of firewalls : 21
No. of IDS' : 18

Refer to Annexure 1

* Information as provided by SISA Information Security Pvt Ltd on 25/11/2016
Back
Annexure 1
List of Tools SISA presents the most commonly used commercial and open source tools in a
SISA Security Audit
Tool License Used

Nessus 6.3 Professional feed Commercial Vulnerability Assessment
Mobisec Open Source Mobil Application Pen Test
Burp Suite Professional Commercial Web Application Pen Test
Accuentix Commercial Web Application Pen Test
Retina Commercial Network Vulnerability Scan
NMAP Open Source Port Scanner
W3af Open Source Web Application Scanner
Wikto Open Source Web Application Scanner
Solarwind Open Source Network Pen Test
Back Track Tool Kit Network and Application Pen
Open Source
Test
Samurai Testing Tool Kit Commercial Web Application Pen Test
Encase Commercial Computer Forensics
Wireshark Open Source Network Sniffer
Netstumbler Open Source Wireless Scanning
Aircrack Open Source Wireless Pen Test
Airmagnet Open Source Wireless Pen Test
Paros Open Source Web Application Proxy
Nipper Open Source Network Configuration File
Qualys Guard Commercial Network and Application VA
SoapUI Commercial Web Services
Nikto Open Source Network Pen Test
Netcat Open Source Network Pen Test
Cain&Abel Open Source ARP Poisoning, DNS Poisoning
Nessus 6.3 Professional feed Commercial Vulnerability Assessment
Mobisec Open Source Mobil Application Pen Test
Burp Suite Professional Commercial Web Application Pen Test
Accuentix Commercial Web Application Pen Test
Retina Commercial Network Vulnerability Scan
NMAP Open Source Port Scanner
W3af Open Source Web Application Scanner
Wikto Open Source Web Application Scanner
Back
M/s Torrid Networks Pvt. Ltd
Torrid Networks Pvt. Ltd. , C-171, 2nd Floor, Sector 63, Noida, NCR
• Network security audit Yes

• Web-application security audit Yes
• Mobile application security audit Yes
• Wireless security audit Yes
• Compliance audits (ISO 27001, PCI, DOT Audit, etc.) Yes
• DoT Audit Yes
Govt. : More than 75

PSU : Around 5
Private : More than 100
Total Nos. of Information Security Audits done : Around 200

Mobile Application security Audit : 20+
DoT Audits : 2
BS7799 / ISO27001 LAs : 4

CISAs : 2
CEH : 10

Employee with Torrid Information related to
Networks Security Information
security
1 D.S October 2006 13 CISA, CEH, ISO
27001 LA, ECSA, LPT
2 S.K February 6 ISO 27001
2011
3 S.P July 2014 3 CEH
4 N.S February 2 Diploma in Cyber
2015 Security
5 P.A March 2016 2.5 PG Diploma in IT
Infrastructure,
Systems & Security
6 P.Y March 2016 1.5 CEH, CPFA, CPH,
CISC
No. of Computer Systems : 10000

No. of Servers : 500
No. of Switches : 250
No. of Routers : 25
No. of Firewalls : 18
No. of IDS' : 10
Metasploit, Burp Suite SQLMAP, Dnsenum, Knockpy, whatweb, Nikto, Subbrute, Recon-ng,
Owasp zap, Fiddler, Tamper data, Live http header, Appscan, Accunetix, Wapplyzer, Dirbuster,
wfuzz, Weevely, Nmap, Nessus, Hydra, fping, Wireshark, Tcpdump, testssl, sslscan, rpcclient,
Ethercap, enum4linux, snmpwalk, netcat, Nipper-ng, Microsoft Baseline Security Analyzer,
Intrust, Intrufi

* Information as provided by Torrid Networks Pvt. Ltd. on 25th November, 2016
Back
M/s ValueMentor Consulting
ValueMentor Consulting
"Chandanam”, Infopark Thrissur,
Koratty, Kerala, India – 680 308
Ph: +91 - 487 - 2970 700 / 974 5767 949

• Mobile Security Assessments : Yes
• PCI Consulting / Audit : Yes
• IT Act Consultancy : Yes
• HIPAA Compliance Audits : Yes
• IS Audits for Banks : Yes
• Digital Forensics : Yes
Govt. : 20
PSU : 2
Private : 117

Network security audit: At least 20

Web-application security audit: At least 50
Wireless security audit: At least 10
Compliance audits (ISO 27001, PCI, etc.): At least 5
CISSPs : 3
BS7799 / ISO27001 LAs : 1
CISAs : 4

No. Employee with Information related to
ValueMentor Security Information security
since
1 Binoy 2012 18 Years CISSP, CISA,
Koonammavu CRISC,CISM,PCI QSA
2 Jobbin Thomas 2012 17 Years CISSP, ISO 27001 LA,
CISA
3 Balakrishnan 2012 19 Years CISA, CISSP, CISM,
Alingal BS7799
4 Angela Maria 2012 16 Years CISA, ISO 27001 LA
Paulson
5 Renjith T C 2013 3 Years CEH
6 Jacob Jose 2014 2 Years CEH
7 Arun Babu 2014 2 Years CEH
8 Jithu T George 2016 2 Years ECSA, CEH
Client Project Scope Location Approx Project Value
A large business ISO27001, PCI DSS, UAE Above INR 1 Mn

group in UAE Penetration Testing,
IS Risk Assessments
# Category Tools
Acunetix
Nessus Professional Feed
1 Commercial Qualys Guard
Burp Professional Suite & Charles Proxy
Metasploit Pro
NMAP
KALI Linux Distribution and tools in it
Metasploit
OWASP ZAP / Paros / Fiddler / SSL Strip
SQLMap
Bowser Add-ons / extensions
Wireshark
WinHEX
NIKTO / Wikto / W3af
2 Freeware / Open Source
Tools from FoundStone
John The Ripper / Hydra
Social Engineering ToolKit
Aircrack-Ng
Android Emulator
Java De-compiler
APK Inspector
APK Analyzer
Cydia Tool set
Automating scripts
3 Proprietary ValueMentor Windows / Unix / Oracle / MS SQL /
MYSQL Scripts

*Information as provided by ValueMentor on 27-11-2016
BacK
M/s Wipro Limited
Wipro Infotech, 480-481,

Udyog Vihar, Phase-III,
Gurgaon, Haryana.

4. Information Security Audits carried out in last 12 Months : Govt. : Atleast 5 PSU : Atleast 5
Private : Atleast 10 Total Nos. of Information Security Audits done : Atleast 30
Network security audit: Atleast 10 Web-application security audit: Atleast 10 Wireless security
audit: 0 Compliance audits (ISO 27001, PCI, etc.): Atleast 15
6. Technical manpower deployed for information security audits : CISSPs : Atleast 10 BS7799 /
ISO27001 LAs : Atleast 15 CISAs : Atleast 20 DISAs / ISAs : 0 Any other information security
qualification: CEH: Atleast 15 Total Nos. of Technical Personnel : Atleast 20
Details attached in Annexure 1
etc.) along with project value
S. No. Name of the Project Scope Location Approx Project

Client value
1 One of the PCI, Security audits, INR 16 Mn
largest BPO Application security, SOX, 1. Gurgaon
ISAE 3402, ITGC audits. 2. Hyderabad
Volume: More than 140
audits
Commercial Tools:
a. Nessus—Vulnerability Scanner
b. Acunetix--- Web Application Auditing
Freeware Netcat Nexpose SuperScan John the Metasploit
Tools: Nmap Ripper
Backtrack Burp Suite w3af Brutus Aircrack-ng Netstumbler
Live CD
Kismet Foundstone SSlscan Sqlmap Hydra Social
Tools Engineering
toolkit
Wireshark Cain and Fiddler Sysinternals Firefox chrome
Able addons addons
Proprietary Tools/Scripts

(If yes, kindly provide oversight arrangement (MoU, Contract etc))
* Information as provided by Wipro on 24-05-2013
Back
M/s Centre for Development of Advance Computing (C-DAC)
Centre for Development of Advanced Computing (C-DAC)

(A Scientific Society of Department of Electronics and Information Technology,
Government of India)
Plot No. 6 & 7, Hardware Park,
Sy No. 1/1, Srisailam Highway,
Pahadi Shareef Via Keshavagiri (Post)
Hyderabad - 500005
Contact Person: Mr Ch.A.S.Murty
Email: cswan [at]cdac[dot]in
Contact Number:- 040-23737124, 9248920122
Fax:- 040-23738131

• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : ISO 27001,
Cloud, PCI, AADHAR UIDAI (KSA/KUA/ASA/AUA), e-Sign ASP,OWASP etc.,

Govt. 2 – completed , 1 – ISMS in progress
PSU : -
Private : -
Network security audit : 8 number of audits to government organizations

Web-application security audit : 78 number of web audits to government and private
organizations
Mobile applications - 5 mobile apps certified ( 10 audits in progress)
Wireless security audit : 3 number of organizations had wireless in network
audit scope
Compliance audits (ISO 27001, PCI, etc.): All 78 web audits are compliance audits as
follows:
• 56 - OWASP
• 20 - CCA Compliance ASP e-Sign Audits
• 2 - AADHAR UIDAI compliance
• 1 - ISO 27001 - in progress

CISSPs : 2
BS7799 / ISO27001 LAs : 1
CISAs : Nil
DISAs / ISAs : Nil
• SANS Certified – 16
• Cert-CC – 3
• CEH – 17
• ECSA – 4
Total Nos. of Technical Personnel – 36
Critical sector organizations (attach Annexure if required) Refer Annexure – A
etc.) along with project value. : 16 major projects handled which include government
network infrastructure audits and various websites".
Freeware Commercial Inhouse
1. Nmap 17. Httprint 1. Acunetix - WebSAFE

2. Nikto 18. Curl 2. Burpsuite
3. Netcat 19. Tcpdump Professional
4. W3af 20. Fimap 3. Nessus
5. Wapiti 21. SwfScan 4. Netsparker
6. Sqlmap 22. Hydra 5. Nexpose
7. Zapproxy 23. John the Ripper 6. IBM
8. Skipfish 24. Ssltest AppScan
9. Wget 25. Sslstrip
10. Cmsexplorer 26. Cain and Abel
11. Joomscan 27. Brutus
12. Backtrack , Kali 28. Airmon -ng
13. Openssl 29. Hping
14. Dirbuster 30. Scapy
15. Wireshark 31. Loki
16. Parosproxy 32. wsfuzzer

*Information as provided by C-DAC on 24.11.2016
Back
Annexure – A
7. List of technical manpower deployed for information security audits in Government and
S. Name of Duration Experience Qualifications related to Information

No. Employee with C-DAC in security
since Information
Security
1 Murthy.Ch.A.S May, 1999 11+ • ISMS LA
• SANS - GAWN
• SANS - GXPN
• CERT-CC Certified Incident Handling,
Forensics Analysis and Network Security
in CMU, USA
2 Eswari PRL Feb 2000 11+ • CERT-CC Certified Incident Handling,
Forensics Analysis and Network Security
in CMU, USA
• GREM
3 Indraveni.K July 2005 10+ • SANS GWAPT
• SANS Advanced Web Application
Penetration Testing and ethical hacking
4 Himanshu.P Sept 2006 07+ • SANS GREM
5 Ravi Kishore Mar-2008 7 • GIAC Web Application Penetration Tester
Koppuravuri (GWAPT) from SANS
6 Tatikayala Sai Feb 2007 8.6 • GIAC Security Essentials (GSEC)

Gopal
7 C Sireesha Feb-2007 8 • GIAC Certified Web Application Defender
(GWEB)
8 Jyostna G Mar 2006 9 • GMOB
9 Mahesh Patil Aug-04 8 • GREM, ECSA, CEH7
10 Sandeep Sep-2007 8 • CISSP

