CERT INEmpanel Org 2022

EMPANELLED INFORMATION SECURITY AUDITING ORGANISATIONS by CERT-In
The List of IT Security Auditing Orgnisations, as given below, is up-to-date valid list of CERT-In
Empanelled Information Security Auditing Orgnisations. This list is updated by us as soon as there is
any change in it.
1. M/s AAA Technologies Ltd
278-280, F-Wing, Solaris-1,

Saki Vihar Road, Opp. L&T Gate No. 6,
Powai, Andheri (East),
Mumbai – 400072.
Website URL : http://www.aaatechnologies.co.in
Ph : 022-28573815 / 16
Fax: 022-40152501
Contact Person : Mr. Anjay Agarwal, Chairman & Managing Director
Mobile : +91 09322265876, 9821087283
E-mail : anjay[at]aaatechnologies.co.in
2. M/s AKS Information Technology Services Pvt Ltd

B-21, Sector-59, Noida - 201309 (Uttar Pradesh)
Website URL: https://www.aksitservices.co.in/
Ph: 0120-4545911
TeleFax : 0120-4243669
Contact Person : Mr. Ashish Kumar Saxena, Managing Director
Mobile : +91-7290058951
E-mail : info.cert[at]aksitservices.co.in
3. M/s AQM Technologies Pvt Ltd.

A 401, Raheja Plaza, LBS Road, Nityanand Nagar, Ghatkopar West,
Mumbai, Maharashtra 400086.
INDIA
Phone number :022 4050 8200
Fax: -
Contact Person: Mr. Sanjay PARIKH
E-mail:sanjay.parikh[at]aqmtechnologies.com
Contact No : +91-8291858027 / 022-40508262
4. M/s Allied Boston Consultants India Pvt. Ltd.

2205, Express Trade Towers-2, B-36, Sector 132,
Noida Expressway, Noida 201301 (U.P.)
Ph : 9891555625, 0120-4113529
Fax: 0120-4113528
Contact Person : Mr. T. Ganguly
E-mail : itsec[at]alliedboston.com
5. M/s A3S Tech & Company
A/95, Kamla Nagar, Delhi-110007

Ph : 9810899624
Fax: 23933429
Contact Person : Sagar Gupta
E-mail :sagar[at]a3stech.co.in
6. M/s Andhra Pradesh Technology Services Ltd

(Govt. of AP Undertaking)
3rd Floor, R&B Building, MG Road, Labbipet,

Vijayawada, Andhra Pradesh 520010
URL: https://www.apts.gov.in/
Land line Phone : 08662468105;
Mobile phone : 9440469194
Fax : N/A
Contact Person : Dr. G Jacob Victor, Executive Director
E-mail : mgr-apcsp-apts[at]ap[dot]gov[dot]in
Alternate Email ID : VictorJacob[dot]G[at]gov[dot]in
7. M/s ANB Solutions Private Limited
901,Kamla Executive Park, Off Andheri-Kurla Road,

J. B. Nagar, Andheri East, Mumbai 400 059
Ph :+91 (22) 4221 5300
Fax:+91 (22) 4221 5303
Contact Person :Preeti Raut
E-mail :preeti.kothari[at]anbglobal.com
8. M/s AGC Networks Limited
Essar House, 11, K. K. Marg, Mahalaxmi,

Mumbai-400034, Maharashtra, India
Ph : +91-9930134826, Landline: +91 022 66601100
Fax:
Contact Person : Mr. Anant N. Bhat
E-mail : anant.bhat[at]agcnetworks.com
9. M/s Accenture Solutions Pvt. Ltd.

Accenture BDC7C, Piritech Park (SEZ), Phase 1,
RMZ Ecospace Internal Rd, Adarsh Palm Retreat, Bellandur,
Bengaluru, Karnataka 560047, India
Ph : 9916011888
Fax:
Contact Person : Prasanna Ramasamy
E-mail : Prasanna.ramasamy[at]accenture.com
10. M/s Amigosec Consulting Private Limited
401, Shatrunjay, Divecha Complex, Edulji Road, Charai,

Thane(w), Maharashtra - 400601
Ph : +91 9819080470
Fax: NA
Contact Person : Mr. Ashish Rao
E-mail : ashish.p.rao[at]synradar.com
11. M/s ANZEN TECHNOLOGIES PVT. LTD.
A-429, Second Floor, A-Wing, Vashi Plaza, Sector 17,

Vashi, Navi Mumbai, 400703
Ph : 09821775814
Fax: NA
Contact Person : Ramesh Tendulkar
E-mail :rtendulkar[at]anzentech.com
12. M/s Attra Infotech Pvt. Ltd

No. 23 & 24, 2nd Floor, AMR Tech Park II,
Hongasandra, Bengaluru – 560068
Ph : 91 80 4197 0900
Fax:
Contact Person :
• Riaz Kakroo - Global Head – Corporate Infosec
riaz.kakroo[at]attra.com.au
9686579832
• Santosh Lohani – Head of practice (cybersecurity)
Santosh.lohani[at]attra.com.au
9741399220
13. M/s Aujas Cybersecurity Limited

#595, 4th Floor, 15th Cross, 24th Main Rd, 1st Phase,
J. P. Nagar, Bengaluru, Karnataka 560078
Ph: +91 9980238005
Fax: NA
Contact Person: Jaykishan Nirmal
E-mail: Jaykishan.Nirmal[at]aujas.com
14. M/s AURISEG CONSULTING PRIVATE LIMITED

NO 666/81, MAVEERAN DURAISWAMY STREET,
POONGA NAGAR, THIRUVALLUR
Ph :+91 99408 64275
landline Phone Number : +91 44 42017437
Fax: NA
Contact Person : M.S SRINIVASAN - DIRECTOR -CONSULTING PRACTICE
E-mail : SRINI.MANI[at]AURISEG.COM
15. M/s Accedere Limited
Spaces Inspire Hub, Western Heights, JP Road,
4 Bunglows, Andheri West,
Mumbai 400053
Ph :+919004031956
Contact Person: Ashwin Chaudhary
E-mail:info@accedere.io
16. Army Cyber Group

New Delhi
Ph No - 011 26151531
Mob No: 09958866453
E-Mail: tandelab22 [at] gmail.com
17. M/s Audix Techno Consulting Solutions Private Limited

B-451, Orchid Corporate Park, Opp. TOPS Security Bldg., Royal Palms, Aarey Road, Gorgeaon
East, Mumbai - 400065, Maharashtra, India.
Ph: +91 9702249709
Fax:
Contact Person: Mr. Vivek Devendra Tiwari
E-mail: vivek[at]audixindia.in
18. M/s AVASURE TECHNOLOGIES PVT. LTD.

4-Chandra Jyoti, Bhimani Street, Matunga, Mumbai 400019.
Ph : 9820058628
Fax: NA
Contact Person: Mr. JAIVEEN MEHTA
E-mail: jaiveen.mehta[at]avasuretechnologies.com
19. M/s Acquisory Consulting LLP

1116, World Trade Tower, Sector 16, Noida-201301
Ph : 9911395751
Fax: 0120-6143033
Contact Person : Sujeet Singh
E-mail : saleshead[at]acquisory.com
20. M/s ANA Cyber Forensic Private Limited

Office No. 3.1, 3.2, Dr. Herekar Park, Rajyog, 2nd Floor,
C wing, Near Kamla Nehru Park, Pune, Maharashtra 411004
Ph : +91-9011046490
Fax: NA
Contact Person : Mrs. Kailash Nevagi
E-mail : kailash[at]anacyber.com
21. M/s BHARAT ELECTRONICS LIMITED
Office of the GM/Software,
BEL Software SBU
Bharat Electronics Limited
Jalahalli, Bengaluru - 560013
Karnataka
Ph :080-22197197, or 080-28383120
Fax:080-28380100
Contact Person : Mr. Ramesh Prabuu V, DGM (Software Marketing), BEL/SW
E-mail : ITSecurityAuditTeam[at]bel.co.in
Mobile : +91 9945193542
Ph : 080-22195714
22. M/s Bharti Airtel Service Limited
Plot# 16, Udyog Vihar-Phase-IV

Sector 18, Gurgaon-122016
Ph : +91-9987891999
Fax:
Contact Person : Amit Chaudhary
E-mail : amit.chaudhary[at]airtel[dot]com
23. M/s BDO India LLP
The Ruby, Level 9, North West Wing, 29, Senapati Bapat Marg,
Dadar West, Mumbai, 400028.
Ph : +91 022 62771600
Fax:+91 022 62771600
Contact Person : Mr. Ashish Gangrade / Mr. Nipun Jaswal
E-mail : AshishGangrade[at]bdo.in / nipunjaswal[at]bdo.in
24. M/s Beagle Cyber Innovations Private Limited

ACE, 4th Floor, CDAC Building, Technopark Campus,
Trivandrum – 695581, Kerala, India
Ph : 8893330006
Fax: Nil
Contact Person : Rejah Rehim
E-mail : rejah[at]beaglesecurity.com
25. M/s BSCIC Certifications Private Limited

1st Floor, &work Offices, 5B/Sector 15A, Crown Plaza Mall,
Faridabad – 121 007, Haryana, INDIA
Ph :+91 99105 02709, +91 81307 91909
Fax: NA
Contact Person :Mr Sanjay Seth,Mr. Avinash Kaur, Ms. Vaishali Sharma
E-mail :sanjay.seth[at]bsc-icc.com, compliance[at]bsc-icc.com, vaishali.sharma[at]bsc-icc.co
26. M/s BSE Technologies Private Limited
25th Floor, P J Tower, Fort, Mumbai, Maharashtra , 400001
Ph : 022-22728670
Fax: NA
Contact Person : Ashish Patel
E-mail : ashish.patel[at]bseindia.com
27. M/s Bureau Veritas India Pvt Ltd

72 Business Park, 8th floor,
Marol Industrial Area, Opposite Seepz Gate No. 2,
MIDC Cross Road "C", Andheri - (East)
Mumbai - 400 093.
Ph : +91 62742801 Mobile 9987024555
Fax: +91 22 62742008
Contact Person : D.Gnanaskandan
E-mail :dg.skandan[at]bureauveritas.com
28. M/s Centre for Development of Advanced Computing (C - DAC)

Plot No. 6 & 7, Hardware Park,
Sy No. 1/1, Srisailam Highway,
Pahadi Shareef Via Keshavagiri (Post), Hyderabad - 501510
Ph : +919441233972, +917382303598
Fax: NA
Contact Person : Ch A S Murty
E-mail : cswan[at]cdac.in, chasmurty[at]cdac.in
29. M/s Crossbow Labs LLP

Unit 406, Brigade IRV Center, Nallurhalli,
Whitefield, Bangalore
Karnataka 560066,
India
Ph : +91 80 470 91427
Fax:No Fax
Contact Person : Mr. Rosan Thomas
E-mail :cert[at]crossbowlabs.com
30. M/s CyberQ Consulting Pvt Ltd.

J-1917, Chittaranjan Park, New Delhi - 110019
Ph : 9810033205 / 9360838930 / 8433911537
Contact Person : Mr. Debopriyo Kar and Mr. Pramod Pant
E-mail :debopriyo.kar[at]cyberqindia.com
info[at]cyberqindia.com
31. M/s CyRAAC Services Private Limited

2nd Floor, Napa Prime, 7/24, 11th Main Road,
4th Block East, Jayanagar,
Bengaluru - 560011
Ph : +919886210050
Fax:
Contact Person : Mr. Murari Shanker
E-mail : ms[at]cyraacs.com
32. M/s Codec Networks Pvt Ltd
B-136, Surajmal Vihar, Delhi 110092

Ph : +91 9971676124, +91 9911738718
Fax: N.A
Contact Person : Mr. Piyush Mittal
E-mail : amittal[at]codecnetworks[dot]com; piyush[at]codecnetworks[dot]com
33. M/s Cyber Security Works Pvt. Ltd.
No.6, 3rd Floor, A-Block, IITM Research Park

Taramani, Chennai – 600 113
Ph : +91-44-42089337
Fax: NA
Contact Person : Mr. Ram Swaroop M
E-mail : ram[at]cybersecurityworks.com
34. M/s CEREIV Advisory LLP
Chembakam Building, Koratty Infopark, Thrissur Dt, Kerala - 680 308

Ph : 9745767949
Fax: -
Contact Person : Mridul Menon
E-mail : mridul[at]cereiv.com
35. M/s ControlCase International Pvt. Ltd.
Corporate Center, Level 3, Andheri-Kurla Road, Marol,

Andheri (East), Mumbai 400059, Maharashtra.
Ph :+91 22 6647 1800
Fax: +91 22 6647 1810
Contact Person : Mr. Satya Rane
E-mail : certinaudit[at]controlcase.com
36. M/s CyberSRC Consultancy LLP
Unit no 605, 6th floor, World Trade Tower,

Sector 16 Noida - Uttar Pradesh 201301
Ph :+91 8800377255, +91 120 4160448
Fax: NA
Contact Person : Vikram Taneja, CEO
E-mail :vikram[at]cybersrcc.com , info[at]cybersrcc.com
37. M/s Cloud4C Services Private Limited
Pioneer Towers, 7th Floor, Plot no.16, Software Units Layout,

Madhapur,Hyderabad Telangana, India 500081 IN
Ph :040-42030799
Fax:Not available
Contact Person : Marella Venkata Pavan Kumar
E-mail :pavan.marella[at]cloud4c.com
38. M/s CMS IT Services Pvt. Ltd.
B-18, 1st Floor (Side Gate) Sector 32, Gurgaon -Haryana- 122001
Ph : 0124-4126600
Fax: 0124-4126600
Contact Person : Deepak Kumar Gahoi
E-mail : deepak.gahoi[at]cmsitservices.com
39. M/s Code Decode Labs
Code Decode Labs Pvt. Ltd.,

H.O. - A-02, ‘Cassiopeia Classic’,
Near Pancard Clubs, Baner, Pune – 411045 (MAH).
Ph : (020) 25201477
Fax: NA
Contact Person : Alisha Jain / Vivaan Thakral,
E-mail : alisha[at]codedecodelabs.com,
audits[at]codedecodelabs.com,
vivaan[at]codedecodelabs.com
40. M/s CYBERNERDS SOLUTIONS PRIVATE LIMITED
No.40, Keelavaikolkara Street, Woraiyur,

Tiruchirappalli, Tamilnadu, India, 620003.
Ph : +91 8807258558
Fax:
Contact Person : Sathya
E-mail : certin[at]cybernerds.in
41. M/s Dr CBS Cyber Security Services LLP
113, Suraj Nagar East, Civil Lines, Jaipur, Rajasthan-302006

Ph : 0141-2229475, +91- 9414035622, 9828877777
Fax:
Contact Person : Dr C B Sharma IPS Retd.
E-mail : contact[at]drcbscyber.com, drcbscyber[at]gmail.com
42. M/s cyberSecurist Technologies Pvt. Ltd

Office Address:- Vasant Vihar, Plot 59, off, Senapati Bapat Road
Shivaji Co. Operative Housing Society. Pune,Maharashtra, India 411016
Registered Office Address:-
Regd. Office: #20 Cinderella Bungalows,
S.No. 39/3,Nr Peony Apartment, Baner, Pune – 411045.Maharashtra, INDIA.
Ph : 9595816884
Alternate Phone Number :- 9545836784
Contact Person : Mr. Mahesh Saptarshi
Alternet contact details Mr. Suhas Kulkarni
E-mail : mahesh[at]cybersecurist.com / Suhas[at]cybersecurist.com
43. M/s Cybertryzub Infosec Pvt Ltd
Registered Office
Plot No 76d Udyog Vihar 4 Sector 18,Gurgaon – 122001 Haryana, India
Corporate Office:
F-300, Sector 63, Noida-201301 Uttar Pradesh, India
Ph :9810618108
Contact Person : Mr.Kush Kaushik
E-mail :kush.kaushik[at]cybertryzub.com
44. M/s Deloitte Touche Tohmatsu India LLP

7th Floor, Building 10, Tower B, DLF Cyber City Complex,
DLF City Phase II, Gurgaon, Haryana, India
Ph : +91 9810618871
Fax: 0124-6792012
Contact Person : Mr. Digvijaysinh Chudasama
E-mail : dchudasama[at]deloitte.com
45. M/s Deccan Infotech (P) Ltd.
13, Jakkasandra block. 7th cross.