Romana
11 Naushed Tyeb Oct 2008 05+ • CCNA
• ECSA
12 Nandeeshwar Oct 2008 05+ • CEH , EC-Council
B • ECSA
13 Titto Thomas Sept 2015 0.6 • CEH , EC-Council
• ECSA
14 Mallesh May, 1999 2 • EC Council Security Analyst
15 Atiya Fatima Feb 2000 1.5 • EC Council Security Analyst
• CEH, EC-Council
16 Vamsi Krishna Mar-2008 1.5 • EC Council Security Analyst
17 Raghuvaran Feb 2007 1.5 • EC Council Security Analyst
18 I L N Rao Feb-2015 1.5 • EC Council Security Analyst
19 Rahul Kumar Aug 2011 5 • EC Council Security Analyst
20 Sandeep Jan 2014 3 • EC Council Security Analyst
Chaparla
Back
M/s Xiarch Solutions Pvt Ltd
Xiarch Solutions Pvt. Ltd

352, 2nd floor, Tarun, Opp Kali Mata Mandir, Outer Ring Road,
Pitampura, New Delhi 110034
Ph: 011 -4551 0033, 9810874431
Fax 011 -6617 3033

• Cyber Forensics investigations : Yes
Govt. : 2+
PSU : 1+
Private : 7+


Cyber forensics Investigations : 4+
PCI Consulting : 1+
CISSPs : 2
BS7799 / ISO27001 Las : 1
CISAs : 1
DISAs / ISAs : 0
7. Updated details of technical manpower deployed for information security audits in Government
and Critical sector organizations (attach Annexure if required)
S. No. Name of Duration with Experience in Qualifications related

Employee Xiarch Information to Information
Solutions Pvt. Security security
Ltd
1. Utsav Mittal 6 years 9+ years CISSP, CEH, MS Infosec
Purdue Univ, USA
2. Ashish Chandra 1 Years 1+ year CISE, BSC (IT) , GNIIT,
MCA (pursuing)
3. Vidushi 1.5 years 1.5+ years BTech, CISE
4. Kritika 2 years 1+ years Btech, CISE
5. Alekh Mittal 2 years 2+ years Btech, CISE
• Vulnerability Management for the Largest KPO firm in the world, scope included VA, PT of
over 500 servers, 5000 desktops and over 200 network devices, 10+ web application.
Location encompassed US, Australia, India and UK
• Managing complete IS and compliance service for one of the first and largest NBFC in
india, work included PCI audit, CMMI, ISO 27001, Vulnerability assessment, web app
security, network and wifi security, log management, SIEM and DLP implementation
• Nmap , Superscan
• Backtrack kali linux Live CD,
• Encase, FTK, Pro discover etc.
• Custom Scripts and tools.
• Metasploit Framework, Netcat , BeEf
• Wireshark – Packet Analyser
• Cisco Netwitness.
• Tenable Nessus
• Rapid7 Nexpose community edition
• Burpsuite
• SQL Map
• Tamper Data
• Directory Buster
• Nikto
• Ettercap
• Paros Proxy
• Webscarab
• Brutus

11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
12. Whether organization is a subsidiary of any foreign based organization?

If yes, give details : No
13. Locations of Overseas Headquarters/Offices, if any : No
*Information as provided by Xiarch Solutions Pvt. Ltd on 23/6/2014
Back
M/s RSM Astute Consulting Pvt. Ltd.

RSM Astute Consulting Pvt. Ltd.

Network security audit (Y/N) : Yes
Web-application security audit (Y/N) : Yes
Wireless security audit (Y/N) : Yes
Compliance audits (ISO 27001, PCI, SOX, etc.) (Y/N) : Yes
IT General Controls : Yes
Vulnerability assessment & Penetration test : Yes
IT infrastructure audit : Yes
Application Pre & Post Implementation Reviews : Yes
Govt. : 0
PSU : 0
Private : 29
Network security audit 0

Web-application security audit 1
Wireless security audit 0
Compliance audits (ISO 27001, PCI, etc.) 5
IT General Controls 13
Vulnerability Assessment & Penetration Testing 2
IT Infrastructure Audit 2
Review of Applications Implementation (Both Pre & Post Implementation) 6
CISSPs : 1
BS7799 / ISO27001 LA : 2
CISAs : 3
DISAs / ISAs : 1
CEH : 3
CCNA : 1
S. Designation Duration Experience Qualifications related to

No. with RSM in Information security
Astute Information
Consulting Security
Master – IT, CISA, CISP, CISSP,
CIISA, SAP-Net Weaver Security
1 Director < 1 year 15 years
Certification, IS0 22301 Lead
Implementor, ESCA
2 Director < 1 year 9 years CISA
3 General Manager < 1 year 5 years CISA
Asst. General ACL Governance, Risk &
4 < 1 year 9 years
Manager Compliance certificate
Masters-Computer Management,
5 Sr. Manager < 1 year 12 years
ITIL
6 Sr. Manager 15 years 15 years CEH, CCNA, MCSE, Diploma-IT
BCA, CISA, ISO 27001-2013,
7 Sr. Manager < 1 year 22 years
ISO 9001:2015, COBIT5:2012
8 Consultant 1 year 12 years PGBDM-IT, ISO 27001
9 Asst. Manager 6.5 years 12 years MBA - IT
10 Asst. Manager 2 years < 1 year CISA
CEH, ME (IT), BE (CS), RHCSA-
11 Officer < 1 year < 1 year
Linux RHEL 7
 Review of Management Systems & Processes (Information Technology & Risk Management)
for Investment Function for one of the largest Indian Private Sector General Insurance
Company. The assignment scope of work covered the following:
• Application Review
• Security Policy & Implementation
• Risk Management
• Capacity Management
• Disaster Recovery, Back-up and Contingency Planning
• Internal Vulnerability Assessment etc.
 The assignment was performed at Mumbai with a team comprising of Information

Technology Technical Experts team and Insurance Domain Functional Expert team from our
BFSI Group.
• Nessus Professional Burp Suite

• Acunetix
• Nmap
• Wireshark Backtrack
• Metasploit OpenSSL Winaudit NetCat
• Nipper
• Appscan
• SQLmap
• OWASPZAP
• Fortify Static Code Analyzer.
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No NA
*Information as provided by RSM Astute Consulting Pvt Ltd. on 30th November 2016.
Back
M/s Qadit Systems & Solutions Pvt Ltd

Qadit Systems & Solutions Pvt Ltd, Chennai

Govt. : 1
PSU : 21
Private : 86

Mobile-application security audit: 2
Full IT Audit: 36
Migration Audit: 1
Security Consulting: 7
CISSPs : 2
BS7799 / ISO27001 LAs : 3
CISAs : 6
DISAs / ISAs : 9
Any other information security qualification : -

No. Qadit Systems Information Security Information security
1 V. Vijayakumar 15 years 15 years CISA, ISMS LA, ISA,
CEH
2 Mahesh Balan 15 years 15 years CISA, ISMS LA, ISA,
CEH
3 Thangam Prakash 12 years 12 years CISA, CISSP
4 N. Swameshwar 12 years 12 years CISSP, ISA, CEH
5 Sanjay Kadel 12 years 12 years CISA, ISA
6 R. Narayanan 12 years 12 years CISA, CIA
7 R. Ramesh 12 years 12 years CISA, CISM, LA, CPISI
8 B Lokaraj 6 mths 8 years CISA
9 G. Guru 3 years 5 years CISA
Santhanam
Client : A project for Government of Tamilnadu
Scope: Information System Security Audit, Developing Security Policy & Procedures,
Application Software Audit
Coverage: all municipalities across Tamilnadu
Project Value: Rs. 27 lakhs
Proprietary
NsVulnAssessor
Ora DBSecAssessor
MSSQL DBSecAssessor
Router Config security assessor scripts
Commercial
Tenable Nessus Professional Edition
Open Source / Freeware
Achilles Hydra Owasp Mantra

Aircrack-Ng IronWASP Paros Proxy
BackTrack/ KaliLinux John the Pwdump
Ripper
Brutus Lynis Snort
Cain and Able Maltego w3af
DOMTools Metasploit Webinspect
Community
Edition
Dsniff NetCat WebScarab
Firewalk Netstumbler Whisker
Hping Nikto Wikto
HTTPrint Nmap Wireshark
HTTrack OpenVAS

*Information as provided by Qadit Systems & Solutions Pvt Ltd on 29th Nov 2016
Back
M/s Varutra Consulting Private Limited
Varutra Consulting Private Limited

Corporate Office:
A-302 & A-303, Oxy Primo,Gate No. 599, Bakori Phata,
Wagholi, Pune-412207, MH, India.
3. Date of empanelment by CERT-In:

Network security audit (Y/N) - Yes
Web-application security audit (Y/N) - Yes
Wireless security audit (Y/N) - Yes
Compliance audits (ISO 27001, PCI, etc.) (Y/N) - Yes

Govt. : <3>
PSU : <>
Private : <22>
6. Number of audits in last 12 months, category-wise (Organization can add categories based on

Source Code Review : <5>
Managed Security Services : <1>
Cloud Security Assessment : <4>
Mobile Application Security (iOS, Android, Windows) : <5>
Software Product Security Testing : <1>
7. Technical manpower deployed for information security audits:

CISSPs : <1> - Appeared
BS7799 / ISO27001 LAs : <2>
CISAs : <number of>
DISAs / ISAs : <number of>
Any other information security qualification: <7 – Certified Ethical Hackers from EC
Council, 1CHFI, 1 CISP, 1 ECSA from EC-Council>
Duration Experience in
S. Name of Qualifications related to
with Information
No. Employee Information security
<Varutra> Security
Masters in Computer
Mr. Kishor 2 years 8 Science, Certified Ethical
1 10+ years
Sonawane months Hacker, ISO 27001 – Lead
Auditor
Bachelor in Computer
Science, CEH, CHFI,CCSA,
2 Mr. Omkar Joshi 2 months 2 years
CISP and ISO 27001 Lead
Auditor
Mr. Jeevan 1 year 10 BE (Computer Science),
3 2 years
Dahake month CSLLP- Appeared
BE (Computer
1 year 10
4 Mr. Snehal Raut 1 year 10 months Science),Certified Ethical
month
Hacker
BE (Computer
1 year 6
5 Mr. Sachin Wagh 2 years Science),Certified Ethical
months
Hacker
BE (Computer
Mr. Chetan
6 2 years 2 years Science),Certified Ethical
Gulhane
Hacker
Network and Applications (Mobile + Web) Security Assessment consisting of more than 1,200
IP addresses for network level vulnerability assessment and penetration testing, 20 web and
mobile applications for MCIT (Ministry of Communications and Information Technology,
Kingdom of Saudi Arabia).
Complexity: High. This was the complex project as the assessment included security testing
and hacking of various types and platforms of servers such as Windows, Linux, Unix, MSSQL
Databases, MySQL Databases, Oracle Databases, DB2 Databases, VOIP, Network Sniffing,
Wireless Network Pentest, VLAN Hopping and Hacking , Application Security Testing for Web
Applications and Mobile Application of Android, iOS and Windows platforms, Web Services ,
Social Engineering etc.
At present conducting source code review, threat modeling, SDLC review for 10 web and
mobile applications for the same client.