Koramangala. Bengaluru - 560034
Ph : 080 - 2553 0819
Fax: ---
Contact Person : Mr. Dilip Hariharan
E-mail : dilip[at]deccaninfotech.in
46. M/s DigitalTrack Solution Pvt Ltd.
No: 9, Vinayakar Koil Street, Venkatapuram,

Little Mount, Saidapet,
Chennai – 600015
Ph : 044-66292222
Fax:
Contact Person : Vijay Iyer
E-mail : vijay[at]digitaltrack.in
47. M/s DREAMWORKS INFOTECH PRIVATE LIMITED
277K-5, Dam Side Road, Near Vodafone Tower Pajhra Toli, Kanke Ranchi Ranchi JH 834006
INDIA
Ph :9534042175
Fax: N/A
Contact Person : DEONANDAN ORAON
E-mail :support[at]dwinfotech.in, dir[at]dreamworksinfotech.com
48. M/s Digital Age Strategies Pvt. Ltd
28, Om Arcade, 2nd & 3rd Floors, Thimmapa Reddy Layout, Hulimavu,
Bannerghatta Road Bangalore - 560076
Ph : 9448088666, 8095488666, 9448055711
Contact Person: Mr. Dinesh S Shastri
E-mail : audit[at]digitalage.co.in / dinesh.shastri[at]digitalage.co.in
49. M/s eSec Forte Technologies Pvt. Ltd.
Postal address:311, Jwala Mill Road, Udyog Vihar - Phase 4,

Gurugram, Haryana, 122015, India
Ph : +91 9871699555
Fax: +91 0124 4264666
Contact Person : Kunal Bajaj
E-mail : kunal[at]esecforte.com
50. M/s Ernst & Young LLP
14th Floor, The Ruby 29, Senapati Bapat Marg Dadar (West)
Mumbai, Maharashtra – 400028
Phone: 022-61920000
Mobile: 9971797544
Fax: NA
Contact Person : Mr. Venkatesh Kulkarni, Associate Partner – Consulting
E-mail : venkatesh.kulkarni [at]in.ey.com
51. M/s ESSENTIAL INFOSEC PRIVATE LIMITED
Corporate address (Mailing Address):

1st Floor, Plot No. 16, Near SBI BANK Behind Sultanpur Metro Station, New Delhi 110030
Registered Address:
UG/66,Shuchita Business Park,Pant Nagar Municipal Market,Patel Chowk Ghatkopar East
Mumbai City MH 400075
Ph: +91 73983 77126
Contact Person: Pawan Srivastav, Director
E-mail: pawan[at]essentialinfosec.com, cert[at]essentialinfosec.com
52. M/s ESF LABS LIMITED
D.No:1-624/2,Bank Colony, Chilakaluripet, Guntur District, Andhra Pradesh, India. PIN-

522616
Ph :9930369920 / 9963971531
Fax:
Contact Person : Mr. Anil
E-mail :anil[at]esflabs.com
53. M/s Eventus TechSol Private Limited
Cyber One Level- 1403, Sector 30A, Vashi, Navi Mumbai, Maharashtra 400703
Ph : +91 8655785625
Fax: NA
Contact Person: Manish Chasta
E-mail : manish.chasta[at]eventustechsol.com
54. M/s FIS Global Business Solutions India Pvt. Ltd.
402, I Park, Plot No. 15, Phase IV, Gurugram, Haryana 122016
Ph : +919058808453
Contact Person : Ankit Rawat
E-mail : Ankit.Rawat04[at]fisglobal.com
55. M/s GRM Technologies Private Limited
Postal address: Corporate address:No-9, 2nd floor Shoba Homes, West Tambaram, Chennai-
600045,India.
Registered office address: 2/127,Mani Sethupattu, Sriperumbudur Taluk, Kancheepuram
District, Tamil Nadu-601 301, India.
Ph :+91-9042000525, +91-44-22261489, +91-94873 88551
Fax:NA
Contact Person : Mr. Babu G / Mr. Ashok Kumar
E-mail : babug[at]grmtechnologies.com/ashok[at]grmtechnologies.com
56. M/s Grant Thornton Bharat LLP

L 41, Connaught Circus, Outer Circle,
New Delhi. PIN - 110 001
Ph : 0124-4628000 (Ext. 277)
Fax: +91 124 462 8001
Contact Person : Mr. Akshay Garkel, Partner Cyber
Mobile: +91 9820208515
E-mail : Akshay.Garkel[at]IN.GT.COM and cyber[at]IN.GT.COM
57. M/s G.D.Apte & Co.

GDA House, Plot No. 85, Right Bhusari Colony,
Paud road, Pune 411038
Ph : 020 6680 7200
Fax: 020 2528 0275
Contact Person : Prakash P. Kulkarni
E-mail : prakash.kulkarni[at]gdaca.com
58. M/s G-Info Technology Solutions Pvt. Ltd.

Plot no. 144, 3rd Floor, Pocket -11, Sector-24, Rohini, Delhi-110085
Ph : 9810956838
Fax: Not Available
Contact Person: Naveen Dham
E-mail : naveen.dham[at]gisconsulting.in
59. M/s HackIT Technology And Advisory Services

64/2453, 2nd Floor,
JVC Tower, Kaloor-Kadavanthara Road
Kaloor PO, Cochin, Kerala, India
PIN - 682 017
Ph : (+91) 484 4044 234
Fax: NA
Contact Person: Akash Joseph Thomas
E-mail: akash[at]hackit.co
60. M/s Hewlett Packard Enterprise India Pvt Ltd.
#24, Salarpuria Arena, Hosur Main Road, Adugodi, Bangalore-560030, India

Ph : 9945611299
Fax:NA
Contact Person : Malligarjunan Easwaran
Swamy Patil
Suhas Nayak
E-mail : malligarjunan.e[at]hpe.com
swamy.patil[at]hpe.com
suhas.nayak[at]hpe.com
61. M/s ITORIZIN TECHNOLOGY SOLUTIONS PVT LTD
8/14, SHAHID NAGAR, GROUND FLOOR. WING “A”.

KOLKATA – 700078. West Bengal, India
Ph : 9883019472
Fax: NIL
Contact Person : Sangeeta Ganguly
E-mail : g.sangeeta[at]itorizin[dot]in / connect[at]itorizin[dot]in
62. M/s Information Security Management Office (ISMO)

Department of Information Technology, Electronics & Communication, Haryana,
SCO 109-110, First Floor, Sector-17-B, Chandigarh – 160017

Ph : +91 7042824602, +91 9417362127
Fax: N/A
Contact Person : Sh. Sudipta Choudhury and Sh. Amit Kumar Beniwal
E-mail : sudipta.ditech[at]hry.gov.in, amit.beniwal[at]haryanaismo.gov.in
63. M/s Innovador Infotech Private Limited

1128, Ahmamau, Beside Lucknow Treat Restaurant,
Near Sultanpur Road Roundabout, Shaheed Path,
Arjunganj, Lucknow- 226002 (Uttar Pradesh)
Ph : +91-8896605755
Fax: NA
Contact Person : Rahul Mishra
E-mail : rahul[at]innovadorinfotech.com
64. M/s ISECURION Technology & Consulting PVT LTD

2nd floor, #670, 6th Main Road, RBI Layout, J.P. Nagar 7th Phase, opp. Elita Promenade,
Bengaluru, Karnataka 560078
Ph : 8861201570
Fax:
Contact Person : Manjunath NG
E-mail : manjunath[at]isecurion.com
65. M/s IHUB NTIHAC Foundation (C3iHub)

C3I BUILDING, IIT CAMPUS KALYANPUR Kanpur, Uttar Pradesh, 208016 India
Ph :8527497950
Fax:N/A
Contact Person : Mr.Rohit Negi
E-mail :rohit[at]cse.iitk.ac.in
66. M/s Imperium Solutions

401 Maruti Bhavan Ram Maruti Road Naupada Thane(W) 400602
Ph : 9870484240 / 9324210232
Fax: NA
Contact Person : Ms Tasneam P / Mr Murtuza Laheri
E-mail : tasneam[at]imperiumsolution.com / murtuza[at]imperiumsolution.com
67. M/s Indusface Pvt. Ltd.
A-2/3, 3rd Floor, Status Plaza,
Opp. Relish Resort, Atladara Old Padra Road,
Vadodara - 390020, Gujarat, India.
Ph : +91 9898866444
Fax:
Contact Person : Mr. Ashish Tandon
E-mail : ashish.tandon[at]indusface.com
68. M/s Infopercept Consulting Private Limited

3rd floor, Optionz Complex Opp. Hotel Regenta, CG Road,
Navrangpura, Ahmedabad - 380 009, Gujarat
Ph :
Fax:
Contact Person : Mr Jaydeep Ruparelia
E-mail : jaydeepr[at]infopercept.com
Mobile Number: +91 9033955155
69. M/s Innowave IT Infrastructures Limited

210, 2nd floor, Dalamal Towers, Free press Journal Road, Nariman point
Mumbai-400 021
Ph :
Fax:
Contact Person : Swaminathan Nagarajan
E-mail : swaminathan.nagarajan[at]innowaveit.com
Mobile Number: +91 9820099437
70. M/s Inspira enterprise India Ltd

23 & 31, Kalpataru Square, Kondivita Lane, Andheri East,
Mumbai - 400 059
Ph : 9920084396
Fax:
Contact Person : Sameer Saxena
E-mail : sameer.saxena[at]inspiraenterprise.com
71. M/s iSec Services Pvt. Ltd.

607 - 608 Reliable Business Center, Anand Nagar,
Jogeshwari (W) , Mumbai – 400102
Ph :022-26391838
Fax:022-26391838
Contact Person :Mr. Naman Chaturvedi
E-mail :naman[at]isec.co.in
72. M/s ISOAH Data Securities Private Limited.

SDF Building, Room 335, 2nd floor, Electronics Complex,
Sector-5, Saltlake, Kolkata 700091
Ph : +91 9830310550, +91 (033) 40630748
Fax:
Contact Person : Sandeep Sengupta
E-mail : sandeep[at]isoeh.com
73. M/s KPMG Assurance and Consulting Services LLP
DLF Building No. 10, 8th Floor, Tower C,
DLF Cyber City, Phase 2,
Gurgaon, Haryana-122002
Ph : +91 9810081050
Fax: +91 124 254 9101
Contact Person : Mr. Atul Gupta (Partner, Cyber Security)
E-mail : atulgupta[at]kpmg.com
74. M/s Kochar Consultants Private Limited
302, Swapnabhoomi A Wing,

S.K. Bole Road, Nr Portuguese Church,
Dadar (W), Mumbai 400028.
Ph : 24229490 / 24379537 / 9819846198 / 9869402694
Fax: 24378212
Contact Person : Mr. Pranay Kochar
E-mail : pranay[at]kocharconsultants.com
75. M/s KRATIKAL TECH PRIVATE LIMITED

A-130, SECOND FLOOR, SECTOR 63, NOIDA - 201301
Ph : 7042292081, 9651506036
Fax: N/A
Contact Person : PAVAN KUMAR
E-mail :PAVAN[at]KRATIKAL.COM
76. M/s KERALA STATE ELECTRONICS DEVELOPMENT CORPORATON LIMITED

Information Technology Business Group
Keltron House, Vellayambalam
Thiruvananthapuram 695 033
Ph :0471-2724444 Extn:260,602, 2724113,0471-2724238
Fax:0471 - 2724545
Contact Person: Aswathi Mohanan
E-mail :aswathi[at]keltron.org
77. M/s MapleCloud Technologies

B4/102-C, Keshavpuram, Delhi - 110035
Ph : +91-9739995151 / +91-8178803636
Fax:
Contact Person : Yogendra Rajput
E-mail : yogendra.rajput[at]maplecloudtechnologies.com
: yogendra.rajput[at]mcts.in
78. M/s MOBITRAIL

Office No 205, Triumph Estate, Near Express Zone, Goregaon East, Mumbai 400063
Phone No: +91 9867386146
Fax: 022-28782751
Contact Person: Vikas Kedia
E-mail: Vikas@MobiTrail.com
79. M/s Mahindra Special Services Group
(Division of Mahindra Defence Systems Limited)
Mahindra Towers, P.K Kurne Chowk,
Dr. G.M Bhosale Marg, Worli,
Mumbai - 400018, India
Ph: +91 8652848222
Fax: NA
Contact Person: Mr. Chandrasekhar Konangi
E-mail : konangi.chandrasekhar[at]mahindrassg.com
80. M/s Maverick Quality Advisory Services Private Limited

123 RADHEY SHYAM PARK P.O SAHIBABAD
Ghaziabad, U.P, INDIA – 201005
Ph :9871991928
Contact Person : Mr. Ashok Vardhan,Director
E-mail :ashok[at]mqasglobal.com
81. Madhya Pradesh State Electronics Development Corporation (MPSEDC)
(A Regt. Society of Department of Science & Technology, Government of Madhya Pradesh)

47-A , State IT Center, Arera Hills,
Bhopal, Madhya Pradesh- 462011
Ph: 0755-2518713, 0755-2518702
Fax: 0755-2579824
Contact person : Mr. Vinay Pandey
Mobile:+91-0755-2518710
Email: vinay[dot]pandey[at]mapit [dot] gov [dot] in
82. M/s Mirox Cyber Security & Technology Pvt Ltd

4th Floor Nila Technopark Kariyavttom PO 695581
Trivandrum, Kerala
Phone +91 471 4016888 / +91 471 4000545
Mobile 9995199499, 9995799499
Contact Person : Mr. Rajesh Babu
Mobile: 9995799499
Email- rb[at]miroxindia.com/rbmirox2000[at]gmail.com
83. M/s Mazars Business Advisors Private Limited

2nd Floor, Esplanade House,
29, Hazarimal Somani Marg,
Fort, Mumbai, Maharashtra 400001
Ph: +91-9320194396
Fax: 022-61586257
Contact Person : Rahul Patil
E-mail : rahul.patil[at]mazars.in
84. M/s Net Square Solutions Private Limited

1, SanjivBaug baug, Near Parimal Crossing, Paldi,
Ahmedabad - 380007, Gujarat
Fax : +91 7926651051
Contact Person : Ms. Pradnya Karad
Email: pradnya[at]net-square.com
Mobile: +91 7767955575
85. M/s Network Intelligence India Pvt. Ltd.
2nd Floor, 204, Ecospace IT Park,
Off Old Nagardas Road, Andheri-E, Mumbai-400069.
Ph :+919820049549
Fax: NA
Contact Person : Mr. Kanwal Kumar Mookhey
E-mail :kkmookhey[at]niiconsulting.com
86. M/s Nangia & Co LLP

A-109, Sector 136, Noida (Delhi-NCR) - 201304
Ph : +91 98203 65305
Fax: +91 120 259 8010
Contact Person : Shrikrishna Dikshit
E-mail : shrikrishna.dikshit[at]nangia.com, poonam.kaura[at]nangia.com
87. M/s Netmagic IT Services Pvt. Ltd.

Lighthall 'C' Wing, Hiranandani Business Park, Saki Vihar Road,
Chandivali, Andheri (East) Mumbai 400 072
Ph :02240099099
Fax:02240099101
Contact Person : Mr. Yadavendra Awasthi
E-mail : yadu[at]netmagicsolutions.com
88. M/s Netrika Consulting India Pvt. Ltd.

Plot no.2, Industrial Estate, Udyog Vihar, Phase-IV,
Gurugram, Haryana, India. PIN: 122015
Ph : +91-124-4883000
Fax: N/A
Contact Person : Sanjay Kaushik & Rajesh Kumar
E-mail : sanjay[at]netrika.com; rajesh.kumar[at]netrika.com
89. M/s Netsentries Infosec Solutions Private Limited

No.5, 4th Floor, Wing II
Jyothirmaya Building, Infopark SEZ Phase-II,
Brahmapuram P.O. Cochin 682303
Ph :+91 8884909578
Fax: NA
Contact Person : Sudheer Elayadath
E-mail : Sudheer[at]netsentries.com
90. M/s NG TECHASSURANCE PRIVATE LIMITED
Shop No. S-06 and S-07 (206 & 207), 2nd Floor,
Atlanta Shopping Mall, Althan Bhimrad Road,
Surat, Gujarat - 395017
Ph : +91 98989-51269
Fax: NA
Contact Person : Mr. Gaurav Goyal
E-mail : admin[at]ngtech.co.in
91. M/s Lucideus Technologies Pvt. Ltd
A-1/20, Basement, Safdarjung Enclave, New Delhi- 110029

Ph : +91 9717083090
Contact Person : Hitesh Butani
E-mail : hitesh.b@lucideustech.com
92. M/s Oxygen Consulting Services Private Limited
COSMOS, E/701, Magarpatta City, Hadapsar, Pune 411028

Ph :+91 9890302009, +91 9370288368, +91 02048620461
Fax:
Contact Person : Mr. Sanjiv Agarwala
E-mail : sanjiv.agarwala[at]o2csv.com
ska262001[at]yahoo.co.in
93. M/s Panacea InfoSec Pvt. Ltd.
226, Pocket A2, Sector 17, Dwarka, New Delhi - 110075

Ph : +91 11 49403170
Fax: NA
Primary Contact Person : Apurva K Malviya, Global Business Head
E-mail : apurva[at]panaceainfosec.com
Mobile: +91-9650028323/ +91 9205786094
Secondary Contact Person : Chandani Mishra, AVP IT Security
E-mail : cg[at]panaceainfosec.com
Mobile: +91-8929768061
94. M/s Peneto Labs Pvt Ltd

Level 8 & 9, Olympia Teknos, No - 28, SIDCO Industrial Estate, Guindy, Chennai 600032
Ph :+91 8861913615 / +91 44 4065 2770
Fax:NA
Contact Person : Parthiban J
E-mail :Parthiban[at]penetolabs.com
95. M/s Paladion Networks Pvt. Ltd.

Shilpa Vidya, 49 1st Main, 3rd Phase
JP Nagar, Bangalore - 560078
Ph : +91-80-42543444
Fax: +91-80-41208929
Contact Person : Mr. Balaji Venkatasubramanian
E-mail : balaji.v[at]paladion.net
96. M/s Payatu Technologies Pvt Ltd

502,5th Floor, Tej House,
5 MG Road, Camp, Pune-411001
Ph : +91-20-41207726
Fax: NA
Contact Person : Mr. Pranshu Jaiswal
E-mail : cert[at]payatu.com
97. M/s Price water house Coopers Pvt. Ltd.
7th & 8th Floor, Tower B, Building 8,
DLF Cyber City, Gurgaon, Haryana -122002
Ph : [91] 9811299662
Fax: [91] (124) 462 0620
Contact Person : Mr.Rahul Aggarwal
E-mail : rahul2.aggarwal[at]pwc.com
98. M/s Protiviti India Member Private Limited

GTB Nagar, Lalbaug, Everard Nagar,
Sion, Mumbai, Maharashtra 400022
Ph :022 6626 3333
Contact Person : Mr. Sandeep Gupta (Managing Director)
E-mail :Sandeep.Gupta[at]protivitiglobal.in
Phone: +91-9702730000
99. M/s PRIME INFOSERV LLP
60, SIBACHAL ROAD, BIRATI, KOLKATA 700051

Ph : 033- 40085677, Mobile no.- +91 9830017040
Fax:
Contact Person : Sushobhan Mukherjee
E-mail : smukherjee[at]primeinfoserv[dot]com, info[at]primeinfoerv[dot]com
100. M/s Persistent Systems Ltd

Bhageerath, 402 Senapati Bapat Road, Pune 411016
Ph : 020 67030000
Fax: 020 67030000
Contact Person : Avinash Dharmadhikari
E-mail :avinash_d[at]persistent.com
101.M/s Phoenix TechnoCyber

411, B Wing, Shivam-1, Amba Business Park, Adalaj, Ahmedabad. Gujarat 382421
Ph : 9898054244 / 90160760035
Fax:
Contact Person : Bhinang Tejani
E-mail : bhinang[at]p-technocyber.com
102. M/s PKF Consulting Services LLP

406, 4th Floor, Madhava Building,
Bandra Kurla Complex, Bandra (East)
Mumbai 400051, Maharashtra, India
Ph : +91 22 49749812
Contact Person : Venkatesh Krishnamoorthy
E-mail : venkatesh.k[at]pkf.co.in
103. M/s Precise Testing Solution Pvt. Ltd.

B-5 ,Second Floor ,Sector 64 Noida (U.P)
Ph :+91-8447088848,0120-4123596
Fax:NA
Contact Person : Vikash Kumar
E-mail :info[at]precisetestingsolution.com
104. M/s ProTechmanize Solutions Pvt. Ltd.
209, Srishti Square, LBS Marg, Bhandup West, Mumbai-400078
New Postal Address (From 1st May 2022): 110, 1st Floor, Plot A, 315, Rd Number 34, Wagle
Estate, Jai Bhavani Nagar, MIDC Industrial Area, Thane West, Maharashtra 400604
Ph : 9769915281
Fax : Not Applicable.
Contact Person : Hakimuddin Wadlawala
E-mail : hakim[at]protechmanize.com
105. M/s Qseap Infotech Pvt. Ltd.

Unit No.105, Building No.03, Sector No.03,
Millennium Business Park, Mahape (MIDC),
Maharashtra- 400710, India
Ph: 9987655544
Fax: NA
Contact Person: Mr. Abhijit Doke
E-mail: certin[at]qseap.com
106. M/s QRC Assurance and Solutions Private Limited
Office No 508, Plot No 8, Ellora Fiesta, Sector -11,

Sanpada, Navi Mumbai, Maharashtra, India, 400705
Ph : +91-9920256566
Fax: NA
Contact Person : Kalpesh Vyas
E-mail : kalpesh.vyas[at]qrcsolutionz[dot]com
107. M/s QA InfoTech Software Services Private Limited

A-8, Sector 68, Noida, Uttar Pradesh, 201309
Ph : +91-120-6101-805 / 806
Fax:
Contact Person : Mr Rajesh Sharma (Co-Founder and Chief Information Officer)
E-mail : rajesh[at]qainfotech.com
108. M/s Qadit Systems and Solutions Pvt Ltd

2nd Floor, Old No. 10, New No. 7
VOC 2nd Main Road
VOC Colony,Kodambakkam,Chennai 600 024
Ph : +91 44 4279 1150
Fax: Not Available
Contact Person : Mr. Mahesh Balan
E-mail : mahesh[at]qadit.com
109. M/s Quess Corp Ltd

1/9, Krimson Square, 3rd Floor, Above Vishal Mega Mart,Muneswara Nagar,
HSR Layout, Hosur Road,Bengaluru, Karnataka 560068
Ph : 9821759151
Fax:
Contact Person : Prasun Naidu/ Pennamma Joseph
E-mail : prasun.naidu[at]quesscorp.com
110. M/s Risk Quotient Consultancy Private Limited
Unit 9, Building No:02, Sector 3, Plot No:1,
Millennium Business Park, Mahape, Navi Mumbai 400701
Ph :9821340198
Fax:NA
Contact Person : Ms.Deepanjali Kunthe
E-mail :deepanjali.kunthe[at]rqsolutions.com
111. M/s RSM Astute Consulting Pvt. Ltd.

301-307, A Wing, Technopolis Knowledge Park,
Mahakali Caves Road, Andheri (East),
Mumbai – 400093
Tel: 91-22- 6108 5555
Contact Person :Mr. Anup Nair
E-mail : anup.nair[at]rsmindia.in
Mobile No. +91 8828428080
Website : www.rsmindia.in
112. M/s RNR Consulting Private Limited
E-16/169, Sector-8, Rohini, Delhi 110085

Ph : +91 9999132873 , +91 9971214199
Fax: N/A
Contact Person : Nitish Goyal , Practice Head – Information and Cyber Security
E-mail : nitish[at]consultrnr[dot]com
113. M/s RiskBerg Consulting Pvt Ltd
Unit No. - 43, Centrum Plaza, Golf Course Road, Sector – 53,
Gurgaon, Haryana, India - 122002
Ph : +91 995 314 4939; +91 124 428 4087
Fax: NA
Contact Person : Rohit Agrawal
E-mail : rohit.agrawal[at]riskberg.com
114. M/s SecureLayer7 Technologies Private Limited
Plot No. 28, Vyankatesh Nagar, Beside Totala Hospital,

Jalna Road, Aurangabad, MH 431001
Ph : +91-844-844-0533
Fax: NA
Contact Person : Mr. Sandeep Kamble
E-mail : cert[at]securelayer7.net
115. M/s SecurEyes Techno Services Pvt. Ltd.
4th Floor, Delta Block, Sigma Soft Tech Park,

Whitefield Main Road, Varathur, Bangalore - 560066
Phone Number: +91 9449035102/ 080-41264078
Fax:NA
Contact Person : Ms. Uma Pendyala
E-mail :umap[at]secureyes.net
116. M/s Security Brigade InfoSec Pvt. Ltd.
3rd Floor, Kohinoor Estate, Lower Parel,

Mumbai - 400013
Ph : +919004041456
Fax: -
Contact Person : Mr. Jamila Pittalwala
E-mail : certin[at]securitybrigade.com
117. M/s Sysman Computers
312, Sundram, Rani Laxmi Chowk,

Sion Circle, Mumbai 400022
Ph : 99672-48000 / 99672-47000 / 022-2407-3814
website : www.sysman.in
Contact Person : Dr. Rakesh M Goyal, Director
E-mail : rakesh[at]sysman.in, सििमैन@सििमैन.भारत
118. STQC Directorate, Ministry of Electronics and IT, Govt. of India
Electronics Niketan, 6 C G O Complex, Lodhi Road, New Delhi-110003

Ph :011 24301816, 24301382
Fax:011 24363083
Contact Person : Mr. Gautam Prasad
E-mail : gprasad[at]stqc.gov.in; headits[at]stqc.gov.in
119. M/s Sattrix Information Security Pvt. Ltd.
28, Damubhai Colony, Nr. Anjali Cross Road, Bhatta,

Paldi, Ahmedabad-380007.
Ph : +91 9825077151
Contact Person : Bhavik Patel
E-mail : bhavik.patel[at]sattrix[dot]com
120. M/s Suma Soft Private Limited
Suma Center, 2nd Floor, Opp. Himali Society, Erandawane,

Pune, Maharashtra – 411 004.
Tel: +91.20.4013 0700, +91.20.4013 0400
Fax: +91.20.2543 8108
Contact Person : Mr. Milind Dharmadhikari,
Practice Head - IT Risk & Security Management Services
E-mail :milind.dharmadhikari[at]sumasoft.net / infosec[at]sumasoft.net
Mobile - +91-98700 06480
121. M/s SISA Information Security Private Limited
No. 79, Road Number 9, KIADB IT PARK,

Arebinnamangala Village, Jala Hobli
Bengaluru, Karnataka, India - 562149
Ph : +91-7042027487
Fax: N/A
Contact Person : Mr. Bharat Malik
E-mail : warlabs[at]sisainfosec.com
122. M/s Sequretek IT Solutions Pvt. Ltd.
304, Satellite Silver, Andheri Kurla Road, Marol,

Andheri East, Mumbai, INDIA - 400 097
Ph: 022-40227034
Fax: 022-40227034
Mobile: 9022975960
Contact Person: Mr. Jiten Patel, Project Manager
E-mail: jiten.patel[at]sequretek.com
123. M/s Siemens Limited
Birla Aurora Towers, Level 21, Plot 1080, Dr. Annie Basant Road,
Worli, Mumbai - 400030
Ph : +91 22 39677640
Fax: NA
Contact Person : Mr. Amitava Mukherjee
E-mail :Amitava.Mukherjee[at]siemens.com
124. M/s Software Technology Parks Of India
1st Floor, Plate B, Office Block-1,

East Kidwai Nagar, New Delhi-110023
Website URL: http://www.stpi.in
Ph :+91-11-24628081
Fax:+91-11-20815076
Contact Person : Mr. Amit Bansal
E-mail : amit.bansal[at]stpi[dot]in
125. M/s Sumeru Software Solutions Private Limited
1st Floor "Samvit", Near The Art of Living International Center,

21st KM Kanakapura Main Road,
Udayapura, Bangalore – 560082
Karnataka, India
Ph : +91 6364357139
Fax: +91 80-4121 1434
Contact Person : Asish Kumar Behera
E-mail : cert-in[at]sumerusolutions.com
126. M/s SWADESH SYSTEM PVT.LTD.
504,5th Floor, 58, Sahyog Building, Nehru Place, New Delhi-110019

Ph :011-45621761
Fax:011-45621761
Contact Person : Mr. Rohit Jain
Contact No.: 9911117635
E-mail :rohit[at]swadeshsystem.in
127. M/s Security Spoc LLP
Level 18 Tower A, Building No. 5 DLF Cyber City Phase III,

Gurgaon, Haryana, 122002 India
Ph : +918448866878, 01294900303
Fax: NA
Contact Person : Dutt Kumar
E-mail : dkumar[at]securityspoc.com
Website: https://securityspoc.com
128. M/s Secure Loopholes Solutions LLP
Registered Address - 306 – Anushri Complex, Nr. Bank of Baroda, Ashram Road, Usmanpura,
Ahmedabad, Gujarat – 380013
Ph : 8746004198/040-40267862
Fax:
Contact Person : Raghunatha Reddy
E-mail : raghunatha.reddy[at]secureloopholes.com
129. M/s SecureInteli Technologies Pvt Ltd (Formerly BizCarta Technologies India Pvt
Ltd)
3rd Floor, Nandi Infotech | Plot No 8, 1st Cross, KIADB, Sadaramangala Industrial Area
Mahadevpura, Bangalore 560 048, INDIA
Ph :+91 90358 33818
Fax:
Contact Person : Pradeep Kumar
E-mail : pradeep[at]bizcarta.io
130. M/s SECURIUM SOLUTIONS PRIVATE LIMITED
B28, FIRST FLOOR, SECTOR 1, NOIDA - 201301.