Commercial Tools
Vulnerability Assessment & Penetration Testing – Rapid 7 Nexpose, Nessus,
QualysGuard, GFI Languard, etc.
Application Security Assessment – IBM Appscan, HP WebInspect, Burpsuite, Acunetix

WVS, NTOSpider, etc.
Freeware Tools
Vulnerability Assessment & Penetration Testing – Nessus, Nmap, OpenVAS, MBSA,
Nipper, KaliLinux, BackTrack, AirCrack, Helix (Forensics) etc.
Application Security Assessment – W3af, Nikto, BurpSuite, FireBug, SQLMap, N-

Stalker, WebScarab, Powerfuzzer, etc.
Proprietary Tools
MVD - Mobile Vulnerability Database, provides mobile operating system level
vulnerabilities for Android, iOS, Blackberry and Windows platforms.
MASTS - Mobile Application Security Testing Suite: Security Testing Suite for android
mobile applications.
11. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No (If yes,
kindly provide oversight arrangement (MoU, contract etc.))
Yes, NDA (Non Disclosure Agreement getting signed between the two parties before
outsourcing any project to external experts.
13. Whether organization is a subsidiary of any foreign-based organization?

rd
*Information as provided by Varutra Consulting Private Limited on on 3 Nov 2015
BacK
M/s Varutra Consulting Private Limited
Varutra Consulting Private Limited

Corporate Office:
A-302 & A-303, Oxy Primo,Gate No. 599, Bakori Phata,
Wagholi, Pune-412207, MH, India.
3. Date of empanelment by CERT-In:

Network security audit (Y/N) - Yes
Web-application security audit (Y/N) - Yes
Wireless security audit (Y/N) - Yes
Compliance audits (ISO 27001, PCI, etc.) (Y/N) - Yes

Govt. : <3>
PSU : <>
Private : <22>

Source Code Review : <5>
Managed Security Services : <1>
Cloud Security Assessment : <4>
Mobile Application Security (iOS, Android, Windows) : <5>
Software Product Security Testing : <1>

CISSPs : <1> - Appeared
BS7799 / ISO27001 LAs : <2>
CISAs : <number of>
Any other information security qualification: <7 – Certified Ethical Hackers from EC
Council, 1CHFI, 1 CISP, 1 ECSA from EC-Council>
Duration Experience in
S. Name of Qualifications related to
with Information
No. Employee Information security
<Varutra> Security
Masters in Computer
Mr. Kishor 2 years 8 Science, Certified Ethical
1 10+ years
Sonawane months Hacker, ISO 27001 – Lead
Auditor
Bachelor in Computer
Science, CEH, CHFI,CCSA,
2 Mr. Omkar Joshi 2 months 2 years
CISP and ISO 27001 Lead
Auditor
Mr. Jeevan 1 year 10 BE (Computer Science),
3 2 years
Dahake month CSLLP- Appeared
BE (Computer
1 year 10
4 Mr. Snehal Raut 1 year 10 months Science),Certified Ethical
month
Hacker
BE (Computer
1 year 6
5 Mr. Sachin Wagh 2 years Science),Certified Ethical
months
Hacker
BE (Computer
Mr. Chetan
6 2 years 2 years Science),Certified Ethical
Gulhane
Hacker
Network and Applications (Mobile + Web) Security Assessment consisting of more than 1,200
IP addresses for network level vulnerability assessment and penetration testing, 20 web and
mobile applications for MCIT (Ministry of Communications and Information Technology,
Kingdom of Saudi Arabia).
Complexity: High. This was the complex project as the assessment included security testing
and hacking of various types and platforms of servers such as Windows, Linux, Unix, MSSQL
Databases, MySQL Databases, Oracle Databases, DB2 Databases, VOIP, Network Sniffing,
Wireless Network Pentest, VLAN Hopping and Hacking , Application Security Testing for Web
Applications and Mobile Application of Android, iOS and Windows platforms, Web Services ,
Social Engineering etc.
At present conducting source code review, threat modeling, SDLC review for 10 web and
mobile applications for the same client.

Commercial Tools
Vulnerability Assessment & Penetration Testing – Rapid 7 Nexpose, Nessus,
QualysGuard, GFI Languard, etc.
Application Security Assessment – IBM Appscan, HP WebInspect, Burpsuite, Acunetix

WVS, NTOSpider, etc.
Freeware Tools
Vulnerability Assessment & Penetration Testing – Nessus, Nmap, OpenVAS, MBSA,
Nipper, KaliLinux, BackTrack, AirCrack, Helix (Forensics) etc.
Application Security Assessment – W3af, Nikto, BurpSuite, FireBug, SQLMap, N-

Stalker, WebScarab, Powerfuzzer, etc.
Proprietary Tools
MVD - Mobile Vulnerability Database, provides mobile operating system level
vulnerabilities for Android, iOS, Blackberry and Windows platforms.
MASTS - Mobile Application Security Testing Suite: Security Testing Suite for android
mobile applications.
11. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No (If yes,
kindly provide oversight arrangement (MoU, contract etc.))
Yes, NDA (Non Disclosure Agreement getting signed between the two parties before
outsourcing any project to external experts.
13. Whether organization is a subsidiary of any foreign-based organization?

rd
*Information as provided by Varutra Consulting Private Limited on on 3 Nov 2015
BacK
M/s Cyber Security Works Pvt. Ltd.
Cyber Security Works Pvt. Ltd

No.3, III – Floor, E- Block, 599, Anna Salai
Chennai – 600 006.
• Network Vulnerability Assessment / Audit : Yes

• Web-application security Assessment / Audit (Y/N) : Yes
• SDLC Review and Code Security Review : Yes
• Application Penetration Testing : Yes
• Network Penetration Testing : Yes
• Information Security policy review, development and assessment : Yes
• Mobile application security audit : Yes
Govt. : 43
PSU : 0
Private : 151
5. Number of audits in last 12 months, category-wise

Mobile application security audit : 1
CISSPs : 1
BS7799 / ISO27001 LAs : 4
CISAs : 1
DISAs / ISAs : 0
S. Name of Employee Duration Experience in Qualifications related to

No. with CSW Information Security Information security
7.6 years CISA, CISSP, ISO Lead
1. Sridhar Krishnamurthi 17.6 years Auditor
2. Ravi Pandey 5.3 years 6.4 years B. Tech, ISO Lead Auditor
3. Ramesh Gunnam 4.5 years 4.5 years ISO Lead Auditor
4. Arjun Basnet 2.10 Years 2.10 years BCA, CEH
5. Sathish Kumar 2.9 Years 2.9 Years B.E, CEH
2.5 Years B. Tech, CCNA, CCNA
6. Vengatesh Nagarajan 2.5 Years Security
7. Raghunadha Reddy Poli 1.7 Years 1.7 Years MCA, CEH
8. Satya Suvarna Bonthala 1.3 Years 1.3 Years MCA
9. Maheswari Dereddy 1.3 Years 1.3 Years MCA
Vulnerability assessment and Penetration testing of network infrastructure and web

applications for a large Financial Services Company with offices across 68 Locations in India.
(We cannot declare the name of organization as we have NDA singed with them)
Complexity: Project involved of Network Security Review, Internal and External Vulnerability
Assessment and Penetration Testing, Security Configuration Review, Physical Security Review,
Application Penetration Testing, Risk Assessment, Polices and Procedures Review.
Commercial Tools
Acunetix
Nessus
Nexpose
Burp Suite Pro
Proprietary
Risk sense - Vulnerability management tool for Network infrastructure and web application.
Vapsploit - Data mining tool for Network infrastructure assessment.
Freeware Tools:
Nmap
Netcat
Snmp Walk
Metasploit
Kali Linux
Santoku
Paros
Brutus
Nikto
Firewalk
Dsniff
SQL Map
John the ripper
Paros
Wikto
Ethereal
Netcat
Openvas
W3af
OWASP Mantra
Wireshark
Ettercap
Aircrack – Ng
Cain & Abel
Ironwasp
OWASP Xenotix
Fiddler
Tamperdata
Social Engineering Toolkit
10. Outsourcing of Project to External Information Security Auditors / Experts: NO

(If yes, kindly provide oversight arrangement (MoU, contract etc.)
*Information as provided by Cyber Security Works Pvt. Ltd on 28.11.2016
Back
M/s Deccan Infotech Pvt. Ltd.
DECCAN INFOTECH (P) LTD

NO.13A, JAKKASANDRA BLOCK.
7THCROSS. KORAMANGALA
BENGALURU - 560034
• Network security audit (Y/N) : YES

• Web-application security audit (Y/N) : YES
• Wireless security audit (Y/N) : YES
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : YES
Govt. : <03>
PSU : <07>
Private : <90>


6. Technical manpower deployed for informationsecurity audits :
CISSPs : <00>
BS7799 / ISO27001 LAs : <10>
CISAs : <05>
DISAs / ISAs : <00>
CEH, CHFI, CFE, M.Tech (Information Security), MCSP, CISM, CRISC,
C|CISO

No. Employee with DIPL Information related to
Security Information security
1. Dilip Hariharan 21 21 years CRISC, CISM, CISA,
C|CISO, CEH, CHFI,
CFE, BS 7799 Lead
Auditor, BS 7799
Implementer
2. Karthik V 4 5 years M.Tech (Information
Security, CEH, MCP)
3. Raja H 4 4 years ISO 27001 LA,
Software testing,
4. Venkata Ramana 2 7 years ISO 27001 Lead
Gudluru implementer
5. Ramanan G 2 02 years ISO 27001 Lead
implementer,
6. Sowrirajan K 3 10+ years CEH, MS (Cyber Law &
Information Security)
• Network Security Audit (VAPT) and Audit of Web applications and devices of a major
Insurance company for Rs. 1+ crores.
• Consultancy for ISO 27001:2013 for a US based Platform Services company for over
75 Lakhs
• Consultancy for ISO 27001:2013 for a private Sector Bank in India for over 50 Lakhs
9. List of Information Security Audit Tools used(commercial/ freeware/proprietary):
1. Burp Suite
2. NMAP
3. Hping3
4. John The Ripper
5. NetCat
6. PW DUMP
7. WireShark
8. OWASP ZAP
9. KALI Linux
10. Rapid7
11. Acunetix
12. TCP Dump
13. Nessus
14. Brutus
15. Metasploit
16. Mozilla Tools for web app audits
17. Fiddler
18. Dir buster
19. Nipper
20. Nikto
21. W3AF
22. SQL tools
10. Outsourcing of Project to External Information Security Auditors / Experts : NO

*Information as provided by <Deccan Infotech (P) Ltd > on <07-02-2017>
Back
M/s Security Brigade InfoSec Pvt. Ltd.
Security Brigade InfoSec Private Limited

Govt. : 20+
PSU : 2+
Private : 1000+


CISSPs : 2+
BS7799 / ISO27001 LAs : 2+
CISAs : 2+
DISAs / ISAs : -
Any other information security qualification : 20+
S. Name of Duration with Experience in Qualifications

No. Employee <organization> Information related to
Security Information
security
1. YK 10 15 ECCPT
2. CJ 6 6 ECCPT
3. YS 8 10 ECCPT, ISMS LA, CEH,
CISSP
4. SZ 8 10 ECCPT, ISMS LA, CEH,
CISSP
5. SJ 4 6 ECCPT, OSCP
6. AG 2 6 ECCPT
7. MF 2 3 ECCPT
200+ Audits, Combination of Network Security, Application Security, Mobile Application

Security, Risk Assessments, Pan-India + 5 Global Locations, 1 Crore+
Information Gathering
- Bile-Suite
- Cisco torch
- SpiderFoot
- W3af
- Maltego
- SEAT
- In-House sdFinder
- … and 50 other tools
Port Scanning
- Nmap
- In-House networkMapper
- Amap
- Foundstone
- hPing
- ... and 30 other tools
Application Security Assessment
- In-House webSpider
- In-House webDiscovery
- In-House webTester
- Achilles
- Sandcat
- Pixy
- W3af
- Nikto
- Paros
Threat Profiling & Risk Identification
- In-House Risk Assessment

Network & System Vulnerability Assessment
- Metasploit
- Nessus
- SAINT
- Inguma
- SARA
- Nipper
- GFI
- Safety-Lab
- Firecat
- Owasp CLASP
- Themis
- In-house VAFramework
Exploitation
- Saint
- SQL Ninja
- SQL Map
- Inguma
- Metasploit
Social Engineering
- Social-Engineering Toolkit (SET)

- Firecat
- People Search
Privilege Escalation
- Cain & Abel

- OphCrack
- Fgdup
- Nipper
- Medusa
- Lynix
- Hydra
- … and 40 others
Commercial Tools
- Nessus Commercial
- Burp Suite

*Information as provided by Security Brigade InfoSec Private Limited on 6/12/2016
Back
M/s Payatu Technologies Pvt Ltd.
Payatu Technologies Pvt Ltd,