Ph : +91 99906 02449
Contact Person : NEHA SINGH
E-mail : neha.singh[at]securiumsolutions.com
131. M/s Sectrio-Subex Digital LLP
Subex Digital LLP, Pritech Park – SEZ Block -09,

4th Floor B Wing Survey No. 51 to 64/4 Outer
Ring Road, Bellandur Village Varthur, Hobli, Bengaluru, Karnataka 560103
Phone : 08066598700
Fax: +91 80 6696 3333
Contact Person : Mr. Sandeep Naganur
E-mail : sandeep.naganur[at]sectrio.com
132. M/s SOC ANALYST PRIVATE LIMITED
3, Central Chambers, 1017, Tilak road,

Swargate Corner, Pune-411030
Ph : 020-24444090
i) Contact Person : RAJENDRA PONKSHE
E-mail :rajendra@socanalyst.in
Contact No: 9422324196
ii) Contact Person : Ajay Nikumb
Contact No: 9225246815
133. M/s TAC InfoSec Private Limited
C203, 4th Floor, World Tech Tower

Phase-8B, Mohali-160055
Ph: 9876200821, 9988850821
Contact Person: Mr. Trishneet Arora, Founder and CEO
E-mail: certin[at]tacsecurity.co.in
134. M/s Tata Communications Ltd
5th Next Gen Tower New IDC Building, Ho Chi Minh Marg,
opp. Savitri Cinema, Greater Kailash, New Delhi -110048
Ph : +91 11 66512760
Contact Person : Mr.Ratnajit Bhattacharjee - DGM-GRC Product/Services
Mr. Amit Rathi - Product Manager GRC Product/Services
E-mail : Ratnajit.Bhattacharjee[at]tatacommunications.com,
Amit.Rathi [at]tatacommunications.com
Mobile : 9810093811, 9594950749
135. M/s Talakunchi Networks Pvt Ltd
Postal address: 505, Topiwala Centre,

Off S.V. Road, Goregaon West, Mumbai 400104
Phone: +91-9920099782
Contact Person : Vishal Shah
E-mail: certin[at]talakunchi.com
136. M/s Tata Advanced Systems Ltd.
Cyber & Physical Security Division

Postal address: Office No. 15, 6th floor, Tower 1,
Stellar IT Park, C-25, Sector-62 Noida, Uttar Pradesh, India. PIN - 201307
Fax: 0120 4847459
Contact Person : Mr. Aakash Verma (Cyber Security Practice)
Email: certin[at]tataadvancedsystems[dot]com
Mobile no.: 8447969581
137. M/s TUV-SUD south Asia Pvt. ltd
Solitaire, 4th Floor, ITI Road,

Aundh, Pune – 411007
Maharashtra
Ph : +91 20 6684 1212
Fax:
Contact Person :Amit Kadam
E-mail :Amit.VKadam[at]tuvsud.com Phone:+91 9607964483
Mr. Vaibhav.Pulekar
E-mail :Vaibhav.Pulekar[at]tuvsud.com Phone: + 91-9819955909
Mr. Sivakumar Radhakrishnan,
E-mail :Sivakumar.R[at]tuvsud.com Phone: + 91-9819955909
138. M/s Tata Power Delhi Distribution Ltd
Tata Power Delhi Distribution Ltd, NDPL House,

Hudson Lane, New Delhi - 110009
Ph :01166112222
Fax:01127468042
Contact Person :Aamir Hussain Khan
E-mail :aamir.hussain[at]tatapower-ddl.com
139. M/s Tech Mahindra Ltd.
Sharda Centre, Off Karve Road

Pune - 411004 (Maharashtra) India
Ph : +91 20 66018100
Contact Person : Mohammad Akhtar Raza
E-mail : MR00619954[at]TechMahindra.com
140. M/s Techdefence Labs Solutions Private Limited
901-904 & 908, 9th Floor Abhishree Adroit, Near Mansi Circle, Judges Bungalow Road,
Vastrapur, Ahmedabad - 380015
Ph : 9924822224/ 7567867776
Fax:
Contact Person : Sunny Vaghela
E-mail : sunny[at]techdefencelabs.com
141. M/s Tek Cube Pvt. Ltd. (WeSecureApp)
6th Floor, 91 Springboard, LVS Arcade, Madhapur, 71, Jubilee Enclave, HITECH City,
Hyderabad, Telangana- 500081
Ph : +91- 7842283183
Fax:None
Contact Person : Anurag Giri
E-mail : anurag[at]wesecureapp.com
142. M/s Third I Information Security Pvt Ltd.
MU Chamber, Station road, Opp to Anupam Annapolis, Goregaon East

Ph : +91-7738528400
Fax: Not Applicable
Contact Person : Mr. Niyaj Khan
E-mail : niyaj.khan[at]thirdeyeinfosec.com
143. M/s Trinay Cyber Technologies Pvt Ltd
5-9, Near Bank Bazar / Opp Union Bank, Tsundur, Guntur, Andhra Pradesh - 522318
Ph :+91 89196 74695
Fax:
Contact Person : Lavanya Bhavanam
E-mail :lavanya[at]trinaytechnologies.com
144. M/s Tuxcentrix Consultancy Pvt. Ltd
TuxZone Near AIR , Mythripuram Road, Thrikkakara

Cochin Kerala 682021 India
Ph :7356335511
Fax:
Contact Person : Sobin Joseph
E-mail :sobin[at]tuxcentrix.in
145. M/s US Technology International Private Limited
UST Campus, Innovation Drive, Technopark Phase II,

Kulathur P O, Thiruvananthapuram-695583
Fax: 04712527276
Contact Person: Adarsh Nair / Anand Trivedi
E-mail : Adarsh.Nair[at]ust.com / Anand.Trivedi[at]ust.com
Ph : +91 7994317222 /+91 9821335979
146. M/s Varutra Consulting Private Limited
Postal address: Varutra Consulting Pvt. Ltd.,

West Wing, II Floor, Marigold Premises, Marisoft III,
Kalyaninagar ,411014 Pune ,Maharashatra, India.
Ph : +91 8408891911
Fax: NA
Contact Person : Shrushti Sarode
E-mail :shrushti.sarode[at]infosharesystems.com
147. M/s VISTA InfoSec
001, Neoshine House, New Link Road, Andheri West, Mumbai - 400053
Ph : +91-9029236292
Fax:
Contact Person : Supriya Deshpande
E-mail : Sales[at]vistainfosec.com
148. M/s Wipro Limited
Unit no 2, Serene Properties,

Building No 7, Mindspace(SEZ), Plot no 3,
TTC industrial Area, Opp. Airoli Railway Station,
Thane Belapur Road,Navi Mumbai - 400708
Ph :+91 22 39300003
Fax:+91 22 39300123
Contact Person :Arun Bijani
E-mail :arun.bijani[at]wipro.com
Mobile: +91 9819055879
149. M/s Xiarch Solutions Private Limited
352, 2nd Floor, Tarun Enclave,

Pitampura, New Delhi-110034, India
Ph :011-45510033
Fax:011-66173033
Contact Person : Mr. Utsav Mittal, Principal Consultant
E-mail : utsav[at]xiarch.com, cert[at]xiarch.com
150. M/s Yoganandh & Ram LLP
G-1, Shree Vishnu Apartments, 12, Twelfth Cross Street,

Dhandeeswaram Nagar, Velachery, Chennai - 600042
Ph : 044-22432030
Fax: Nil
Contact Person : Mr. Manoj Kumar Jain
E-mail : manoj[at]yandr.in / isaudit[at]yandr.in
Mobile : 9940156515 / 98415 82933
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
M/s AAA Technologies Ltd
1. Name & location of the empanelled Information Security Auditing Organization :
AAA Technologies Limited,

Mumbai, Delhi, Bangalore, Lucknow, Chennai, Pune
2. Carrying out Information Security Audits since : 2000
3. Capability to audit , category wise (add more if required)
 Network security audit (Y/N) : Yes

 Web-application security audit (Y/N) : Yes
 Wireless security audit (Y/N) : Yes
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
 Mobile App Security Testing (Y/N) : Yes
 ERP Audit (Y/N) : Yes
 Payment Gateway Audit (Y/N) : Yes
 Compliance Audit as per Government of : Yes
India Guidelines (Y/N)
 Source Code Review (Y/N) : Yes
 Cyber Security and CSOC Audit (Y/N) : Yes
 Cloud Security Audit (Y/N) : Yes
 Swift Audit (Y/N) : Yes
 Concurrent / Continuous Audit (Y/N) : Yes
4. Information Security Audits carried out in last 12 Months :
Govt. : 400+
PSU : 100+
Private : 25+
Total Nos. of Information Security Audits done : 525+
5. Number of audits in last 12 months , category-wise (Organization can add categories

based on project handled by them)
Network security audit : 150+

Web-application security audit : 400
Wireless security audit : 30+
Compliance audits (ISO 27001, PCI, etc.) : 60+
6. Technical manpower deployed for informationsecurity audits :
CISSPs : 5+
BS7799 / ISO27001 LAs : 30+
CISAs : 20+
DISAs / ISAs : 5+
Any other information security qualification : 35+
Total Nos. of Technical Personnel : 75+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
S. Name of Duration with Experience in Qualifications related

No. Employee <organization> Information Security to Information security
1) Anjay Agarwal 20 25 ISMS LA, CISA, ISA,
CEH, ECSA, LPT,
COBIT Certified
Assessor
2) Venugopal M. 19 18 ISMS LA, ISA, CEH
Dhoot
3) Ruchi Agarwal 16 16 ISMS LA
4) D.K.Agarwal 17 18 CISA
5) Vidhan Srivastav 16 16 CISSP, ISMS LA
6) Sudhir Lad 9 19 CISA
7) Ravi Naidu 10 13 ISMS LA, CEH
8) Harpreet Singh 7 7 CEH

Dhanjal
9) Bharati Vane 7 7 CEH
10) Rahul Verma 7 8 ISMS LA, CEH
11) Raja Yadav 6 7 ISMA LA, CEH
12) Atul Raj 6 7 ISMS LA, CEH
13) Vishnuvardhan 4 6 ISMS LA

Selvaraj
14) 4 6 ISMA LA
Ajay Gautam
15) 4 6 ISMS LA
Mohit Sharma
16) 3 6 ISO 27001
Animesh Mishra
17) 3 6 CEH
Priyanka Awari
18) 3 6 CEH
SuyogGhag
19) Ashvini Anand 3 6 CEH
Yendhe
20) Hiren Shah 3 16 CEH, ISO 27001
21) Rohit Kumar 2 5 CEH
22) Shweta Singhal 2 5 CEH
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Audit for a Government Organisation above Rs. 5 Crores

Information Security Audit including SAP Audit for a Municipal Corporation for above Rs. 4.5
Crore
Consultancy for Implementing ISO 27001 for 17 Data Centers across India including
Vulnerability Assessment and Penetration Testing for Rs. 54.57 Lakhs
9. List of Information Security Audit Tools used( commercial/ freeware/proprietary):
Commercial
i. NetSparker
ii. Core Impact
iii. Nessus Pro
iv. Nipper
v. Burp Suite
vi. Idea
Freeware
i. Nmap
ii. DOMTOOLS - DNS-interrogation tools
iii. Nikto - This tool scans for web-application vulnerabilities
iv. Firewalk - Traceroute-like ACL & network inspection/mapping
v. Hping – TCP ping utilitiy
vi. Dsniff - Passively monitor a network for interesting data (passwords, e-mail, files,
etc.). facilitate the interception of network traffic normally unavailable to an attacker
vii. HTTrack - Website Copier
viii. Tools from FoundStone - Variety of free security-tools
ix. SQL Tools - MS SQL related tools
x. John - John The Ripper, Password-cracking utility
xi. Paros - Web proxy for web application testing
xii. Wikto - Web server vulnerability assessment tool
xiii. Back Track
xiv. Meta Sploit
xv. Ethereal - GUI for packet sniffing. Can analysetcpdump-compatible logs
xvi. NetCat - Swiss Army-knife, very useful
xvii. Hping2 - TCP/IP packet analyzer/assembler, packet forgery, useful for ACL inspection
xviii. Brutus – password cracking for web applications, telnet, etc.
xix. WebSleuth - web-app auditing tool
xx. HTTPrint – detect web server and version
xxi. OpenVas
xxii. W3af
xxiii. Owasp Mantra
xxiv. Wire Shark
xxv. Ettercap
xxvi. Social Engineering Tool Kit
xxvii. Exploit database
xxviii. Aircrack-Ng
xxix. Hydra
xxx. Directory Buster
xxxi. SQL Map
xxxii. SSL Strip
xxxiii. Hamster
xxxiv. Grimwepa
xxxv. CAIN & Able
xxxvi. Rips
xxxvii. Iron Wasp
xxxviii. Fiddler
xxxix. Tamper Data
Proprietary
i. AAA - Used for Finger Printing and identifying open ports, services and
misconfiguration
ii. Own developed scripts for Operating System
iii. Own developed scripts for Database Audit
10. Outsourcing of Project to External Information Security Auditors / Experts : No

( If yes, kindly provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
12. Whether organization is a subsidiary of any foreign based organization? : No
If yes, give details
13. Locations of Overseas Headquarters/Offices, if any : No
*Information as provided by <AAA Technologies Limited> on <23-10-2020>
Back
M/s BHARAT ELECTRONICS LIMITED
BHARAT ELECTRONICS LIMITED

Registered & Corporate Office
Outer Ring Road, Nagavara
Bangalore – 560045, Karnataka
Representing all its 9 units at Bangalore, Ghaziabad, Pune,

Machlipatnam, Chennai, Panchkula, Navi Mumbai, Kotdwara,
Hyderabad and 2 Central Research Laboratories at Bangalore and
Ghaziabad.
2. Carrying out Information Security Audits since : August 2015
3. Capability to audit, category wise (add more if required)

 Web-server security audit(Y/N) : Yes
 Wireless security audit (Y/N) : No
 Mobile application security audit(Y/N) : Yes
 Stand-Alone application security audit(Y/N) : Yes
 Device security audit (Y/N) : Yes
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes;
Gap analysis w.r.t ISO 27001
 Secure SDLC Review (Y/N) : Yes
 Secure Code Review (Y/N) : Yes
4. Information Security Audits carried out in last 12 Months:

(Reporting period: Oct 2019 to Sep 2020)
Govt. : -8-
PSU : -17-
Private : -Nil-
Total Nos. of Information Security Audits done : -25-

(Reporting period: Oct 2019 to Sep 2020)
Network security audit : -Nil-

Web-application security audit : -17-
Web-server security audit : -4-
Wireless security audit : Nil-
Stand-Alone application security audit : -1-
Device security audit : -1-
Mobile application security audit : -2-
Compliance audits (ISO 27001, PCI, etc.) : -Nil-
6. Technical manpower deployed for information security audits :
CISSPs : -1-
BS7799 / ISO27001 LAs : -11-
CISAs : -Nil-
DISAs / ISAs : -Nil-
Any other information security qualification : -15-
M.Tech (Information Security) :<number of> : -2-
M.Tech (Cyber Security) : <number of> : -3-
M.Tech (Cyber Law & Information Security) : <number of>: -1-
NPT :<number of> : -2-
CEH :<number of> : -9-
CCNSP :<number of> : -2-
CHFI :<number of> : -1-
CSA :<number of> : -1-
ACE :<number of> : -1-
Total Nos. of Technical Personnel : -27-
S. Technical Personnel’s Working with Information Security related Total

No Name the qualifications (CISSP/ISMS LA / experience in
. organization CISM/ CISA/ ISA etc., state as information
since (month applicable) security
& year) related
activities
(years)
PMP, ISMS LA, CCNSP, Trained on
1. Ms. Shylaja K Sep, 1999 17+
CCISO & CISSP
M.Tech (Software Systems), PMP,
2. Ms. Bhagya Lakshmi A N Oct, 2004 6+
ISMS LA, NPT, Trained on CISSP
3. Ms. Poornima M Nov, 2009 M.Tech (Cyber Security), CEH 4+
4. Ms. Swathi M D Sep, 2010 CEH 5+
Advanced Certification in Cyber
5. Ms. Akshatha S Dec, 2018 2+
Forensics
6. Mr. Deepak D Nov, 2012 NPT, CEH 5+
7. Mr. Kunal Mohan Sadalkar Aug, 2011 M.Tech (Information Security) 9+
M.Tech (Information Security), CHFI
8. Mr. Neeraj Kumar Dec, 2014 9+
V8, ACE
9. Mr. Jagan Mohan Rao B Apr, 1999 PMP, Trained on CISSP 9+
10. Mr. Antony Benedict Raja G Jun, 2010 CEH 6+
11. Mr. Tarun Jain Oct, 2010 CISSP 6+
M.Tech (Cyber Security), ISMS LA,
12. Mr. SandeepGadhvi Jan, 2019 CEH, DIAT Certified Information 2+
Assurance Professional(DIAT CIAP)
M.Tech (Cyber Law & Information
13. Mr. Viplav Feb, 2019 2+
Security)
Mr. ManojTyagi Dec, 2010 M.S. (Software Systems), ISMS 4+
14.
Internal Auditor, ISMS LA, PMP
15. Mr. GauravKataria July 2007 M.Tech (Cyber Security), 11+
ISMS LA, CEH v10
16. Ms. KarunaShri Dec 2010 ISMS Internal Auditor 4+
17. Mr. Neeraj Kumar Singh Dec 2010 CEH v10, ISMS Internal Auditor 4+
18. Ms. Reshu Rani Sep 2017 CEH v10 3.5+
19. Mr. SagarVerma Oct 2017 CEH v10, ISMS Internal Auditor 3+
20. Mr. Akshit Singh Oct 2018 CEH v10 2.5+
21. Mr. Rajesh Kumar Udumu Jun, 2006 CEH, CNDA 5+
22. Mr. Vaman A Naik Mar, 1986 ISMS LA 7+
23. Mr. Praveen Kumar H T Jun, 2001 ISMS LA, CCNSP 15+
24. Ms. Madhavi M Jan, 2005 PMP, ISMS LA 4+
25. Mr. Mrityunjaya P Hegde Feb, 2010 PMP, ISMS LA 5+
26. Mr. Srinivas T Dec, 1993 ISMS LA 9+
27. Mr. DeeprajShukla Jun, 2009 ISMS LA 5+
28. Ms. Padmapriya T Sep, 2011 PMP, ISMS LA 3+
Security Audit of NC3I Application – comprising of web application and standalone

applications to acquire, store, process, integrate, correlate and display the tactical data in real
time. The audit was conducted remotely through Team Viewer.This a high value project for the
Indian Defence Customer.
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):
Freeware Commercial Proprietary
Wireshark/ TCPDump Ettercap Dsniff Nessus Pro NSAT

Kali Linux Ferret Lynis Nexpose Scripts
Nmap/ Zenmap Hamster NSLookup Metasploit Pro
Sqlmap IP scanner Netcat Burpsuite
Nikto Yersinia OmegaDB Acunetix
Hydra Ethereal OpenZap HP WebInspect
John the Ripper Echo Mirage OpenVAS HP Fortify
Putty WebScarab Hping IBM Appscan
Whois Tor’s Hammer Fiddler Maxpatrol
Scapy W3af SSLTest Codenomicon
Pyloris Sparta HTTPMaster beSTORM
LOIC Directory Buster Curl IDAPro
CSRF Tester SMTP Ping WireEdit NetSparker
Ollydbg Hash-Identifier Process Hacker
MBSA Cisco Auditor Armitage
TestSSLServer SysInternals Open SSL
Suite
Python / Powershell Santoku Linux Browser Plugins
Scripts
Qualys SSL Genymotion MobSF

(If yes, kindly provide oversight arrangement (MoU, contract etc.))

13. Locations of Overseas Headquarters/Offices, if any : Yes
New York Singapore Srilanka

Bharat Electronics Limited Bharat Electronics Limited Bharat Electronics Limited
53, Hilton Avenue 06-01, PSL Industrial Building No. 385, 1st Floor
Garden City 156, Maopherson Road Landmark Building, Galle
New York – 11530, USA Singapore – 348 528 Road
Colombo – 03, Srilanka
Oman Myanmar Vietnam
Bharat Electronics Limited Bharat Electronics Limited Bharat Electronics Limited
No. 0402Z214, 2nd Floor No. 53, The Strand Square 10th Floor, TNR Power
Building No.4 Level 2, Unit #. 209, Hanoi
Knowledge Oasis Muscat Strand Road, PabedanTsp, Vietnam
(KOM) Yangaon, Myanmar
PO Box 200, Postal Code 123,
AI Rusayl, Sultanate of Oman
*Information as provided by Bharat Electronics Limited on 23-10-2020
Back
M/s CyRAAC Services Private Limited
1. Name & location of the empanelled Information Security Auditing Organization:
CYRAAC SERVICES PRIVATE LIMITED
 Network security audit (Y/N) - Y

 Web-application security audit (Y/N) - Y
 Wireless security audit (Y/N) - Y
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) - Y
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N) - Y
 ICS/OT Audits (Y/N) - Y
 Cloud security Audits (Y/N) - Y
Govt. : 6
PSU : 2
Private : 151
Total Nos. of Information Security Audits done : 159
5. Number of audits in last 12 months, category-wise (Organization can add categories

Network security audit: 70

Web-application security audit: 100
Wireless security audit: 5
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): 29
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): 2
ICS/OT Audits: 2
Cloud security Audits: 27
6. Technical manpower deployed for informationsecurity audits: 14
CISSPs: 1
BS7799 / ISO27001 LA: 4
CISAs: 2
DISAs / ISAs: 0
Any other information security qualification:
Offensive Security Certified Professional - 1
Certified Ethical Hacker - 5
Certified Information Security Manager – 1
CBCP - 1 Total Nos. of Technical Personnel: 14
S. Name of Employee Duration with Experience in Qualifications

No. <organization> Information related to
Security Information
(years) security
1 Murari Shanker 39 months 32 CISM
2 Suresh P 22 months 21 TOGAF 9
3 Deepti Bhatia 37 months 6 CISSP, CISA
Venkateshwaran
4 Prabhakaran 25 months 8 CISA
5 Ram Prasad 39 months 13 CEH, CHFI
OSCP, CEH, ISO
6 Anamika Patil 39 months 3.3 27001 LA
7 Varun Mokashi 24 months 2 CEH
8 Uday Naik 24 months 3 CEH
9 Ashutosh Nath Rimal 20 months 2 CEH
10 Kalyani B 6 months 6 ISO 27001 LA
Information Systems Audits for a Bank
Scope:
• Audit against requirements and circulars - RBI Cyber Security Framework,
Gopalakrishna Committee Recommendations
• Audit against Storage of Payments Systems Data
• e-Sign Audit
• Audit against UIDAI requirements
• Vulnerability Assessment and Penetration Testing
• Red Team Assessment
• Application Security Assessment
• Cloud Security Audit
• Data Privacy
• Security Operations Audit
Locations: India
9. List of Information Security Audit Tools used(commercial/ freeware/proprietary):
Tool User
Nessus Professional Infrastructure Scanning
Burp Suite Penetration Testing / Web Application Scanning
Tool User
Metasploit Penetration Testing
Charles Infrastructure Scanning
Nikto Penetration Testing
SQLmap Penetration Testing / DB Scanner
W3AF Web Application Scanning
AirCrack-ng Infrastructure Scanning
Netcat Multipurpose Tool
TCPDUMP Infrastructure Scanning / Sniffer
Wireshark Infrastructure Scanning / Sniffer
Kismet Infrastructure Scanning
WebScarab Web Application Scanning
OpenSSL Toolkit Infrastructure scanning
Fiddler / Firebug Web Application Scanning
SQLNinja Penetration Testing / DB Scanner
Nirsoft Suite Multipurpose Toolset
Sysinternals Suite Multipurpose Toolset
Frida Mobile Application Penetration testing
Drozer Mobile Application Penetration testing
QARK Mobile Application Penetration testing
MobSF Mobile Application Penetration testing
SuperAndroidAnalyzer Mobile Application Scanning
Postman API Penetration Testing
FuzzAPI API Scanning
Astra API Penetration Testing
Fortify SCA Secure Code Review
PMD Secure Code Review
Checkstyle Secure Code Review
FingBugs Secure Code Review
Source meter Secure Code Review
SonarQube Secure Code Review
VCG Secure Code Review
Prowler Cloud Configuration Review
Scout Suite Cloud Configuration Review
Custom Scripts Multipurpose

12. Whether organization is a subsidiary of any foreign based organization : No


11. *Information as provided by CYRAAC SERVICES PRIVATE LIMITEDon 01 July 2021
Back
Madhya Pradesh State Electronics Development Corporation (MPSEDC)
Madhya Pradesh State Electronics Development Corporation (MPSEDC)

47/A State IT Center, Arera Hills Bhopal, Madhya Pradesh- 462011
2. Carrying out Information Security Audits since : January 2013
 Network security audit (Y/N) :

N
 Web-application security audit (Y/N) :
Y
 Wireless security audit (Y/N) :
N
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) :
N
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N) :
N
 ICS/OT Audits (Y/N) :
N
 Cloud security Audits (Y/N) :
N
 Information security policy review :
Y
 Android Mobile app security audit :
Y
Govt. : 106
PSU : NA
Private : NA

Network security audit : NA

Wireless security audit : NA
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : NA
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : NA
ICS/OT Audits : NA
Cloud security Audits : NA
CISSPs : 0
BS7799 / ISO27001 LAs : 4
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification :
CISA : 1
CIISA : 1
CCIE-Security : 1
EC-Council ECIH : 1
EC-Council CeH : 3
Nessus VM : 1
Total Nos. of Technical Personnel : 6
Duration
Qualifications
withMPSEDC(Previously Experience in
S. related to
Name of Employee known as MAP_IT) as Information
No. Information
of Security
security
Jan 31 2022
2 year 5
1 Ambar Pande 7 years 1 Months ISMS LA
months
2 year 5
2 Vineet Tiwari 3 years 2 Months ISMS LA
months
11 years 3 ISMS LA, CEHv10,
3 PriyankSoni 7 years 8 Months
Months CISA(Exam)
7 years 3
4 VasundharaRaghuwanshi 6 Years 8 Months CIISA, CEHv10
Months
15 years 3
5 Viral Tripathi 6 Years 2 Month CCIE-Security
Months
10 years 3 Nessus VM,ISMA
6 Sourabh Singh Rathore 2 Year 2 Months
Months LA, ECIH, CEHv8
MP - Urban Administration & Development - REAL ESTATE REGULATORY AUTHORITY

(RERA)Website
Project consists of 20 different modules which were audited in different phases

Complexity: High
Location: Bhopal
Volume: 20 Modules
No. of Static Pages in the application: 50
No. of Dynamic Pages in the application: 100
Project Value: NA
MP State Election Commission (IEMS Portal + Website + Webservices)

Project consists of 8 different modules and 60 Webservices which were audited in different
phases
Complexity: High
Location: Bhopal
Volume: 8 Modules + 60 Webservices
Project Value: NA
SAARA (Smart Application for Revenue Administration)
The SAARA application is a suite of modules developed for various functionaries of
Revenue Department.
Project consists of 11 different modules and webservices
Complexity: High
Location: Bhopal
Volume: 11 Modules+ webservices
Project Value: NA
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):
Commercial Tools:
Micro Focus Webinspect 20.1.0

Burp Suite Professional v2021.6.2
Freeware Tools:
Kali Linux Framework

OWASP-ZAP 2.10.0
Nmap,
Nikto, Metasploit,Vega ,Nessus


*Information as provided by M.P. State Electronics Development Corporation Ltd (MPSEDC) on

Feb 4 2022.
Back
M/s Maverick Quality Advisory Services Private Limited
MAVERICK QUALITY ADVISORY SERVICES PRIVATE LIMITED

123 RADHEY SHYAM PARK P.O SAHIBABAD
GHAZIABAD, U.P, INDIA – 201005

 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) : Yes
 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) (Y/N) : No
 ICS/OT Audits (Y/N) : Yes
 Cloud security Audits (Y/N) : Yes
 Physical Access Controls & Security testing (Y/N) : Yes
 Software Vulnerability Assessment (Y/N) : Yes
 Penetration Testing (Y/N) : Yes
 Information Security Testing (Y/N) : Yes
 Business Continuity Planning / Disaster Recovery Audit (Y/N) : Yes
 Mobile Application Security Audit(Y/N) : Yes
 Window Application Security Audit(Y/N) : Yes
 Secure Source Code Review(Y/N) : Yes
Govt. : 294
PSU : 22
Private : 84
Total Nos. of Information Security Audits done (In last 12 months) :400

Network security audit : 10

Mobile Application Security Audit : 23
Window Application Security Audit : 1
Secure Source Code Review : 6
Penetration Testing : 370
Compliance audits (ISO 27001) : 28+
CISSPs :1
BS7799 / ISO27001 LAs :11
CISAs : CISA(2) + CISM(4)
Any other information security qualification : 9(CEH)
1 Anand Sarup >9 years >23 years CISA,CISM,ISMS LA
2 Ashok >16years >15years ISMS LA
3 Vinit >16years >17years ISMS LA
4 Manish Gupta >7 Years >10 Years CISA, CISM, ISO
31000, ISO 27001
5 Raj >16years >10 years ISMS LA, CISM
6 Ashish >6 Years >4 Years CEH, CISM
7 Alok Kumar >5 Years >4 Years CEH
8 Chandra Kishor >3 Years >3 Years CEH
9 Sanjeev Gupta >6 years >8 years ISMS LA
10 G. Meenakshi >8 Years >11 Years ISMS LA
11 Harish >10 years >19years CISSP, MCSE,
SYMANTAC Certified,
RSA Certified
12 Pushkal >3 Years >6 Years ISMS LA
13 Col. Sunil >6 Years >10 Years ISMS LA
14 Padmanabhan >5 Years >7 Years ISMS LA
15 Nirupama >2 Years >1 Year ISMS LA
16 Ashutosh <2 Years <2 Years CEH
17 Manoj <2 Years <2 Years CEH
18 Rajat <1 Year <2 Years CEH
19 Martand Pratap <1 Year <1 Year CEH
20 Rajat <1 Year <1 Year CEH
21 Priyanshu <1 Year <1 Year CEH
Carrying out Web-Application Security audit for a Government Organization with value > INR
40 Lacs
Carried out Network Security Audit and Web-Application Security audit for a Private
Organization with value > INR 20 Lacs
SNo Tool Name Type Purpose

1 Burp Suite Commercial Web application auditing
2 Nessus Commercial Vulnerability Scanner
3 Nmap Free Port/service scanner
4 Metasploit Free Exploitation Tool
5 Netcat Free Network Testing
6 Ethereal Free Wireless Penetration Testing
7 SSLProxy Free Web Application Testing
8 STunnel Free Web Application Testing
9 VisualCodeGrepper Free Source Code Review
10 Nikto Open Source Web Application testing
11 Wireshark Open Source Packet Analyzer
12 SQLMap Open Source SQL Injection Exploitation
13 Kali-Linux Open Source OS containing open source tools
14 OWASP ZAP Open Source Web application auditing
15 MobSF Open Source Mobile Application Pen Test
16 apktool Open Source Mobile Application Pen Test
17 Procmon Open Source Process Monitor Tool
18 Echo Mirage Open Source Network Proxy
19 Postman Open Source Web services and API Testing Tool
20 Drozer Open Source Mobile Application Pen Test
21 SonarQube Open Source Source Code Review