502 Tej House, 5 MG Road, Camp, Pune - 411001
• Network security audit : (Y/N)

• Web-application security audit : (Y/N)
• Wireless security audit : (Y/N)
• Mobile Application Audit
• IoT (Internet of Things) product security audit :
• ICS/SCADA security audit :
• Cloud Infrastructure security audit :
• Crypto Implementation security audit :
• Code Review :
Govt. : 0
PSU : 2
Private : 20+


Mobile Application Audit : 20+
IoT (Internet of Things) product security audit : 5+
Code Review : 10+
SANS GWAPT : 1
OPSE : 1
CEH : 10
ECSA : 1
ITIL : 1
Any other information security qualification : -

Greenfield security implementation and Infrastructure security audit for one of the NGO. We
architected & implemented a complete security program encompassing infrastructure,
operations, security response ability and competency development to make the Organization
skilled enough to sustain and address the future security needs. Project value USD 150000.
Information Gathering
1. Dnsenum
2. Fierce domain scan
3. Dig
4. Whois
5. Wget
6. Google Advanced search
Mapping
1. Nmap
2. Scapy
3. Ike-scan
4. Superscan
5. Dirbuster
6. Openssl
7. THC SSLCheck
8. Sslscan
9. Netcat
10. Traceroute
11. Snmpcheck
12. Smtpscan
13. Smbclient
14. Wireshark
15. Web Browser
Vulnerability Assessment
1. Nessus Professional
2. Openvas
3. Skipfish
4. Ratproxy
5. IronWASP
6. Grendel scan
7. Web securify
8. Burp suite professional
9. Paros Proxy
10. SOAPUI
Exploitation
1. Custom python script
2. W3af
3. Metasploit
4. Sqlmap
5. Sqlninja
6. BeEF Framework
7. Hydra

*Information as provided by Payatu Technologies Pvt Ltd on 08-February-2017
Back
M/s Suma Soft Pvt. Ltd.
Suma Soft Pvt. Ltd.

"Suma Center", 2nd Floor,
Opp. Himali Society, Erandawane,
Pune, Maharashtra – 411 004.
Tel: +91- 20 - 40130700, +91- 20 - 40130400
Fax: +91- 20 - 25438108
• Network Security Audit : Yes

• Web Application Security Audit : Yes
• Web Application Penetration Testing : Yes
• Network Penetration Testing : Yes
• Wireless Security Audit : Yes
• Compliance Audits (ISO 27001, PCI, BCMS, SOX etc.) : Yes
• Compliance - IT Audits
(Based on guidelines issued by RBI, IRDA, SEBI, Stock Exchanges) : Yes
• Digital Forensic Investigations : Yes
Govt. : 13
PSU : 1
Private : 2


Web Site Security audit : 15
CISSPs : -
BS7799 / ISO27001 LAs : 3
CISAs : 4
CEH : 2
CEH, ECSA : 2
DISAs / ISAs : 1
CCSE, CCI, ACE, ITIL, RHCE, CCNA, MCP, OCP,
S. Name of Duration Experience in Qualifications related to

No. Employee with Suma Information Information security
Soft Security
Surendra
1. 16 14 FCA,CISA,DISA
Brahme
2. C Manivannan 16 14 CISA
Milind
3. 4.6 12 CISA, ACE, CCNA,CSQP
Dharmadhikari
CISA,ISO27001LA,ITIL,RHCE,Sun
4. Anil Waychal 15 11
Solaris
CEH, ECSA, IBM Certified
5 Sumit Ingole 3 4
Specialist - Rational AppScan
6 Narendra Bhati 3 4 CEH
Praveen
7 1 1 CEH, ECSA
Gauttam
8 Varun Mehata .1 .1 CEH
9 Kalidas Yenpure 5 4 MCP
10 Santosh Harne 4 3 RHCE, MCP
11 Rameshwar 3 2
CCNA, CCNP
Wadghane
12 Manik Mhangare 5 RHCE
13 Mayur Bhagwan 1 0.5
CCNA
Shirsath
14 Pankaj Shripati 1 0.5
CCNA
Chaugule
15 Chirag Singhal 1 0.5 CCNA
16 Shrikan 1 0.5
CCNA
Bhadkwan
 Client: Gujarat Informatics Ltd.

Type of Audit: Security Audit of 450 websites and 12 applications hosted in
State Data Center
Scope of Work: The scope of our audit included review of following areas –
• Conduct Vulnerability Assessment and Penetration Testing
• Tests vulnerabilities in web sites and applications to ensure that all the
false positives and inaccuracies are removed.
• Analyze and execute advanced testing techniques against all verified
vulnerabilities in order to penetrate through the web based application.
• Discussion with the developers on vulnerabilities identified and suggesting
remediation in the source code
• Perform re-testing after receiving confirmation from the developers on
fixing of issues
• Finalization of report and submission of the same to the client
management.
IT Environment: 450+ Websites, 10+ Web applications

Contract value – Cannot disclose due to confidentiality
 Client: Export Credit Guarantee Corporation (ECGC) of India

Type of Audit: IS Audit
• IT Policy and its implementation

• Application Management – Development & Maintenance, Logical
Security and System Controls
• IT Infrastructure Management
• Database Review
• Backup and recovery practices
• Network Review
• IT Asset Management
• Physical Security & Environmental Controls
IT Environment: 36 Servers, 2 Firewalls, 4 routers, 150 ISDN modems,

Application portal with more than 10 modules

 Client: GIC of India (GIC Re)
Type of Audit: IT Security Audit & IPv6 Compliance Audit

• Review of existing IT Policies and Procedures
• DC Infrastructure & Network, Software License compliance
• DR Site Visit
• Applications
• LAN Infrastructure (GIC HO)
• Security Infrastructure
• Security Incidences
• Risk Assessment
• Vulnerability Assessment / Penetration Test and Desktop Security
Scanning
• Formulation of BRP/DRP framework
• Preparation of Statement of Applicability
• Formulation of IT Security Policy
• Training & Awareness
• IP v6 Compliance Audit
IT Environment: 40+ Servers, 6 Firewalls, 3 routers, 16 Edge Switches, 10 Distribution

Switches, 2 Core Switches, 2 SAN Switches, 4 Business Applications, 500+ Desktops, 100
Laptops
 Client: Kolhapur Municipal Corporation (KMC)

Type of Audit: IS Audit, Network Audit and Web Application Audit

• DR Site Visit
• Applications
• LAN Infrastructure (KMC)
• Risk Assessment
Scanning
fixing of issues
management.
IT Environment: 12 Servers, 4 Firewalls, 10 routers, 100 modems, 350+ IP address,

Application portal with more than 36 modules
 Client: Principal Controller of Defence Accounts (PCDAO)

Type of Audit: IS Audit, Network Audit and Web Application Audit

• Applications
• LAN Infrastructure (KMC)
• Risk Assessment
Scanning

fixing of issues
management.
IT Environment: 8 Servers, 1 Firewalls, 4 routers, 250+ IP address, Application portal with

more than 10 modules
Commercial
• IBM AppScan
• Burp Suite Pro
• Nessus
• Acunetix
• Netsparker
Freeware
• Kali Linux
• Metasploit
• Sqlmap

No. We do not outsource our engagements to external consultants. However, we engage

known external consultants / experts in the field of information Security to work alongside our
team based on specific skills required for the engagement. Project Management and delivery
of the engagement is done by Suma Soft.
For this purpose, we use Confidentiality and Non-Disclosure Agreements before engaging the
consultants for assignments with defined scope of work and with clear knowledge of the client.
Also the consultants need to adhere to IT Security and other Policies of Suma Soft and also of
the client during the course of the engagement.
*Information as provided by Suma Soft Pvt. Ltd. on 24-November-2016
Back
M/s AGC Network
AGC Network,
2nd Floor, Equinox Business Park,
Tower 1, (Peninsula Techno Park)
Off Bandra Kurla Complex, LBS Marg
Kurla (West) Mumbai – 400070.

Govt. : 1
PSU : 1
Private : 6
Network security audit : -

Wireless security audit : -
CISSPs : -
BS7799 / ISO27001 LAs : 10
CISAs : 3
DISAs / ISAs : --
Any other information security qualification -CEH : 10
Duration
S. Experience in Qualifications related to
Name of Employee with
No. Information Security Information security
Organization
1 Atul Khatavkar 7 Years 23 Years CISA, CRISC
2 Prashant Ketkar 7 Years 18 Years ECSA, CEH, ISO27001LA
3 Sachin Ratnakar 7 Years 18 Years CISA,ISO27001LA,BS2599LA
4 Kris Coutinho 6 Years 6 Years CISM
5 Shivkumar Singh 10 months 4 Years CCNA, CEH, McAfee SIEM
Satya Narayan
6 Yadav 1.6 months 6 Years CCNA, McAfee SIEM
7 Arnold Antony 11 months 2.11 years OSCP, CEH
8 Aakanksha Deo 1.8 Years 1.8 Years CEH
9 Imdadullah M 1.0 Years 4 years
10 Delmin Davis 1.8 years 3.8 years CCNA, CEH
11 Kamlakar Kadam 1.8 Years 1.8 Years Solarwind CP
12 Sunil Sahu 1.8 Years 1.8 Years
13 Sandip Bobade 11 months 1.11 years
14 Satyajeet Darjee 3 months 3.6 years
15 Sadanand Jadhav 4 months 2 Years
16 Omkar Patil 1 month 2.5 Years CEH, Qualys
17 Aniruddha Gurav 4 months 4 months CEH
18 Ganesh Patil 4 months 4 months CEH
19 Priyanka Malusare 3 months 3 months CEH
20 Harsh Shah 3 months 3 months CEH
21 Faisal Shaikh 3 months 3 months CEH
22 Reena Bhoyar 2 months 2 months
I & M Bank - US$ 50000 – 2 locations – SIEM Implementation
Accunetix WAS, Qualys Guard,Nessus, Kali Linux/Backtrack Suite
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No NO ( If yes,
kindly indicate mode of arrangement (MoU, contract etc.))
*Information as provided by AGC Network on 27/03/2017
Back
M/s iSec Services Pvt. Ltd
iSec Services Pvt. Ltd.

607-608, Reliable Business Center,
Anand Nagar Jogeshwari (W),
Mumbai 400102, INDIA
email: contactus@isec.co.in
3. Date of empanelment by CERT-In :
• Network security audit : (Yes)

• Web-application security audit : (Yes)
• Wireless security audit : (Yes)
• Compliance audits (ISO 27001, PCI, etc.) : (Yes)
Govt. : <15>
PSU : <2>
Private : <19>

BS7799 / ISO27001 LAs : <3 >

Any other information security qualification : <3>
Duration with Experience in Qualifications related to

S. No. Name of Employee
<organization> Information Security Information security
1 Mayur Khole >4 years >4 years ISO LA 27001:2013

2 Naman Chaturvedi >4 years >4 years ISO LA 27001:2013
3 Anil Patil 1 month >3 Years CEH v8.0
4 Deepak D.R. >2.5 years >2.5 Years CEH v7.0
5 Jyoti Shankar Singh >5 years >5 years ISO LA 27001:2013
6 Krapesh Bhatt 2 months >3 years PGDM Cyber Security
Along with project value.
Client Name: Syntel Ltd.
Locations covered: Mumbai (2 locations), Pune (2 locations), Chennai (2 locations) and Gurgaon (1
location)
Scope: ISMS Compliance Audits on daily basis for a year, Handling U.S. Clients audits at locations,
imparting training sessions to employees in reference to Information Security at regular Intervals,
Doing Risk Assessment at annual basis, Transition done from ISO 27001:2005 to ISO 27001:2013,
DR and BCP drills for each account.
Manpower Deployed : 3 resources (one each at Mumbai Chennai and Pune).
Project Value: INR 50 lacs.

Commercial:
• Burp Suite Pro
Freeware:
• Nmap
• Nikto
• Metasploit
• OpenVas
• Wireshark
• Crowbar
• Nessus
• Webscarab
• Paros
• Wapiti
• Nemesis
• NetCat
• Brutus
• GrendeIscan
• Havij
• Hydra
• Httprint
• Hydra
• W3af
13. Whether organization is a subsidiary of any foreign based organization? : No

If yes, give details
*Information as provided by iSec Services Pvt. Ltd. on 23/3/2017
Back
M/s KPMG
KPMG,
DLF Building No. 10,
8th Floor, Tower B
DLF Cyber City, Phase 2
Gurgaon 122002

Govt. : 20
PSU : 15
Private : 40


CISSPs : 6
BS7799 / ISO27001 LAs : 40+
CISA / CISMs : 40+
CEH/OSCP : 35
CCSK/OSCP : 5
CCNA / CCNP/CCIE : 10
S. Name of Duration with Experience Qualifications related to

No. Employee KPMG> in Information security
Information
Security
1 Sony Anthony 15yrs 21yrs ISO 27001, ISO 22301, ISO
20000
2 Manish 3yrs 14yrs CEH, CCNA, CISA, ISO 22301
Tembhurkar
3 Kedar Telavane 8yrs 10yrs CISM, CISSP, CCNA,
SNPA,JMCIA,ISO 27001, ISO
22301,DSCI- LA
4 Urmimala 7yrs 10yrs CEH, ISMS-27001:2013, ITIL,
Dasgupta QualysGuard
5 Anupama Atluri 6yrs 10yrs CEH, CCSK, ISO Lead
Implementer, IBM Certified Pen
tester
6 Aditya Tawde 2yrs 9yrs ISO 27001, DSCI -LA
7 Jayant Singh 7yrs 8yrs CEH, ISMS 27001
8 Ramit Gupta 5yrs 8yrs CEH, ISMS-27001:2013, ITIL
9 Ragini Gupta 1yrs 4yrs CEH
10 Abhishek Dashora 2yrs 4yrs CEH, CCSK
• Telecom security testing – Multi-year engagement to support client in its security

initiatives which include Security testing of core telecom network nodes like MSC, IN,
SGSN, GGSN, VAS systems etc, network architecture review, application security testing,
vulnerability assessment and development of baseline security standards. The engagement
spread across all the circles within the country covering remote locations.
• Largest public sector bank in India- The scope of work include to perform periodic
vulnerability assessment and penetration testing, application security testing, secure code
review, mobile app security testing, Internet banking and core banking application security
tests. KPMG performed security review of network architecture for bank’s data centers,
local networks and international branch networks. As part of assessment, KPMG also
reviewed security policy and procedures of the bank and its implementation. KPMG was
also a part of it’s Digital Banking initiative where KPMG had performed pre-launch security
assessment of entire setup.
• Security audit for highway authority: The engagement is to conduct detailed As-IS
study of existing security controls implemented on network, application and infrastructure
and submit a detailed report to the organization. Post As-IS assessment KPMG conducted a
comprehensive security audit of network, application, endpoints, database, external
website and e-tendering portal.
• Security audit for nationalized bank: Multi-year engagement with a leading bank to
conduct quarterly security audit of 100 application security tests, vulnerability assessment
on more than 600+ IP address, external penetration test, Denial of service assessment, IT
DR review and review of policy and process. The value of engagement is more than INR
50Lakhs.
• Security operations center for public sector bank:KPMG assisted 9 banks to assess
the security requirement in each of the banks and help in selection of technologies and
security integrator. KPMG is also assisting a few banks in design and implement the
technologies such as SIEM, PIM, DAM, WAF, VAS, Anti-APT, DLP etc.Logs from various
security devices as routers, switches, firewalls, etc. are fed to the SIEM along with the logs
from other monitoring tools. KPMG has also helped the Banks build use cases for each of
the technologies and implement the same.
• Large IT/ITES Company: KPMG conducted Cyber maturity assessment for the
organization spread across multiple countries followed by road-map for implementation of
security control. KPMG also performed security architecture review, cyber drills, phishing
assessment, Senior management trainings, development of cyber response and incident
management framework, Value of engagement was more than INR one crore.
• Leading intellectual property management and Technology Company: KPMG has
been appointed to provide cyber security services which include cyber security
transformation projects, governance & sustenance and security testing services. KPMG is
to conduct cyber security maturity assessment, program governance for implementation
security controls and security testing for critical on-premises and cloud based applications
• Commercial –
• Acunetix,
• Burp,
• Nessus
• AppScan
• WebInspect
• Proprietary
• KRaptor,
• KPMG Brand Protection Tool,
• KPMG SABA,
• KCR Tool
• Freeware
• BackTrack,
• Kali Linux,
• Fiddler,
• Paros,
• SQLMap,
• nmap,
• Wireshark
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No ( If yes,
kindly indicate mode of arrangement (MoU, contract etc.)) NO
*Information as provided by KPMG on 21st Mar 2017
Back
M/s Mahindra Special Services Group
Mahindra Special Services Group( A Division Of Mahindra Defence Systems Limited),

212, 2nd Floor, Rectangle One,
Commercial Complex D4,
Saket, New Delhi-110017

• Compliance audits(ISO 22301) : Yes
Govt. : 60
PSU : 7
Private : 83


CISSPs : 1
BS7799 / ISO27001 LAs : 47
CISAs : 4
DISAs / ISAs : 2
Any other information security qualification:CEH/CFE/CAMS- : 18
S. Name of Employee Duration with Experience in Qualifications related

No. <organization> Information to Information
Security security
1. Shailesh Srivastava 9 14 MS ( Cyber Law &
Information
Security);B. Tech. (
Electrical
Engg.);L.L.B., ISO
27001 LA, ISO
22301 LA, ISO
27001 LI,CISA
2. Chandrika Putrevu 7 7.5 B.E.(IT), ISO 27001

LA
3. FarzanaArakkal 6.5 7.5 B E (Computer
Science), ISO 27001
LA
4. Vaibhav Pulekar 6.4 9.7 BE (Computer
Science), ISO27001
5. Anil Govindu 5.2 14.2 B Sc.(Physics), ISO

27001
6. Pankaj Patil 4.10 15.20 BHMS,
OSCP, ISO 22301

LA
7. ChiragaliPeerzada 3.5 8.5 ISO 27001 LA,

CCNA, ISO 22301 LI
8. NeerajRathi 3.5 18.5 ISO 27001 LA, ISO

22301 LI
9. Anushree Desai 3 3 BSc(IT),
ISO 27001LA, ISO

22301 LI
10 Daniel Joseph 2.5 3.5 M Sc(IT),
RHCSA and DFI by

Data 64, OSCP
11. Manish Pandey 2.5 3.5 B.Tech, CEH
12. Santosh Lala 2.5 16.5 MBA, ISO 22301,

ISO 27001
13. Uday Kiran 2.5 4.5 M.Tech (Computer

Sci), B. Tech
(Computer Sci),
CEH; ISO
27001:2013 LA
14. Mousam Khatri 2 2.76 M.Sc. (Cyber Law &

Information
Security), B.E. (IT),
ISO 27001 LA
15. Suresh Mishra 2 16 MBA, ISO 27001 LA
16. Pradeep Lavhale 2 11 MBA, ISO27001
17 Suman Ganguly 2 18 MBA, BE, ISO 27001

LA, ISO 22301 LA,
18 Mihir Shukla 1.5 4.5 B.Sc. (Hons.)
Computer Security &
Forensic: University
of Bedfordshire, UK,
CEH, RHCSA, ISO

27001 LA
19 Sachit Bhatia 1.5 2 MBA(IT), CEH, OSCP
20 Dheeraj Gupta 1.5 2.5 B Sc(T), ISO

27001LA, ISO 27001
Li, ISO 22301 LA
21 K Harisaiprasad 1.5 9.5 MS, BE, ISO 27001,
CISA (Pending)
22 Nair Ashish Ravindran 1.5 3.5 B Sc (IT), ISO 27001

LA
23 Thakur Chandan 1.5 1.5 B E ( Computers),

Kumar ISO 27001 LA
24 Yadav Mayank Kumar 1.5 1.5 BE, ISO 27001 LA,

ISO 27001 LI
25 KhanolkarAkshayUday 1 2.5 B Sc(IT), ISO

27001LA
26 SubirKochar 1 1 MSc, BE, ISO 27001

LA, ISO 22301, PCI
DSS, ITIL
27 Pankaj Tiwari 1 5 MBA, MSc, MCA, CEH
28 Muktanand Kale 1 2.5 B E, CEH
29 Varinder Kumar 1 17 B Sc,
CISA, CIA, ISO

27001 LA, ITIL
30 RuchitaDaund 1 3.5 BSC, CEH, ISO

27001 LA
31 Abhishek Srivastava 1 3 B E( Computer Sci),

CEH, ISO 27001 LA
32 SanketKakde 1 3.5 BE, CEH, ISO

27001LA
33 Alok Mishra 1 5 MSc, BSc, CEH, ISO

27001 LA
34 PrabudhAyush 1 3 MCA, B Sc, ISO

27001 LA, ISO
27001 Li
35 Navin Kumar Pandey 1 3.5 MCA, BCA, ITIl, ISO
27001 LA
36 Archana Vinod 1 8.5 B E, ISO 27001 LA,

Baisane ISO 22301 LA, ISO
27001 Li
37 Newton Robin Pereira 1 4 B Sc, CEH, CCNA
38 SonaliRaje 1 3.5 B Tech, ISO 27001

LA
39 C R Vishnukumar 1 8.5 B Tech, ISo 27001

LA, ITIL
40 Manojit Nath 1 2 B Tech, ISO 27001

LA
41 Praful Mathur 1 5.5 MBA, ISO 27001 LA
42 Deepak Pandita 1 1.5 Btech, CEH
43 Shweta Rai 1 4.5 B Sc, ISO 27001 LA,

ISO 22301LA
44 Neha Narang 1 5.5 B Tech, ISO 27001

LA, ITIL
45 Irfan Khan 1 10.5 MBA, BTech, ISO

27001 LA
46 Dinesh Usnale 1 3.5 M Sc, BSc, CEH
47 Manoj Singh 1 12.5 MCA, Bsc, ISO

27001 LA,
48 MitaNaik 1 14 BCA,
DCPLA (DSCI
Certified Professional
Lead Auditor) ,ISO
270001 LI-LA
Certified, CEH v8
certified, pursuing
CISSP, CCNA ,CCIP
Certified, ITIL V3
Foundation & Service
Strategy certified.
49 Sameer Goyal 1 2.5 B. Tech, CEH
50 Parth Srivastava 1 1.5 B.Tech,CEH, CCNA

8.1. Central Bank Of India- Consulting For ISO 27001 implementation.

8.2. Allahabad Bank- IS Audit and VA PT for application and network infrastructure
8.3. Bajaj Finserv- Consulting for ISO 27001
8.4. Airport Authority Of India- Consulting for ISO 27001 , IS Audit, VA PT
( Network and application)
8.5. ICICI Bank- VAPT For Network and applications
8.6. Union Bank- Consulting For ISO 27001 and ISO 22301
( If yes, kindly indicate mode of arrangement (MoU, contract etc.))
*Information as provided by Mahindra Special Services Group ( A Division Of Mahindra Defence

Systems Limited) on 24th March 2017
Back
M/s Cigtial Asia Pvt Ltd
Cigtial Asia Pvt Ltd,

Bangalore 560029

• Compliance audits (ISO 27001, PCI, etc.) : (N)
Govt : 6
PSU : 0
Private : 2110
Total Nos. of Information Security Audits done : Around 2000
5. Number of audits in last 12 months, category-wise (Organization can add categories


Web-application security audit : About 2081
6. Technical manpower deployed for informationsecurity audits:
CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification:OSCP, CEH, Internal Certifications

No. Cigital Information Security Information security
1 Somnath Neogi > 10 Years >12 Years CEH, OSCP
Guha
2 Yamel Patel > 2 Years > 2 Years CEH, OSCP
3 Anupam Sain > 10 Years >10 Years CEH
4 Sourav Bhadra > 8 Years >8 Years CEH
5 Darshan V > 3 Years >1 Year CEH
6 Jeevan Kumar > 2 Years >2 Years CEH
7 Pravat Sahoo > 1 Year >1 Year CEH
8 Siddharth Bavisker > 2 Years > 2 Years CEH
Customer Volume Complexity Location Approximate