*Information as provided by Maverick Quality Advisory Services Private Limited on Jun 30 2021
Back
M/s RSM Astute Consulting Pvt. Ltd.
RSM Astute Consulting Pvt. Ltd. (www.rsmindia.in)
Headquarters (Mumbai):
301-307, A Wing, Technopolis Knowledge Park,
Mahakali Caves Road, Andheri (East),
Mumbai – 400093
Tel: (+91-22) 6108 5555
Bangalore Office:
3rd floor, B Wing, Jubilee Building,
45, Museum Road, Bengaluru-560025
 Network security audit (Y/N) : Y

 Web-application security audit (Y/N) : Y
 Wireless security audit (Y/N) : Y
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Y
 IT General Controls : Y
 IT Policy Compilation : Y
 Vulnerability Assessment & Penetration Testing : Y
 IT Infrastructure Audit : Y
 Review of Applications Implementation : Y
(Both Pre & Post Implementation)
 End Point Security Review : Y
 Application Security Review : Y
 Secure Code Review : Y
Govt. : 1
PSU : 5
Private : 48
5. Number of audits in last 12 months , category-wise
 Network security audit : 7

 Web-application security audit : 12
 Mobile Application Security Audit : 4
 Wireless security audit : 3
 Compliance audits (ISO 27001, PCI, etc.) : 5
 IT General Controls : 38
 Vulnerability Assessment & Penetration Testing : 12
 IT Infrastructure Audit : 2
 Review of Applications Implementation : 4
(Both Pre & Post Implementation)
 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) 1
CISSPs : 2
BS7799 / ISO27001 LAs : 18
CISAs : 5
DISAs / ISAs : 8
CEH : 10
CCNA : 2
Critical sector organizations:
S. Name of Duration Experience Qualifications related to

No. Employee with RSM in Information security
Astute Information
Consulting Security
B.E, Master – IT, CISA, CISP,
CISSP, CIISA, SAP-Net Weaver
1 Anup Nair > 4 years 18 years Security Certification, IS0 22301
Lead Implementor, ISO 27001
LA, ESCA
B.Tech, IIT Madras, Diploma in
2 K Chandrasekaran >15 Years >3 Years Industrial Management(PGDIM),
ISO 27001 LA
3 Suman Ganguly < 1 year 16 years BE, MBA, CISA, ISO 27001
DME (Diploma in Mechanical
Engineering)
4 G. Satish >15 Years >3 Years
Certified Lead Auditor for ISO
27001, ISO 9001, ISO 45001
5 Mahadevi Garu > 6 years 12 years CA, CISA, ISO 27001 LA
6 Yogendra Joshi < 3 years 23 years B.E, CISA
7 Sachin Pandhare < 4 years 12 years PGDBM, ISO 27001 LA
M.S Computer Science, CEH,
8 Rahul Kshirsagar <1 years 10 years
CNSS
BE, CISA, CRISC, CEH, ISO
9 Rishi Awasthi < 3 years 8 years
27001 LA
CA, CISA, CISSP, CRISC, SAP
10 Parag Sanghvi < 6 years < 6 years
(FI), ISO 27001 LA
11 Shyam Sundaran < 1 year < 5 years MBA, CISA
12 Nitin Bhamare < 1 year < 6 years BE, CEH
13 Pragati Satra < 3 years < 3 years B.E, CISA, ISO27001 LA
Microsoft Certified System
14 Shailesh Mahale >15 years >25 years
Engineer, CCNA, CEH
15 Anjan Hajra >7 years >17 years DOEACC, CCNA, ITIL
MBA (IT), Diploma in Hardware
16 Satish Suvarna > 11 years >17 years
& Networking
B Nutan Kumar
Reddy
17 < 1 year 7 years ICWA/CMA, CISA
Ramya Sagri CA, Diploma in IT, Certified

Acharya Internal Auditor, IT Auditor,
18 < 1 year >18 years
Certified Fraud examiner, SOS
Internal controls
Clients Details
World’s leading IT & ITES Company Information Security and Cyber Security
Services for their 3 delivery centers in
Mumbai, Pune and UK. The Project value was
Rs. 2.63 Crores
India’s leading Scheduled Bank Review of application security, API security

and mobile application security assessment
for one of the largest Scheduled Banks. The
assessment coverage was for 150 applications
of the Bank: The scope involved:
Application Security Assessment

VAPT
Mobile Application Security Assessment
API Security Assessment
The Project value was Rs.35,04,600/-
India’s leading Private Bank Review of Third Party Risk Management and
determine Information Security maturity
levels for the following domains
 Business Objectives, Governance and

Policy
 Data Protection
 Security Risk Management
 Access Management
 Organization and Resources
 Incident Response
 Third-Party/Vendor Management
 Security Architecture
 Infrastructure Resiliency
 Security Awareness and Training
India’s leading Oil Company System review of core ERP system (i.e. SAP),
business cycles and IT Audits. The scope
covered 26 audits across Pan India.
The scope involved conducting enterprise

Leading Indian consumer electrical equipment wide Cyber Security Assessment for all their
manufacturing company critical systems and assisting in establishing
Information Security Framework along with
policies and procedures.
The Project value was Rs. 23,25,000/-
 Nessus Professional
 Kali Linux
 Nmap
 NetCat, NPing, HPing
 OpenSSL
 Wireshark
 Metasploit
 SQLMap
 Appscan
 Burp Suite Pro
 Owasp ZAP
 Nipper, Nipper-ng
 Checkmarx Static Code Analyzer.
 Python, PowerShell
 MobSF
 Magisk
 APKtool
 Echo Mirage
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No :No
(If yes, kindly provide oversight arrangement (MoU, contract etc.)
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No : Yes
(RSM Astute Consulting Private Limited is an independent member firm of RSM International
located at 50 Cannon Street, London, EC4N 6JJ – United Kingdom. RSM International is the 6th
largest audit, tax and consulting network globally and has presence in 120 countries. Each
member entity in respective country is a separate and independently owned entity)
12. Whether organization is a subsidiary of any foreign based organization? : Yes/No : No
13. Locations of Overseas Headquarters/Offices, if any : Yes/No : N/A
*Information as provided by RSM Astute Consulting Pvt. Ltd on August18, 2021
Back
M/s Sysman Computers
Sysman Computers
312, Sundram, Rani Laxmi Chowk, Sion Circle, Mumbai 400022
Contact : Dr. Rakesh M Goyal, Director
Website : www.sysman.in
Phone – 99672-48000 / 99672-47000 / 022-2407-3814
Email – rakesh@sysman.in / सििमैन@सििमैन.भारत
 Network security audit (Y/N) - YES

 Web-application security audit (Y/N) - YES
 Mobile-application security audit (Y/N) - YES
 Wireless security audit (Y/N) - YES
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) - YES
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) - YES
 ICS/OT Audits (Y/N) - YES
 Cloud security Audits (Y/N) - YES
 Main business application audit - YES
 Cyber Forensics - YES
 IT GRC Consulting - YES
 Techno-legal compliance/consulting - YES
 Audit of Certifying Authorities/e-sign/RA/ASP - YES
 Audit of UIDAI AUA / KUA / ASA / KSA - YES
 Data Privacy Audits - YES
Govt. : <number of> : 03

PSU : <number of> : 15
Private : <number of> : 69

Network security audit: <number of> : 08

Web-application security audit: <number of> : 27
Mobile-application security audit: <number of> : 02
Wireless security audit: <number of> : 01
Compliance audits (ISO 27001, PCI, RBI): <number of> : 18
Cyber Forensics : <number of> : 05
IT GRC Consulting/Audit : <number of> : 05
Audit of CA/e-sign/RA/ASP : <number of> : 15
Audit of UIDAI AUA / KUA / ASA / KSA : <number of> : 04
ISNP/GICSI audits : <number of> : 02
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : 02
ICS/OT Audits: <number of> : 02
Cloud security Audits: <number of> : 01

CISSPs : <number of> : 01
BS7799 / ISO27001 LAs : <number of> : 05
CISAs : <number of> : 04
DISAs / ISAs : <number of> : 01
Any other information security qualification: <number of> : 04
Total Nos. of Technical Personnel : : 08
S. Name of Employee Duration with Experience in Qualifications related to

No. Sysman Information Information security
Security
1 Dr. Rakesh M Feb 1985 30 years PhD, CISA, CISM, CCNA,
Goyal CFE, CCCI
2 Vaibhav Banjan May 2007 18 years CISA, DISA
3 Anand Tanksali April 2010 14 years CCNA, CCSA
4 Winod P Karve Sep 1999 22 years CISA, ISO27001 LA
5 Mohammad Khalid March 2011 11 years CCNA, ISO27001 LA
6 Pallavi Goyal April 2010 10 years ISO27001 LA, CCNA,CEH
7 Ankur Goyal March 2012 12 years ISO27001 LA
8 Kiran Chugh June 2015 13 years CISA, CISSP, ISO27001
LA
1. IT Infrastructure with 150 servers, 2500+ nodes, 120 switches, 30 routers

spread over 50 locations all over India alongwith matching DR site.
2. Application audit with 32 modules used by 6000 people
3. e-governance Web-application with 23 modules exposed to world
Mostly used - Nmap. Superscan, Nessus, Metasploit, Kali, SecurityForest, sqlmap,

MBSA, Belarc, w3af, GFI, Aircrack, Nikto, Kismet, NetStumbler, WebSecurify, Burp
Suite, Temper data, N-stalker, ZAP, Secure Auditor, Web developer toolbar. (others
depending upon requirement). Finally Manual exploitation.
10. Outsourcing of Project to External Information Security Auditors / Experts : NO

No. No outsourcing of assignment is done. But engagement of external known

experts along with Sysman team is done, based on special skills required for any
specific assignment.
For this, we have (a) Confidentiality and Non Disclosure Agreement; (b) adherence
to IT Security and other Policies and (c) clear cut scope of work, with clear
knowledge of client.
11. Whether organization has any Foreign Tie-Ups? : NO

If yes, give details : NA
12. Whether organization is a subsidiary of any foreign based organization? : NO

If yes, give details : NA
13. Locations of Overseas Headquarters/Offices, if any :

We are pure Desi organisation. There is no overseas HQ or office or branch.
*Information as provided by Sysman Computers on 29 June 2021
Back

M/s Mirox Cyber Security & Technology Pvt Ltd
Name : - Mirox Cyber Security & Technology Pvt Ltd

Location: - 4th Floor Nila Technopark Trivandrum 695581 Kerala India
Phone +91 471 4016888
Phone +91 471 4000545
Mobile+91 9995199499,
Mobile +91 9995799499
Email- rb@miroxindia.com
Email- cert@miroxindia.com
Email- rbmirox2000@gmail.com

 Compliance audits (ISO 27001, PCI, etc.) (Y/N) : YES
 Application VAPT - (Vulnerability Assessment & Penetration Testing) : YES
 Network VAPT - (Vulnerability Assessment & Penetration Testing) : YES
 Mobile Application VAPT - (Vulnerability Assessment & Penetration Testing) : YES
 IOT Security Testing : YES
 Social Engineering Test : YES
 Secure Code Review : YES
 Host Security Assessments : YES
 Database Security Audit & Assessment : YES
 Device Security Audit & Assessment : YES
 Telecom Security Audit & Assessment : YES
 SCADA VAPT : YES
 Electronic Security Audit : YES
 Risk Assessments : YES
 ERP Security Audit & Assessment : YES
 Infrastructure Security Audit : YES
 Big Data Security Audit & Assessment : YES
 Cyber forensic Analysis : Yes
 Security Architecture Review : Yes
 Data Center Security Audit & Assessment : Yes
 Cloud Applications VAPT : Yes
 Threat Assessment : Yes
 SOC - Security Operation Center Audit & Assessment : Yes
 Managed Security Service : Yes
 Automotive Security Audit : Yes
 AI - Artificial Intelligence Security Audit : Yes
 ML- MACHINE LOG AUDIT : Yes
 Satellite Communication Device & System Audit : Yes
 Data Localization Security Audit : Yes
 Ransomware Rescue Analysis & Forensic Investigation : YES
 SOAR - Security Orchestration, Automation and Response Audit & Review : YES
Govt. : 63
PSU : 7
Private : 90


 Penetration Testing : 75
 Mobile Applications Testing : 50
 IOT & Device Audit : 1
 ERP Audit : 1
 Automotive Audit : 1
 Database Security Audit : 10
 Security Architecture Review : 4
 Threat Assessment : 2
 Social Engineering Test : 3
 Cyber forensic Analysis : 2
 Risk Assessment : 2
 Infrastructure Security Audit : 5
 Electronic Security Audit : 1
 Log analysis audit : 2
 Independent Verification & Validation : 2
 SOAR Security Orchestration, Automation and Response Audit & Review : 1
CISSPs : 1
BS7799 / ISO27001 LAs : 3
CISAs : 2
DISAs / ISAs : 2
Core Technical Security Experts : 10
Any other information security qualification : 6

1 Rajesh Babu 10 14+ CEH/Security Expert
Certified/CISO/Risk
Assessment
2. Lalit 1 16+ Lead Auditor ISO
27001:2005 , - ISO
22301:2012 , - ISO
9001:2015
(Information Security
Management System)
3. Harish V 4.5 4.5 + CEH, Security Certified

4. Amal TK 2 2+ Security Certified
5. Ananthulal 1 1+ CEH, Security Certified
6 Anas SA 2 2+ M.SC Cyber Security
7 Pradeep KK 1 15 + Lead Auditor for ISO
27001, Lead Auditor
for ISO 9001,Qualified
Auditor for ISO 14001,
CSQP
8 Manoj VN 1 15 + Lead auditor for
Quality Management
System (ISO
9001)Lead auditor for
EMS Qualified auditor
for OHSAS ( Safety &
Security)
9 Nandu 1 2+ Electronic Security
Certified
10 Vishnu 1 1 CEH, Security Certified
 Done the largest Infrastructure Security Audit and Assessment more than 16000
machines plus Enterprise UTM/IDS/IPS/SIEM/ Routers and other related IP based
devices etc...for an US Based company and Kerala State Government SECWAN
network 5000 plus.
 Done The Security Testing for World's 3rd largest image and video content portal for
an UK based Enterprise. Its owned and stock more than 100 millions video and image
contents.
 Done the Infrastructure SOAR Platform audit for largest Retail based network
S.No. Tools Opensource/Licensed