Project Value
One of the Mobile Critical business Onsite Mumbai, INR 4.5Mn

largest Private applications Applications Bangalore and
bank in India Remote (from
Bangalore)
One of the Instructor led On selected New Delhi INR 600K

Government trainings technologies
Autonomous
organizations
India
One of the Red Teaming, Complex business Onsite and INR 2.5MN
Insurance consulting, mobile applications and remote
companies in and web red teaming locations in
India application assignments Bangalore
assessments
One of the Web Applications, High complex Onsite at client INR 6.5MN
Software Architecture risk business location in
products analysis and applications Bangalore
company based Advanced Pen
in Bangalore testing
One of the Network Testing Internal and Remote location INR 1.5MN
Global IT external in Bangalore
Services and
Support
company
focused on
Financial
Services market
1. IBM App Scan

2. Burp Suit Pro
3. SSLizer
4. Nessus
5. N Map
6. Wire shark
7. TCP Dump
8. IGT
9. WinSCP
10. Drozer
11. Hooper
12. APK Debug
13. SQLI Browser
14. Protecode SC
15. Protecode ES
16. Coverity
17. SQL Map
(If yes, kindly indicate mode of arrangement (MoU, contract etc.))
*Information as provided by Cigital Asia Pvt Ltd on 24/03/2017
Back
M/s HCL Comnet Ltd.
1. Name & location of the empaneled Information Security Auditing Organization:
HCL Comnet Ltd.
• Network security audit (Y/N) : Y

• Web-application security audit (Y/N) : Y
• Wireless security audit (Y/N) : Y
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Y
• Mobile Application Security: 3 UPI and BFSI
• Forensic Audit: in BFSI sector
Govt. : 7 Large Govt. Customers

PSU : 2 Large PSU
Private : 6 large Private Enterprise

Network security audit : 50000 Servers/infra, 100+ firewall audits

Compliance audits (ISO 27001, PCI, etc.) :5 ISO 27001:2013, 1 PCIDSS v3.2
Certification
Application Source Code Review :6
CISSPs : 5
BS7799 / ISO27001 LAs : 25 LAs
CISAs : 10
CISMs : 5
Star Certified (Cloud Security) : 10+
OSCP : 2
Any other information security qualification:5 CEH, 10 ISO 22301 LAs, OEM
Certifications (Skybox, Qualys, RSA, Checkpoint, CISCO, Juniper Certified)
Total Nos. of Technical Personnel : 35+ resources

Employee <organizati Information related to
on> Security Information
security
1 Sandeep 10+ years 9+ years ISO 27001-2013,
Kumar QGCS
Pasi
2 Ashwani 2.8 Years 2+ Years CCNA,
QGCS,BCMS
3 Nitin Sharma 4.9 Yrs 3 Yrs CEH,ISO 22301,
QGCS, PCI-
DSS from
SISA
4 Saurabh 2 Years 6+ Years CEH, QGCS
Mishra
5 Nand Kishore 2.7 Years 6 years CEH and QGCS
Kumar
6 Roopesh 10+ years 9+ years ISO 27001-2013
Ramakris
hna
Kamat
7 Mohan Raj 2.1 Yrs 5 Yrs ISO 27001:2013,
Venkates CEH, ITIL
an
8 Satish 2 years 2 years ISO 27001-2013
Rangabha LA
tla
9 Ashish 1 year 8 7+ Yrs ISO 27001-2013
Chauhan months(app LA
rox.)
10 Sikha moni 2+ Years 6+ Years ISMS, BCMS,
Bhuyan ITIL, COBIT,
PCI-DSS
from SISA
11 Kshitij Kishore 10+ years 9+ years ISO 22301, QGCS
Bharadwa
j
12 Abhishek 7 Yrs 5 Yrs CISSP, CISA,
Kumar CISM, ISO
27001:2013,
ISO 22301
1. SBI Security Operations Center – 40000 + infrastructure for VA (quarterly),

300 websites (quarterly), approx. 50 firewalls monthly, ISO 27001:2013
certifications, RSA Archer GRC Secops integration with SIEM and Nessus – all
SBI Branches terminating at DC/DR – Approx. 46 Cr.

Qualysguard, Accunetix, IBM Appscan, HP Fortify, Skybox, Nipper, Nessus, Nexpose,
Metasploit, Kali Linux, Open Source Tools
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No : No

*Information as provided by HCL Comnet Ltd. on 23-03-2017.
Back
M/s Lucideus Tech Pvt. Ltd.
Lucideus Tech Pvt. Ltd.
● Network security audit (Y/N) : Yes

● Web-application security audit (Y/N) : Yes
● Wireless security audit (Y/N) : Yes
● Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
Govt. : 5
PSU : 3
Private : 300+
Network security audit : 5000+ IP Addresses

Web-application security audit : 1000+ Web Applications
CISSPs : 0
BS7799 / ISO27001 LAs : 1
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : OSCP, LCEH, MCP

Employee with Information Security related to
Lucideus Information
security
1 VB 4.5+ Years 7+ Years LCEH
2 RT 3.5+ Years 7+ Years LCEH
3 RD 1.5+ Years 2.5+ Years LCEH
4 MK 1+ Years 2.5+ Years LCEH
5 AJ 3+ Years 5+ Years LCEH
● One of India’s biggest retail payment system
Activities - Secure Code review, Application security assessment, Network
Architecture review, Configuration Review, DDoS Testing.
● One of India’s Leading e-commerce platform

Activities - Continuous Web Application security assessment, Network
Penetration Testing, Online Reputation Management, Secure Code review
etc.
● One of India’s Leading FMCG Companies

Activities - Application security assessment, Network Architecture review,
Configuration Review, Risk Assessment
● One of India’s Leading Aviation Companies

Penetration Testing
● One of India’s Leading Defence Organisation

Activities - Application security assessment, Network Architecture review,
Configuration Review, Risk Assessment
● One of India’s Leading Private Banks

Penetration Testing
Web Application Source

Network VAPT Web Application VAPT
Code Review
● Burp Suite
● OWASP Zap
● Skipfish
● CheckMarx
● Arachini
● MS CAT
● Xenotix
● FxCop ● Nmap
● BeeF
● OWASP SWAAT ● Nessus
● Tilde Scanner
● RIPS ● OpenVAS
● Nikto
● LAPSE+ ● Metasploit
● SQL Map
● Visual Studio and
● W3af
other IDE
● Dirb
● Nessus (for Web App
Scanning)
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No :

NO ( If yes, kindly indicate mode of arrangement (MoU, contract etc.))
*Information as provided by Lucideus Tech Pvt. Ltd. on 25th March, 2017.
Back
M/s Sandrock eSecurities Private Limited
Sandrock eSecurities Private Limited
2. Carrying out Information Security Audits since : November 2011
• Network security audit (Y/N) : Y

• Web-application security audit (Y/N) : Y
• Wireless security audit (Y/N) : Y
• Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Y
(Internal Audits Only)
Govt. : 10
PSU : 0
Private : 5


CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
DISAs / ISAs : 0

1 Rachna Agarwal April 2014 2 Years
2 Ankush Garg June 2015 1 Year Diploma in Cyber Law
3 Daman Preet June 2015 1 Year
S.N Categor Brief Descrition of Details of Contact Person at Auditee Additional Info.
o y Scope of Work Organization (Name, email, website
(Govt./ URL, Mobile, telepohne, fax, etc)
PSU/Pri
vate)
1 Private External Network Comnet Vision India Private Limited External Network
Penetration Test B-1 Aggarwal Bhawan, 35-36, Nehru Penetration Test on Public
Place, IPs
New Delhi – 110019
2 Private Internal Network Comnet Vision India Private Limited Internal Network
Penetration Test B-1 Aggarwal Bhawan, 35-36, Nehru Penetration Test on Private
Place, IPs
New Delhi – 110019
3 Govern Web Application Varkul Websoft Private Limited Bureau of Energy Efficiency
ment Penetration Test New Delhi, Delhi 110007 A staturory body under
Ministry of Power,
Government of India
www.beeindia.gov.in
4 Govern Web Application University IT Services Cell (UITS) Guru Gobind Singh
ment Penetration Test Room No.D-412 Indraprastha University
GGS Indraprastha University www.ipu.ac.in
Sector 16C, Dwarka, N.Delhi-110078
Phone: 25302746 Email: uits@ipu.ac.in
Ministry of Power,
Government of India
www.beesdaportal.com
Ministry of Power,
Government of India
www.beestarlabel.com
7 Govern Web Application IT Cell, Ministry of Power, http://staging.indianic.com
ment Penetration Test Room No. 123, 1st Floor, /power/ and
Shram Shakti Bhawan, Rafi Marg, http://staging.indianic.com
New Delhi /ujwalbharat/
8 Govern Web Application Hindustan Insecticides Limited http://www.hil.gov.in/
ment Penetration Test New Delhi, Delhi 110003
9 Govern Web Application State Consumer Disputes Redressal http://chdconsumercourt.g
ment Penetration Test Commission, U.T., Chandigarh. ov.in/
10 Private Web Application M/s MSF Insurance Web Aggregator Direct Insure
Penetration Test Pvt.Ltd, Delhi http://www.directinsure.in
11 Govern Web Application Mahatma Gandhi Mission
ment Penetration Test College of Engineering & Technology,
Noida
12 Govern Web Application Recruitment and Assessment Centre http://rac.gov.in/
ment Penetration Test (RAC) Defence Research and
Development Organisation
Ministry of Defence
Lucknow Road, Timarpur, Delhi (INDIA)
13 Govern Web Application Mukesh Kumar, http://ccestagra.gov.in/
ment Penetration Test Immortal Technologies (P) Ltd.
Nmap Freeware
Nikto Freeware
Mozilla Firefox with Freeware

Security Add-Ons
Web Scarab Freeware
Sqlmap Freeware
Cain and Abel Freeware

W3af Freeware
HTTrack Freeware
Nessus Commercial
Metasploit Freeware
Nexpose Freeware
Brutus Freeware
MBSA Freeware
GFI Langaurd Commercial

( If yes, kindly provide oversight arrangement (MoU, contract etc.)) NO
*Information as provided by Sandrock eSecurities Private Limited on 27-03-2017
Back
M/s VISTA InfoSec
1. Name & location of the empanelled Information Security Auditing

Organization :
nd
VISTA InfoSec, 001, North Wing, 2 Floor, Neoshine House,
Opp. Monginis Factory, Link Road, Andheri (West), Mumbai,
Maharashtra, India.
2. Carrying out Information Security Audits since :

2004

4. Information Security Audits carried out in last 12

Months
Govt. : 25+
PSU : 30+
Private : 100+
5. Number of audits in last 12 months , category-wise:
Sr. Category Brief Description of Details of Contact Person at Additional Info

Work Auditee
Organization (Name, email,
b it URL M bil
1. Govt. Tech audit of the IT INS Mumbai
2. Govt. Tech audit of the IT INS Mysore
3. Govt. Tech audit of the IT FMU
4. Govt. Tech audit of the IT FMU & MMT
5. Govt. Tech audit of the IT CONFIDENTIAL Naval Station, Thane
6. Govt. Tech audit of the central NA0049 - Kochi
7. Govt. Tech audit of central DIT
and remote
locations
8. PSU Audit as per SEBI Name: Rajesh Prasad SBI
guidelines. Email ID:
rajesh.prasad77@sbi.co.in
Organisation: SBI
Website: www.onlinesbi.com
Phone Number: 9869770276
9. PSU Audit as per SEBI Name: Sunil Yadav NSDL

guidelines. Email ID:
Sunil.Yadav@nsdl.co.in
Organisation: NSDL
Website:
npscra.nsdl.co.in Phone
Number: 9967222267
10. Pvt. Audit as per RBI Name: Priti Shah PMCB
requirements Email ID:
PritiShah@pmcbank.com
Organisation: PMCB
Website:
Audit as per ISO27001
www.pmcbank.com
requirements Phone number: (022) 6780 4174
11. Pvt. Audit as per RBI Name: Ravindra Pathar GPPJSB
rspathar514@gpparsikbank.
net Organisation: GPP Bank
Audit as per ISO27001 Website:www.gpparsikbank.
requirements com Phone Number: 022-
25456524
12. Pvt. Audit as per RBI Name: DK Gosavi KJSB
dkgosavi@kalyanjanata.in
Organisation: KJSB
Audit as per ISO27001 Website: www.kalyanjanata.in/
requirements Phone Number: 9322705900
13. Pvt. Audit as per ISO27001 Name: Yogesh Maroli AGS