1 Acunetix Licensed
2 Nessus Licensed
3 SE-SMSer Opensource
4 acccheck opensource
5 ace-voip opensource
6 Amap opensource
7 arp-scan opensource
8 Automater opensource
9 bing-ip2hosts opensource
10 braa opensource
11 CaseFile opensource
12 CDPSnarf opensource
13 cisco-torch opensource
14 Cookie Cadger opensource
15 copy-router-config opensource
16 DMitry opensource
17 dnmap opensource
18 dnsenum opensource
19 dnsmap opensource
20 DNSRecon opensource
21 dnstracer opensource
22 dnswalk opensource
23 DotDotPwn opensource
24 enum4linux opensource
25 enumIAX opensource
26 EyeWitness opensource
27 Faraday opensource
28 Fierce opensource
29 Firewalk opensource
30 fragroute opensource
31 fragrouter opensource
32 Ghost Phisher opensource
33 GoLismero opensource
34 goofile opensource
35 hping3 opensource
36 ident-user-enum opensource
37 InSpy opensource
38 InTrace opensource
39 iSMTP opensource
40 lbd opensource
41 Maltego Teeth opensource
42 masscan opensource
43 Metagoofil opensource
44 Miranda opensource
45 nbtscan-unixwiz opensource
46 Nmap opensource
47 ntop opensource
48 OSRFramework opensource
49 p0f opensource
50 Parsero opensource
51 Recon-ng opensource
52 SET opensource
53 SMBMap opensource
54 smtp-user-enum opensource
55 snmp-check opensource
56 SPARTA opensource
57 sslcaudit opensource
58 SSLsplit opensource
59 sslstrip opensource
60 SSLyze opensource
61 Sublist3r opensource
62 THC-IPV6 opensource
63 theHarvester opensource
64 TLSSLed opensource
65 twofi opensource
66 URLCrazy opensource
67 Wireshark opensource
68 WOL-E opensource
69 Xplico opensource
70 BBQSQL opensource
71 BED opensource
72 cisco-auditing-tool opensource
73 cisco-global-exploiter opensource
74 cisco-ocs opensource
75 cisco-torch opensource
76 copy-router-config opensource
77 DBPwAudit opensource
78 Doona opensource
79 DotDotPwn opensource
80 HexorBase opensource
81 Inguma opensource
82 jSQL opensource
83 Lynis opensource
84 Nmap opensource
85 ohrwurm opensource
86 openvas opensource
87 Oscanner opensource
88 Powerfuzzer opensource
89 sfuzz opensource
90 SidGuesser opensource
91 SIPArmyKnife opensource
92 sqlmap opensource
93 Sqlninja opensource
94 sqlsus opensource
95 tnscmd10g opensource
96 unix-privesc-check opensource
97 Yersinia opensource
98 Armitage opensource
99 Backdoor Factory opensource
100 BeEF opensource
101 Commix opensource
102 crackle opensource
103 exploitdb opensource
104 jboss-autopwn opensource
105 Linux Exploit Suggester opensource
107 Metasploit Framework opensource
108 MSFPC opensource
109 RouterSploit opensource
110 Airbase-ng opensource
111 Aircrack-ng opensource
112 Airdecap-ng and Airdecloak-ng opensource
113 Aireplay-ng opensource
114 Airmon-ng opensource
115 Airodump-ng opensource
116 airodump-ng-oui-update opensource
117 Airolib-ng opensource
118 Airserv-ng opensource
119 Airtun-ng opensource
120 Asleap opensource
121 Besside-ng opensource
122 Bluelog opensource
123 BlueMaho opensource
124 Bluepot opensource
125 BlueRanger opensource
126 Bluesnarfer opensource
127 Bully opensource
128 coWPAtty opensource
129 crackle opensource
130 eapmd5pass opensource
131 Easside-ng opensource
132 Fern Wifi Cracker opensource
133 FreeRADIUS-WPE opensource
134 Ghost Phisher opensource
135 GISKismet opensource
136 Gqrx opensource
137 gr-scan opensource
138 hostapd-wpe opensource
139 ivstools opensource
140 kalibrate-rtl opensource
141 KillerBee opensource
142 Kismet opensource
143 makeivs-ng opensource
144 mdk3 opensource
145 mfcuk opensource
146 mfoc opensource
147 mfterm opensource
148 Multimon-NG opensource
149 Packetforge-ng opensource
150 PixieWPS opensource
151 Pyrit opensource
152 Reaver opensource
153 redfang opensource
154 RTLSDR Scanner opensource
155 Spooftooph opensource
156 Tkiptun-ng opensource
157 Wesside-ng opensource
158 Wifi Honey opensource
159 wifiphisher opensource
160 Wifitap opensource
161 Wifite opensource
162 wpaclean opensource
163 apache-users opensource
164 Arachni opensource
165 BBQSQL opensource
166 BlindElephant opensource
167 CutyCapt opensource
168 DAVTest opensource
169 deblaze opensource
170 DIRB opensource
171 DirBuster opensource
172 fimap opensource
173 FunkLoad opensource
174 Gobuster opensource
175 Grabber opensource
176 hURL opensource
177 jboss-autopwn opensource
178 joomscan opensource
179 jSQL opensource
181 PadBuster opensource
182 Paros opensource
183 Parsero opensource
184 plecost opensource
185 Powerfuzzer opensource
186 ProxyStrike opensource
187 Recon-ng opensource
188 Skipfish opensource
189 sqlmap opensource
190 Sqlninja opensource
191 sqlsus opensource
192 ua-tester opensource
193 Uniscan opensource
194 Vega opensource
195 w3af opensource
196 WebScarab opensource
197 Webshag opensource
198 WebSlayer opensource
199 WebSploit opensource
200 Wfuzz opensource
201 WPScan opensource
202 XSSer opensource
203 Burpsuite Commercial
204 Google Nogotofail Opensource
205 ImmuniWeb Opensource
205 zaproxy opensource


*Information as provided by Mirox Cyber Security & Technology on 26-10-2020

Back
M/s AQM Technologies Pvt Ltd.
AQM Technologies Pvt Ltd.

Mumbai, India
2. Carrying out Information Security Audits since:
Year 2001 - (erstwhile AUDITime Information Systems Ltd.)

Year 2018 (AQM Technologies Pvt. Ltd.)
Network security audit (Y/N): Y

Web-application security audit (Y/N): Y
Wireless security audit (Y/N): Y
Compliance audits (ISO 27001, PCI, etc.) (Y/N): Y
Cyber Security & CSOC Audits Y
Cloud & DC, DR, BCM (ISO 22301) Audits Y
Source Code Reviews Y
IT Application / ERP Audits Y
IT Security & Infrastructure Audits Y
Vulnerability Assessments & Pen Testing (Mobile/WebApps) Y
Third Party / Outsourcing / Vendor Audits Y
Functional Audits (BFSI/CBS/ Treasury / GL/ Recon) Audits Y
SWIFT / ATMs/ Switch/ API/ Payment Gateway Audits Y
Data& Technical Migration & Pre / Post Implementation Audits Y
IT M&A / Due Diligence Audits Y
Concurrent Audits – DC, Application, ITGC & Security Audits Y
Assurance of IT Audits Y
AUA/ KUA Audits Y
Govt. : 12
PSU : 5
Private : 17

based on project handled by them):
Category Number
Network security audit 21
Website /Web application security audit 73
Cyber Security / Compliance Audit 9
Application audit 5
Mobile Application Audit 29
Source Code Review 1
Server Configuration Audit 9
Server VAPT 4
Database Audit 4
Data Migration Audit 2
6. Technical manpower deployed for informationsecurity audits:
Technical Number
Competence
CISSPs: 1
BS7799 / ISO27001 4
LAs:
CISAs : 7 (Certified)
+2 (Certification
Pending)
DISAs / ISAs : 0

CISM, CISE, CFE, CEH, ECSA, CHFI, CCNA, CND CISC, CDAC (PG-DITISS),
M.Sc(Forensic sciences), CDCP, CDPO, Diploma in Cyber Law, CDAC (ITSS),
Networking, Win Ad & Linux, Cloud Star Certified, CPSE
Total Nos. of Technical Personnel:24
Critical sector organizations (attach Annexure if required): Refer Annexure.
etc.) along with project value:
1. Bandhan Bank -
1. APIs/ Middleware, Mobile Banking & Mobile based payment systems
2. Application Security, ATM switch audits
3. Vulnerability Assessments & Pen testing
4. Cyber security framework, BioMetric Authentication, Network Infra
5. NACH, SFMS, RTGS, NEFT, Corporate Internet Banking, Debit Cards System
6. Active Directory, OS & Databases
7. Network & Security Device
8. Configuration Review
9. Third Party (vendor Audits)
[security audits across multiple platforms, different regions with GRUH
Finance integrated with Bandhan Bank systems – Appls, Databases, APIs,
Network, Infra and Third Party audits] –
approx. Appl/ API/ Infra counts: ~ 200
Value : INR < 25 lacs
2. UCO Bank –
1. Penetration testing
2. Vulnerability Assessments
3. Source Code Audits
3. [VA & PT across multiple platforms including UPI systems, type of testing –
Black box / Grey box / White box) including source code audits – includes
mobile, App – web / thick client / standalone]
4. Periodic Testing / Quarterly / Half yearly –[multi year]
5. approx. Appl/ Source Code Audits/ Infra counts:> 450
Value : INR < 20 Lacs [periodic]
Tool Name Purpose

Acunetix Web Application VA
Burp suite Web App, Mobile App, API VAPT,
SoapUI API VAPT
CheckMarkx Source Code Review & Web App PT
Nessus Server VA, Network VA, Cloud VA
Qualys Server VA, Network VA, Cloud VA
Python scripts (proprietary) Server/Network/Web application VAPT
Logcat Mobile Application VAPT
Other Tools
Mobile application VAPT, Web Application VAPT, Server VAPT,
Kali Linux
Network + WiFI VAPT.
JD-GUI / DEX2JAR/
Mobile Application VAPT
APKTOOL/ Drozer/ MOBSF
POSTMAN Web services and API Testing automated tool
Wireshark Network protocol analyser
Ettercap network sniffing / intercepting / logger for ethernet LANs
OWASP Zed Attack Proxy/

Web application security scanning
SQLMap/ Iron Wasp/ Nikto
SSL Qualys server lab SSL Scanner
Internet security services checks/ assessment (e.g.: anti-
NetCraft / NMAP fraud and anti-phishing services and PCI scanning, Port
scanning)
Metasploit Framework /
Exploit code development framework for Pentesting
Netcat
EchoMirage Thick Client VA & PT
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No: NO
11. Whether organization has any Foreign Tie-Ups? If yes, give details: Yes/No:NO
12. Whether organization is a subsidiary of any foreign based organization:Yes/ No: NO

13. Locations of Overseas Headquarters/Offices, if any: Yes/No:NA

* Information as provided by AQM Technologies Pvt Ltd. On 26th Oct 2020.
Back
ANNEXURE
ANNEXURE - Details of Team:Details of technical manpower deployed for information security audits
S Name Email & Phone Durat Experie Qualification and Certification

. ion nce in
N with Informa
o. AQM tion
Securit
y
1. Madhav Madhav.Bhadra@aqmtech 19 19 CA, CISA
Bhadra nologies.com Years Years
2. Ritesh Ritesh.Kotecha@aqmtech 14 14 CA, CISA
Kotecha nologies.com years years
3. Dhruti Patel dhruti.patel@aqmtechnol 16 16 ICWA, CISA, ISO 20000
ogies.com Years Years
4. Sanjay sanjay.parikh@aqmtechn 4 19 CISA, CISM (certification pending),
Jitendra ologies.com Years Years CDPO, PGDM (Computers), ITIL v3
Parikh IT Service Management,
Certification in Business Analytics
5. Rasika Manoj rasika.patil@aqmtechnolo 4 4 Years ME (Computer Science), B.Sc, CISA,
Patil gies.com Years CISM, MCSE
6. Ruchika ruchika.agrawal@aqmtec 3Year 3Years B. Tech (Information Technology),
CDAC (PG-DITISS), ECSA
Agrawal hnologies.com s
7. Mahesh mahesh.harkulkar@aqmt 2 2 Years B.E. (Computer Engineering), CDAC
(PG-DITIS), CEH v10
Vaman echnologies.com Years
Harkulkar
8. Akash Bharat akash.chavan@aqmtechn 2 2 Years B.E. (Electronics and
Telecommunication), PG-DITISS,
Chavan ologies.com Years
CDAC, CEH v10
9. Chaitanya S. chaitanya.anant@aqmtec 2 2 Years B.E., CDAC, CEH, CIH V2
Anant hnologies.com Years
10. Nimesh Nimesh.Kacha@aqmtechn 2 2 Years B.Sc. (Computer Science), CEH,
DIPLOMA IN CYBER LAW,
Kacha ologies.com Years
ISO 27001 LA
11. Ankit Sharma Ankit.Sharma@aqmtechn 2 2 Years B. Sc (IT), CEH, ECSA, CHFI, ISO
27001 LA
ologies.com Years
12. Devender devender.tinwal@aqmtec 1.5 1.5 CISA (Certification Pending),
Tinwal hnologies.com Years Year
13. KajolMogra Kajol.Mogra@aqmtechnol 1.5 1.5 B.Sc., Masters in Forensic Science,
CEH v10
ogies.com Years Year
14. Vaibhav Mali Vaibhav.Mali@aqmtechno 1 12 BSc (Computer Science), MBA,
logies.com Year Years ITILv4, , PRINCEv2, CCNA, MCSE, ,
MCTS & MCP, JNCIA
15. Durgesh P. Durgesh.Badgujar@aqmt 1.5 1.5 CDAC, CEH v10
Badgujar echnolohies.com Year Years
16. Ravindra A Ravindra.A@aqmtechnolo <1 12 BE, MBA, Dip in Ind. Mgmt,
Chartered Engineer, CISA, CDPSE,
gies.com year Years ISO 27001 LA, ISO22301-BCMS LI,
ISO27701 PIMS LI, CDCP, CSA Star
Certification Auditor, Risk &
Compliance Mgmt Professional,
Project Mgmt Professional.
17. Nakul Nakul.Dhamale@aqmtech 1 1 Year B.E E&TC(2016), CDAC (PG-
Dhamale nologies.com Year DITISS), CEH v10
18. Rohit rohit.gondane@aqmtechn <1 1 Year B.E (IT), CEH v10
Gondane ologies.com year
19. Govind govind.boddepalli@aqmte <1 4Years CEH v10, CHFI, LPT
Boddepalli chnologies.com year
20. Sridhar sridhar.pulivarthy@aqmte <1 18 CISA, CISSP, CRISC, ZED Certified
Consultant, CFE, PfMP, CCSE, PMP,
Pulivarthy chnologies.com> year years
ITIL Practitioner, ITIL Expert V3,
PRINCE2® Foundation Certification
Training, ISO 20000 Lead Auditor,
ISO 27001 Lead Auditor, ISO 9001
Lead Auditor, CMMi Assessor
(Internal), SSCA, SCNA, Rational
Tools Expert (ClearCase Admin &
ClearQuest Admin), Oracle Certified
Professional (OCP)
21. Gargi Gargi.Kulkarni@aqmtechn 1 1 Year CCNA, CEH v10
Vidyadhar ologies.com Year
Kulkarni
22. Saurabh Saurabh.Jadhav@aqmtec 1 1 Year
BE, CDAC PG-DITISS, CEH v10
Jadhav hnologies.com Year
23. usha.nanduri@aqmtechno 1 7 Years CISA –(Certification Pending)IS0
27001:2013 - Certified Internal
logies.com> Year
Auditor, CSM - Certified Scrum
Master -Agile, CSQA ,CSTE -
Usha Nanduri Certified Software Quality Analyst,
Test Engineer, Six Sigma Green Belt
Certification, Project Management
Professional (PMP)- PMI -PMP
Trained, SOX and IT Audits - ISACA
Trained
24. shankar.vela@aqmtechno >1 3.5
Shankar Vela B.Tech, CEH v10
logies.com years
Back
M/s Centre for Development of Advanced Computing (C - DAC)
Centre for Development of Advanced Computing (C - DAC),

Plot No. 6 & 7, Hardware Park,
Sy No. 1/1, Srisailam Highway,
Pahadi Shareef Via Keshavagiri (Post), Hyderabad - 501510

 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, eSign, UIDAI,
SOC1/SOC2/SOC3 etc.) (Y/N) : Yes
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway, eSign, UIDAI Compliance
etc.) (Y/N) : Yes
 ICS/OT Audits (IEC27001/27017/27018/27701/NCSC Cyber essentials) (Y/N) : Yes
 Cloud security Audits (IEC62443, NERCCH, NIST/NIS/CSCCAP) (Y/N) : Yes
Govt. : 320
PSU : 20
Private : 38