Yogesh.maroli@agsindia.com
Organisation: AGS Transact
Website: www.agsindia.com
14. Pvt. Audit as per PCI Name: Pankaj Khandelwal ISG

pankajk@insolutionsglobal
.com Organisation: ISG
Pvt. Audit as per ISO27001 Website: ISG
requirements www.insolutionsglobal.com
15. Pvt. Audit as per RBI Name: Vikram Idnani Tata – Trent
Vikram.Idnani@trent-
tata.com
Organisation: TATA
Trent Website:
www.tata.com/company/profile/Tr
ent
16. Pvt. Audit as per ISO27001 Name: Sreeram GC TATA TRUST
sgomadam@tatatrusts.org
Organisation: TATA
Trust Website:
www.tatatrusts.org


CISSPs : 3
BS7799 / ISO27001 LAs : 8
CISAs : 3
DISAs / ISAs : 1
Any other information security qualification: PCI QSA, CRISC, CEH, OSCP

No. VISTA InfoSec Information Security Information security
1. Srushti Mohadikar June 2014 3 CCNA R&S, CEH,
PYTHON
2. Rohan Bangera Apr 2012 4 CISC, CPFA, CPH NxG
3. Sachin Pagare Nov 2015 3 CAST, CEH, ECSA
4. Mayur Patil Nov 2015 2 CEH,
5. Anshuman Dubey Aug 2014 6 ISMS LA
6. Bhagyashree Jan 2013 4 PRISM

Mulgund
7. Divya Nitesh Oct 2013 8 ISMS LA
8. Vibha Yadav Nov 2013 6 ISMS LA, Diploma in

Certified
Manager in
Information
9. Rohan Patil Aug 2005 12 eCPPT
10. Narendra Sahoo Dec 2004 23 CISSP, CISA, ISMS LA,

CRISC
11. Saru Chandrakar Oct 2012 6 CISA, ISMS LA
12. Anil Yadav Feb 2014 5 CISC
13. Pravin K Nov 2006 14 CISA, CISSP
14. Aniket Lavhande Oct 2016 2 CEH
15. Sneha Karan Jan 2016 1 CEH
16. Shailesh Wagh Feb 2016 6 CEH
Projects Volume Complexity Locations
InSolutions Global – Into card printing, Payment processor to Mumbai, Pune, Delhi
Compliance card processing, some of the largest and Bangalore
Management payment application banks and
development – We merchants in India
support end to end
compliance
PMCB – Compliance End to end One of the largest 100 locations

Management compliance Co—operative bank across Maharashtra
GPPJSB – End to end One of the largest 75 locations

Compliance compliance Co- operative bank across
Management Maharashtra
 Rapid7 NeXpose
 IBM Rational AppScan.
 NESSUS.
 GFI Languard.
 Acunetix WVS.
 QualysGuard.
 BurpSuite.
 MetaPacktPublishingoit.
 Nikto.
 Wikto.
 BackTrack Security Distro.
 Paros Proxy.
 Nmap.
 Exploits DB from “astalavista”, “packetstormsecurity”, “exploitdb” etc.
 Google Hack DataBase.
 Inhouse customized Scripts.
 Zero Day Scripts / Exploits.
 Other Tools (As when required by the type of work).
10. Outsourcing of Project to External Information Security Auditors / Experts :
No ( If yes, kindly indicate mode of arrangement (MoU, contract etc.))
*Information as provided by VISTA InfoSec on 21/03/2017
Back
M/s Sify Technologies Limited
Sify Technologies Limited.

2nd Floor, TIDEL Park, #4, Rajiv Gandhi Salai,
Taramani, Chennai-600113

Govt. : 3
PSU : 1
Private : 6


CISSPs : 1
BS7799 / ISO27001 Las : 1
CISAs : 0
DISAs / ISAs : 0
CISM : 1
CIWSA : 1
MS (Cyber Law & Information Security) : 1
C|EH : 4
7. Updated details of technical manpower deployed for information security audits in Government
and Critical sector organizations (attach Annexure if required)
S. Name of Duration with Sify Experience in Qualifications

No. Employee Technologies Ltd. Information related to
CISSP, CISM, MCSA,
1 Palaniraja M 3.7 13.8
MCSE, CCNA, CIWSA
ISO27001 Lead
Auditor, ISO27001
2 Amruta Khot 9.3 9.3 Lead Implementer,
ITIL V3, ISO 22301
Professional
MS (Cyber Law &
3 Nairit Adhikary 4.3 4.3
Information Security)
4 Vinoth Kumar 6.11 7.8 C|EH
5 Jude Lesley 2 2 C|EH
6 Vinoth P 2 2 C|EH
7 Mohan M 2 2 C|EH
Company Complexity Volume Project Value

Name
IL&FS Penetration Testing 20 IP's 1867000

Security Bi-Annually for 2
Services Ltd. years
Vulnerability 146 IP's
Assessment Bi-
Annually for 2 years
ISMS Build- End to Premises : IL&FS Securities Services
End consultancy till Limited, Mumbai
ISO27001 Processes : IT Department, Data Center
Certification (managed by 75 personnel)
Completion IT services (Service Desk, Desktop
Sup.,
Networks Sup., Servers Sup., DC Sup.,
Application Development / Management
/ Support, DBA,
Procurement, IT Security).

Acunetix, Nessus, Metasploit Framework, Nmap, BurpSuite, Kali Linux, OWASP Zap

*Information as provided by Sify Technologies Limited on 27th March 2017
Back
M/s Locuz Enterprise Solutions Ltd.
1. Name & location of the empaneled Information Security Auditing Organization:
Locuz Enterprise Solutions Ltd.

401, Krishe Sapphire, Main Road, Madhapur, Hyderabad – 500081.
Phone #: +91-40-45004600 | Fax #: +91-40-45004601.
http://www.locuz.com
2. Carrying out Information Security Audits since : August 2001
• Network security audit : Y

• Web-application security audit : Y
• Wireless security audit : Y
• Compliance audits (ISO 27001, PCI, etc.) : Y
Govt. : 40
PSU : 02
Private : 12
Total Nos. of Information Security Audits done :


Cloud Security : 2
CISSPs : 1
BS7799 / ISO27001 LAs : 2
CISAs : NIL
DISAs / ISAs : NIL

Security Information
security
1 Mr R Nageshwar 6 + Years 7.5 + years CEH, CCSA, ISMS
Rao Naik Trained
2 Mr. Sashidhar 4 +years 4 +years CEH,ISO
Somireddy
7001:2015 LA-
Certified
3 Uttam Mujumdar 14 + Years 11 +years CISSP
4 Narendra Nath 5+ Years 5+ Years LA ISO 27001:2005
Swarna
5 Milind Mistri 5+ Years 4 + Years CCIE Security
6 NIHAL 3 + years 2 +years CCIE Security
7 Chandan 3 + Years 3 + Years CCIE Security
etc.)
Along with project value.
Client Location Activity Period Locations Value

Name
Tasec Mumbai Security Assessment, 2016-2017 2 locations Confidential
Vulnerability
Assessment,
Breach assessment,
Social Engineering,
Firewall Configuration
review
LVGI Mumbai Vulnerability Assesment 2016-2017 1 Location Confidential
and Penetration Testing
(Both Internal And
External )
Eros Mumbai Security Assessment, 2016-2017 1 Location Confidential

International Vulnerability
Assessment, IT
Infrastructure
Consulting Services &
Gap Analysis
Ness Bangalore Vulnerability Assesment 2016-2017 3 Locations Confidential
Technologies and Penetration Testing
(Both Internal And
External )
Nmap
Superscan
Metasploit & Securityforest - Penetration Testing
Process explorer, Sigcheck, Kproccheck - Windows Kernel & malware
detection
Netstumbler & Kismet – WLAN Auditing
Nikto - Web server vulnerability scanner
SQLMap – SQL Injections
Wireshark – Protocol Analyzer
BackTrack tools
Burp Proxy
Nessus
*Information as provided by Locuz Enterprise Solutions Ltd. on 27th March 2017
Back
M/s Digital Age Strategies Pvt. Ltd.
Digital Age Strategies Pvt. Ltd.

Corporate office # 28, "Om Arcade", 2nd & 3rd Floors,
Thimmappa Reddy Layout , Hulimavu,
Bannerghatta Road, Bangalore – 560076
2. Carrying out Information Security Audits since : 8th March, 2004

• Network Information security policy Audit against best
Security Practices : Yes
• Process Security Audit : Yes
• Internet Technology Security Audit : Yes
• Communications Security Audit : Yes
• Internet & Mobile Security Testing : Yes
• Physical Access Controls & Security Audit : Yes
• Software Vulnerability Assessment Audit : Yes
• Penetration Testing : Yes
• Business Continuity Planning / Disaster Recovery Audit : Yes
• CBS/Core/ERP Application Audits : Yes
• Software Asset Management Audit : Yes
• Sarbanes’ Oxley Act (SOX) Audit : Yes
• Data Migration Audit : Yes
Govt. : 990
PSU : 406
Private : 270
• Network security audit : 90+

• Web-application security audit : 330+
• Wireless security audit : 4+
• Compliance audits (ISO 27001, PCI, etc.) : 342+
• Network Information security policy Audit against
best security practice : 115 +
• Internet Technology Security Audit : 95+
• Mobile Security Testing : 5+
• Physical Access Controls & Security Audit : 35+
• Vulnerability Assessment Audit : 80+
• Penetration Testing : 40+
• Business Continuity Planning / Disaster Recovery Audit : 572+
CISSPs : 03
BS7799 / ISO27001 LAs : 22
CISAs : 25
DISAs / ISAs : 1
Any other information security qualification: CEH : 19

As per the Annexure Enclosed
I. Reserve Bank of India, HO Mumbai
• IT Infrastructure Audit – System Upgrade & Integration (SOC) TPA for 2016-
2018. Value of Order Rs. 14.45 Lacs approx.
• CBS Data Migration Audits of RBI across the Country from August 2011 to
2013. Vulnerability Assessment & Penetration Testing for RBI Network & Web
application. Value of Order Rs. 68.70 Lacs + Rs. 1.20 Lacs.
• eKuber Treasury Migration Audit for RBI during 2014-15. Value of Order Rs.
29.35 Lacs Approx.
• Reserve Bank of India, RTGS Application Data Migration Audit during 2015-
2016. Value of order Rs. 13.20 Lacs
II. ONGC, Govt. of India – Paperless Office Implementation – Third Party Auditor (TPA) for
L&T Infotech Ltd., for 2017-2018.
III. Odisha Power Transmission Corporation Limited (OPTCL), Govt. of Odisha,

Bhubaneswar.
• IT Security Auditor including ISO 27001:2013 Implementation for

OPTCL/GRIDCO/SLDC Audit for 2017 – 2023. Value of Order Rs. 27.43 Lacs
Approx.
IV. Central Bank of India, Mumbai
• Cyber Security Audit and Comprehensive Audit of CBS Project & other
Applications 2016 – 2017. Value of Order Rs 14.50 Lacs Approx.
V. Federal Bank Ltd. Kerala
• IS Audit of IT infrastructure, VAPT and Concurrent Audit of Data Center, IT

Department and Operations Department of the Bank 2016-18. Value of Order
Rs 15.50 Lacs Approx.
VI. Ministry of Finance & Economic Affairs, Government of The Gambia 2015 - 16
• ICT Audit covering Data Centre, Disaster Recovery Site, Audit of Epicore
Core Application, IS Audit of Nine Applications, Vulnerability Assessment and
Penetration Testing of the entire network covering all IT Assets. Gap
Assessment against COBIT Version 5.0, Gap Assessment against ISO
27001:2013 Standard, detailed Risk Assessments, Future Capacity Plan, Way
Forward Initiatives for IT etc. Value of the order Rs. 48 Lacs.
VII. Bank of Uganda
• Attack & Penetration Testing of Bank of Uganda during 2016 – 17 etc. Value of
the Order Rs. 46 Lacs.
VIII. Nashik Municipal Corporation
• Security Audit of Softwares and Network System for 2015-16. Value of the
Order Rs. 15.60 Lacs.
IX. Indian Bank
• IS Audit of all areas of Audit like DC, DRS, Treasury, ATM Internet Banking,
Mobile Banking including ITMS Migration Audit, CAAT Tools Evaluation,
Capacity Planning, Risk Assessment, Policies Review, VA & PT of entire Bank
etc. for 2015 -16 & 2016-17. Value of the Order Rs. 24 Lacs.
X. Canara Bank, Head Office, Bangalore
• Vulnerability Assessment and Penetration Testing for Bank’s Network, Servers,

Applications, Websites etc from 2016 to Till date . Value of order Rs. 15 Lakhs.
XI. Corporation Bank
• Comprehensive Audit of Bank's Data Center, IT Applications, IT Network, and

Independent Assurance of the IS Audit Function including VA & PT for 2015-
16. Value of order Rs. 17 Lakhs
XII. Wipro - Data Migration Audit of 803 Branches of RRBS of UCO Bank across India. Value
of order Rs. 32.12 Lacs.
XIII. Allahabad Bank, HO, Kolkata
• CBS Data Migration Audit for 586 branches of two RRBs sponsored by
Allahabad Bank for the year 2011-12 & 2012-13. Value of order Rs. 35.36
Lacs.
XIV. Canbank Computer Services Ltd., a Subsidiary of Canara Bank
• Core Banking Solution Migration Audits of 805 RRBs of Canara Bank for
2011-12 on behalf of CCSL. Value of order Rs. 56.66 Lacs.
Digital Age will be using the following Audit Tools depending upon the specific requirements of
this Audit.
I. Commercial Tools
1. Nessus Pro
2. Burp Suite Professional
3. Secure Cisco Auditor tool
4. Hash Suite Standard
II. Open Source
1. Kali Linux
2. Nmap
3. Wireshark
4. OWASP ZAP
5. Paros
6. Web Scarab
7. coSARA
8. Network Stumbler
9.Aircrack suite
10. Nikto
11. Cain and Abel
12. MBSA
13. L0phtcrack: Password Cracker ver. 6.0
14. BackTrack
15. OpenVas
16. W3af
17. Directory Buster
18. SQL Map
19. SSL Strip
20. Tamper Data
21. FOCA
III. Proprietary Tools
1. Web Cracker Ver. 3.0

2. Network Mapper Ver. 4.6
3. Filter It - Ver. 2.0
4. SQL Checker Ver. 1.0
5. Inject Script Ver. 2.0

*Information as provided by Digital Age Strategies Pvt. Ltd., on 09.05.2017
Back
Annexure
Details of technical manpower deployed for information security audits in Government and
S. Name of the Employee Working with Total Information Security

No. the organization experience in related qualifications
since (month & information (CISSP/ISMS LA /
year) security CISM/ CISA/ ISA
related etc., state as
activities applicable)
(years)
1. Mr. Dinesh S. Shastri March, 2004 20 Years ISO 27001 ISMS L. A &
ISO 22301 BCMS L. A,
ISO 20001 ITSM L.A,
CISA, CEH, CHFI, CISM,
CSQA, COBIT Ver. 5.0
Certified.
2. Mr. G. Krishnamurthy August, 2005 19 Years CEH, ISO 27001 LA,
ISO 9001 LA, COBIT
Ver. 5.0 Certified.
3. Mr. P. L. N. Sarma October, 2008 19 Years CISA, CeISB, ISO
27001 LA.
4. Mr. Suresh Sundaram August, 2016 18 Years DCS, CISA.
5. Mrs. Shobha R. August, 2011 16 years CISA, CISM, ISO 27001

Lead Auditor.
6. Mr. Padmanaban S. October, 2010 15 years CISA, ISO 27001 Lead

Auditor.
7. Mr.Chandrasekharaiah T. G. March, 2005 12 years CISA, ISO 27001 Lead
Auditor, Oracle Data
Base trained SAP
Consultant.
8. Mr. Rajgopal Tholpadi S. November, 2013 15 Years CISA, ISO 27001 LA,
ISO 9001 LA, 6
Sigma GreenBelt, PMP.
9. Mr. H. P. Ramakrishna March, 2004 16 Years ISO 27001 Lead
Auditor.
10. Mr. Manjunath Naik April, 2016 7 Years ISO 27001 LA, ISO
9001 LA.
11. Mr. L. R. Kumar September, 2015 12 Years CISA, CEH, CQA, PMP,
ISO27001 LA.
12. Mr. R. Janardhanan August, 2013 18 Years CISA, PGDB, ISO 27001
Lead Auditor.
13. Mr. K. Rajasekharan August, 2013 16 Years CISA, ISO 27001 Lead
Auditor.
14. Mr. S. V. Iyer February, 2014 16 Years MCA, CISA, CISSP,
CEH, CFE.
15. Mr. Ravichandran R. February, 2014 8 years CISA, ISTQB.
16. Mr. Vikram Kapoor April, 2014 18years CISA.
17. Mr. Prabhakar Raju C. S. April, 2014 15 Years CISA, DISA, ISO 27001
LA.
18. Mr. Manjunath Babu April, 2016 14 Years CISA, ISO 27001 LA.
19. Mr. Vishwas Utekar April, 2014 17 Years CISA, CEH, ISO 27001
L. A.
20. Mrs. Padmashree S. August, 2014 16Years CISA, CCNA.
21. Mr. Prathik Shanbhag January, 2014 5 Years B.E., CISA, CEH, ISO
27001 LA.
22. Mr. Jaiprakash J. L. April, 2014 15Years ISO 27001 LA, CQA,
PMP, 6 Sigma Green
Belt.
23. Mr. Soundarajan S. G. December, 2015 6 Years CISA, CISSP.
24. Mr. M. L. Venkataraman August, 2015 9 Years CISA, CISM, CISSP,

CRISC, CGEIT.
25. Mr. Viswanath G. July, 2016 12 Years CISA, CISM, CGEIT,
CEH, ISO 27001 L.A.
26. Mr. Parveez Khan December, 2013 13 Years ISO27001 L.A., ITIL V3,
Dip CS, 6 Sigma Green
Belt.
27. Mr. Raju Hari Patil February, 2016 1 ½ Years BE, CEH.
28. Mr. Sarath Kumar February, 2016 1 ½ Years B. Tech, CEH.
29. Mr. Touseef Jagirdar February, 2016 1 ½ Years BE, CEH.
30. Mr. Mohammed Irfan August, 2016 1 Year B. Tech, CEH .
31. Ms. Gayithri. R. October, 2016 1 Year MCA, CEH.
32. Mrs. Divya S. B. October, 2016 1 Year BE, DSC, CEH.
33. Ms. Roopa S October, 2016 1 Year B. Tech, CEH.
34. Mr. Patrick Oswald Pinto December, 2016 14 Years PGDCA, CISA, CIA.
35. Mr. Sridhar Pulivarthy December, 2016 16 Years BE, CISA, ITIL Expert,
ISO 27001 LA.
36. Mr. Dhyan September, 2016 8 Months BE, CEH.
37. Mr. Santhosh Kumar K R May, 2016 1 Year M.Tech, CEH, ISO
27001 LA.
38. Mr. Padmanabha N. November, 2016 12 Years CEH, ISO 27001 LA.
39. Mr. Mohammed Jameel January, 2017 1 Year BE(Computer Science),

Zarzari M.Tech.(Computer
Networks).
40. Mr. Sachin D. Bellundagi January, 2017 1 Year BE, CEH.
41. Mr. Naveenraddi M Hulikatti February, 2017 2 Years BE, CEH.
42. Ms. Uma Devi March, 2017 1 Year B.Tech.(IT),

M.Tech.(Cyber
Security).
43. Mr. Surender D. February, 2017 12 Years CISA, CeISB.
44. Mr. Susheel Kumar May, 2017 14 Years CISA.
Back
-Top-

CERT-In Empanel Org

Uploaded by

Copyright:

Available Formats

CERT-In Empanel Org

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CERT-In Empanel Org

Uploaded by

Copyright:

Available Formats

EMPANELLED INFORMATION SECURITY AUDITING ORGANISATIONS by CERT-In

1. M/s AAA Technologies Pvt Ltd

2. M/s AUDITime Information Systems (I) Ltd.

A-504, Kailash Esplanade,

3. M/s AKS Information Technology Services Pvt Ltd

E-52, 1st Floor,

4. M/s Aujas Networks Pvt Ltd

#595, 4th floor, 15th Cross, 24th Main, 1st Phase,

2nd Floor, Equinox Business Park,

6. M/s Cyber Q Consulting Pvt Ltd.

622 DLF Tower A,Jasola

7. M/s Control Case International Pvt Ltd

203, Town Center-1, Andheri-Kurla Road,

8. M/s Centre for Development of Advance Computing (C-DAC),

Plot No. 6 & 7, Hardware Park,

9. M/s Cyber Security Works Pvt. Ltd.

Shri M.Ram Swaroop , President

Prestige Blue Chip TechPark,

11. M/s Deccan Infotech Pvt. Ltd.

Shree Dilip H Ayyar , Director

12. M/s Digital Age Strategies Pvt. Ltd.

Shri Dinesh S Shastri , Director

13. M/s Ernst & Young Pvt Ltd

Tidel Park, 6th floor (601), A block, 4, Rajiv Gandhi Salai,

14. M/s HCL Comnet Ltd

A-104, Sector 58, Noida - 201301

607-608 Reliable Business Center, Near Heera Panna Mall,

16. M/s KPMG

8th floor, Tower B, DLF Cyber City,Phase-II, Gurgaon- 122002

17. M/s Lucideus Tech Private Limited

18. M/s Locuz Enterprise Solutions Ltd

401, Krishe Sapphire, Main Road,

19. M/s Mahindra Special Services Group

212, 2nd Floor, Rectangle One, Commercial Complex D4,

21. M/s Netmagic IT Services Pvt. Ltd

Lighthall 'C' Wing, Hiranandani Business Park,

22. M/s Network Intelligence India Pvt Ltd

204-Ecospace IT park, Off old Nagardas road,

23. M/s Net-Square Solutions Pvt. Ltd.

1,Sanjibaug, Nr. Parimal Crossing

24. M/s Paladion Networks

Building 8, 7th & 8th floor, Tower- C,

26. M/s Payatu Technologies Pvt. Ltd.

Shree Murtuja Bharmal , Director

27. M/s Qadit Systems & Solutions (P) Ltd.

1st Floor, Balammal Buildings, 33 Burkit Road,

28. M/s RSM Astute Consulting Pvt. Ltd.

3rd Floor, A Wing, Technopolis Knowledge Park,

29. M/s Recon Business Advisory Pvt. Ltd.

Shree Capt. Satya Yadav , CEO & MD

#20, 1st floor, 11th main 39 A Cross,

31. M/s Sysman Computers Pvt Ltd

312, Sundram, Rani Laxmi Chowk,

32. M/s SISA Information Security Pvt Ltd

SISA House, No. 3029B, Sri Sai Darshan Marg

33. M/s STQC Directorate

Electronics Niketan, 6 CGO Complex,

34. M/s Suma Soft Pvt. Ltd.

Shri Yash Kadakia , Chief Technology Officer