Wireless security audit : 10
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : 22
ICS/OT Audits : 2
Cloud security Audits : 2
Webservices security Audit : 50
Mobile Application security audit : 50
Source Code Application security audit : 05
CISSPs : 02
BS7799 / ISO27001 LAs : 05
CISAs : 0
DISAs / ISAs/CERT/SANS Certified Professionals : 20
Any other information security qualification: Refer table below
(including R&D team)
S. Name of Duration with Experience in Qualifications related to
No. Employee <organization> Information Information security
Security
1 Murthy.Ch.A.S May, 1999 18+  ISMS LA
 SANS - GAWN
 SANS - GXPN
 CERT-CC Certified
Incident Handling,
Forensics Analysis and
Network Security in CMU,
USA
2 Eswari PRL Feb 2000 19+  CERT-CC Certified
Incident Handling,
Forensics Analysis and
Network Security in CMU,
USA
 GREM
3 Indraveni.K July 2005 14+  CISA Certified
 ISMS LA
 SANS GWAPT
 SANS Advanced Web
Application Penetration
Testing and ethical
hacking
4 Tatikayala Sai Feb 2007 12  GIAC Security Essentials
Gopal (GSEC)
5 Jyostna G Mar 2006 13  GMOB
6 Mahesh Patil Aug-04 15  GREM, ECSA, CEH7
7 Sandeep Romana Sep-07 12  CISSP
8 Tyeb Naushad Oct-2008 13  CCNA, ITL, ECSA
9 Nandeeshwar B 2008 11  CEH , EC-Council

 ECSA
 ISMS LA
10 Rakesh T 2006 13  CISS
 (ISC2)
ISMS-LA, Indian Institute of
Quality Management, STQC
11 Varun Jain 2008 10 ECSA, CISP (STQC)
12 Satish Babu 2012 7 CISP (STQC)
13 Amit Kr Singh 2012 7 -
14 Tarun Kumar 2012 7 CISP (STQC)
15 Rishabh Chauhan 2017 2 -
16 Shivam Mishra 2018 1 -
17 Ritesh Dwivedi 2018 1 -
18 Navdeep Singh 2010 9 ECSA, CISP

Chahal
19 Harpreet Singh 2013 6+ -
20 Sukhmeet Singh 2016 5+ -
21 Chetan Soni 2012 8 -
22 Daveet Singh 2012 7+ CISP, RHCE
23 U V Sudharshan 2018 3+ -
24 Anupam Chanda 2009 10 ECSA, STQC-CISP, SANS FOR-

408, SANS FOR-508
25 Kousik Maiti 2014 5 ECSA,RHCSA, Cellbrite CCO,
Cellebrite CCPA, SANS FOR-
585, MOBILedit Certified
26 Aniruddha Datta 2014 5 CCNA, Pursuing CHFI,
Cellbrite CCO, Cellbrite
CCPA, MOBILedit Certified
27 Sourav Mitra 2014 5 CHFI, Win 10 Forensics
(Access Data), Mac Forensics
(BlackBag), SANS LEG -523
28 Akshay Pandey 2021 1+ -
29 Pooja Jadhav 2018 4 -
30 Sheetal Mahajan 2019 3+ -
31 Ajith Menon 2021 4+ CEH, CHFI
32 Harmesh Rana 2021 1 -
33 Roshan Pathak 2021 1 -
34 Rachit Verma 2021 1 -
etc.) Along with project value.
Slno Organization Scope of Auditing Volume
1 Kochi Metro  Web applications VAPT  Web applications - 6

Rail  VAPT of Network  Network infrastructure - 15
Corporation infrastructure  Traffic Analysis - 1
Network,  Traffic Analysis
Cochin
2 NERLDC,  Web applications VAPT  Web applications - 10

POSOCO  VAPT of Network  Network infrastructure -
infrastructure o Servers - 34
Shillong and o Desktops/Laptops/Work
Guwahati Stations - 77
o Routers - 03
o Switches (L2, L3) - 02
o Firewalls - 09
o Wireless Access Points,
ACLs, CCTV - 02
 Penetration Testing - 10
3 ONGC, Delhi  Review of policy and  Network devices - 204
procedure  Web applications - 10
 Vulnerability assessment and
Penetration testing for both
DC and DR
 Email system security
assessment
 Paperless office system
“DISHA” security assessment
 Active Directory security

assessment
 Web Application security
testing
 Configuration review for both
DC and DR
 Review of network and
security architecture for both
DC and DR
 Review of Data center
infrastructure for both DC and
DR
 Risk matrix
4 State Bank of  Web applications  Web applications ~ 10
India  Mobile applications  Mobile applications ~ 6
 Comprehensive Security  CSR Review ~ 40 applications
Review
5 Damodar 4 years projects  Web applications ~ 50
Valley  Network infra ~ 200
Corporation  ISMS Consultancy  OT systems ~ 150
Ltd, Kolkatta  VAPT of IT and OT Systems
6 APEPDCL 3 years  Web applications ~ 30

 Network devices ~ 275
 ISMS Consultancy
 VAPT of IT Systems
7 NPCI  Comprehensive Security  Web applications ~ 15
review  Network devices ~ 30
8 IFTAS  Comprehensive Security  Policy gap assessment
review  Risk assessment
 Threat analysis
9 SRLDC,  Web applications  Web applications ~ 6
POSOCO,  Network Infra  Network components ~ 57
Bangalore  VAPT Intra and extranet
10 Bank of  Threat Assessment  Servers - 20

Maharashtra  SOC and SIEM Analysis
 Malware analysis
11 Goa Shipyard  Web applications  Switches - 20
Limited  Network Infra  Firewalls - 2
 VAPT Intra and extra net  Servers - 12
 Workstations - 50
12 Centre for e-  VAPT of Web Applications  Web applications ~ 300
Governance
13 New  VAPT Network infrastructure  Switches - 40

Mangalore  Firewall - 1
Port Trust  Unmanaged switches - 5
 Desktop - 80
 Wireless access points - 12
 Servers - 22
 Workstations ~ 60
14 Indian Oil  Cyber security services for 1  Web applications
year  Network architecture
15 New Delhi  Setting up Disaster Recovery  Servers – 23
Municipal (DR Site)  Other Devices – 3
Council
(NDMC)
16 CISF Chennai  VAPT of Network  Workstations – 39

Infrastructure  Routers – 03
17 Novatrice  VAPT of web applications and  Web Applications ~10
Technologies webservices  Webservices ~10
18 DRDL  Technical Consultancy  Consultancy Services for

Hyderabad services for the maintenance, DRONA Project
performance and security of  Consultancy Services for DNET
the Network Systems at DRDL Project
 Consultancy Services for BOSS
Project
19 Dept. of  VAPT of Web and Mobile  Web Applications – 02
Registration Application  Mobile Applications – 01
and Stamp (including webservices)
Revenue
20 DRDO, New  Training Programme  Provided Security Training of

Delhi ISOs
Commercial
Freeware Commercial
1. Arachni 1. Httprint 1. Burpsuite Professional

2. OWASP ZAP 2. Curl 2. Nessus
3. Nmap 3. Tcpdump 3. Core Impact
4. Nikto 4. Fimap 4. BeStorm
5. Netcat 5. SwfScan 5. BeSecure
6. W3af 6. Hydra 6. BeSource
7. Wapiti 7. John the Ripper 7. HCL AppScan
8. Sqlmap 8. Ssltest 8. Splunk
9. Zapproxy 9. Sslstrip 9. Nipper
10. Network Miner Pro
10. Skipfish 10. Cain and Abel
11. Netsparker
11. Backtrack , Kali 11. Brutus
12. Openssl 12. Airmon -ng
13. Dirbuster 13. Hping
14. Wireshark 14. Scapy
15. Loki 15. wsfuzzer
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No

11. Whether organization has any Foreign Tie-Ups? If yes, give details: Yes/No
12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No

13. Locations of Overseas Headquarters/Offices, if any : Yes/ No
*Information as provided by C-DAC, Hyderabad on 20.05.2022

Back
M/s Crossbow Labs LLP
Crossbow Labs LLP, Bangalore
 Network security audit (Yes)

 Web-application security audit (Yes)
 Wireless security audit (Yes)
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Yes)
 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) (Yes)
 ICS/OT Audits (Yes)
 Cloud security Audits (Yes)
Govt. : Less than 10

PSU : Less than 10
Private : 100+

Network security audit:100+

Web-application security audit: 100+
Wireless security audit:Less than 10
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): 100+
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.): 100+
ICS/OT Audits: Less than 10
Cloud security Audits: Less than 10
CISSPs : 4
BS7799 / ISO27001 LAs : 13
CISAs : 2
DISAs / ISAs :
Any other information security qualification: CEH, OSCP, eJPT, PCI QSA, PCI SSF Assessor,
CHFI, CISM, CCENT, CPTE, NSEC, CyberArk Certified Trustee, CNSS

No. Crossbowlabs Information Security Information security
LLP
1 CISA, PCI QSA, ISO
Rosan Thomas 6.5 years 10+ years 27001 LA, CISSP
2 Deepak Umapathy 6 years 5 11+ years ISO 27001 LA, PCI QSA
months
3 Suryaji Vinayak CISA, CISSP, PCI QSA,
Bhosale 6.8 years 10+ years ISO 27001 LA
4 Anantharam VK 9 months 20 + years ISO 27001 LA
5 Kirubakaran PCI QSA, ISO 27001
Parkunan 3.7 years 8 years LA, PCI SSF Assessor
6 PCI QSA, ISO 27001
Sabeena Job 5.9 years 7 + years LA, CISM
7 Khaviyaa
Janakiraman 4.4 years 4.4 years CISSP, PCI QSA
8 Mohammed Adam 2.2 years 3.9 years ISO 27001 LA, CHFI
9 Vinayak Agrahari 2.2 years 7 years CEH, OSCP
10 Rajeshwari
Salmani 8 months 2.6 years CEH
11 Saee Bhosale 1.1 years 1.1 years CISSP
12 Amit Roy 10 months 10 months OSCP, CCENT
13 Akhilraj R 10 months 7 years OSCP, CEH
14 Ashish Patil 1.2 years 1.6years CPTE, OSCP
15 G Prashanth 1.9 years 1.9 years CEH, eJPT
16 Ankush Chavan 1.6 years 1.6years ISO 27001 LA
17 Abubacker CEH, CyberArk Certified
Siddique 11 months 3 years Trustee
18 Aditya Sharma 11 months 11 months NSEC, CNSS
19 Mohammed Irfan 2.2 years 4.9 years
20 Jessy Sheen 1.9 years 1.9 years
21 Ajith Kumar 2.7 years 8 + years ISO 27001 LA
22 Gouthem Karthik
Palani 4.6 years 4.6 years ISO 27001 LA
23 Pratik Mehta 4.4 years 7+ years ISO 27001 LA
24 Bala Murali 1.3 years 1.3 years ISO 27001 LA
25 Nivedita Sharma 2.6 years 2.6 years ISO 27001 LA
RBI CISA Audits for - Payment Aggregators&Payment Gateways, Prepaid Payment

Instruments, Payment Data Localization
Web Application Security Audit for 17 Applications of an Insurance Organization
Compliance projects for international conglomerates in terms of consulting support, testing,
audit and reporting
Commercial – BurpSuite, Nessus, Metasploit, Exploitpack

Freeware – Kali, Parrot OS
Proprietary – Data Discovery Tool, Compliance Management Tool


13. Locations of Overseas Headquarters/Offices, if any : 2(UAE, US)
*Information as provided by Crossbow Labs on July 01, 2021

Back
M/s CyberQ Consulting Pvt Ltd.
CyberQ Consulting Pvt Ltd.

J-1917, Chittaranjan Park, New Delhi 110019
Email : debopriyo.kar[at]cyberqindia.com info[at]cyberqindia.com ;
Pramod.pant[at]Cyberqindia.com
Correspondence Address:
A 14-15, 3rd Floor,Sector 59, Noida, Uttar Pradesh-201301

 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N) : Yes
Govt. : 65
PSU : 6
Private : 35
(we have completed multiple project for 1 clients)


Compliance audits(ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : 10
ICS/OT Audits : 18
CISSPs : 1
BS7799 / ISO27001 LAs : 2
CISAs : 1
DISAs / ISAs : 0
1. Mr. Pramod 01-11-2012 22 CEH, CISA, ISO 27001
Kumar Pant LI
2. Mr. Debopriyo Kar 01-03-2002 45 CISSP, ISO 27001 LA
3. Mr. Mathew 01-05-2014 16 CISA and ISO 27001

Varghese LA
4. Arup Roy 22-02-2014 38 ISO 20000-1
5. Abhinav 06-10-2022 1 -
6. Kundan 12-04-2019 7 ISO 27001LA
7. Aayush 16-11-2021 3 ISO 27001LA
8. Hemant 15-09-2013 5 CEH
9. Akash 16-04-2022 2 CEH
10. Sahil 06-10-2022 1 CEH
11. Vishal Kumar 06-10-2022 6 months CEH
12. Aniket 06-10-2022 1 CEH
13. Sushil Kumar 06-04-2014 8 CEH
14. Sujeet 10-05-2014 9 CEH
15. Sheetal Singh 15-09-2021 1 -
16. Pooja Joshi 04-04-2022 8 -
a. OTPC – NEW DELHI, TRIPURA LOCATION

b. OIL INDIA –IT & OT FOR 5 LOCATIONS
c. HYDRO POWER SECTOR – MULTIPLE LOCATION, IT/OT AND ISMS COMPLIANCE SERVICES
d. SMART CITY PROJECTS – CYBER SECURITY AUDIT, IT INFRA
e. LARGE GOVT OF INDIA BANKING SECTOR - CYBER SECURITY AUDIT

*Information as provided by CyberQ Consulting Pvt Ltd. on 31 Oct 2022
Back
M/s Deloitte Touche Tohmatsu India LLP
Deloitte Touche Tohmatsu India Limited Liability Partnership
2. Carrying out Information Security Audits since : Prior to Year 2000
 Network security audit: Yes

 Web-application security audit: Yes
 Wireless security audit: Yes
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): Yes
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) Yes
 ICS/OT Audits (Y/N) - Yes
 Cloud security Audits (Y/N) – Yes
Govt.:10+
PSU:5+
Private:200+
Total Nos. of Information Security Audits done:200+


Wireless security audit:1
ICS/OT Audits: 0
CISSPs: 25+
BS7799 / ISO27001 LAs: 150+
CISAs: 30+
DISAs / ISAs: 5
Any other information security qualification:CISM: 10+, OSCP: 10+
Total Nos. of Technical Personnel : more then 150
Sr. No. Name of Employee Duration with Experience in Qualification related to

<organization> Information Information security
Security
1 Achal Gangwani 9+ Years 16+ Years ArcSight ESM Security
Analyst – AESA, CEH, ISO
27001:2005 ISMS Lead
Auditor, ITIL Foundation
Level Certified, CCNA, IBM
Certified System
Administrator, IBM Certified
Associate Developer
2 Shubham Gupta 3+ Years 2+ Years OSCP, CREST CRT
3 Umesh Huddar 3+ Years 4+ Years OSCP, ECSA
4 Eby Mohan 1+ Years 5+ Years CEH
5 Sai Kiran Battaluri 2+ Years 3+ Years CEH, (ISC)2 System
Security Certified
Practitioner
6 Lakshmi Allamsetty 3 Years 20+ Years CISA, CEH, BCMS
7 Pramod Kumar 3+ Years 13+ Years CISSP, CEH, ITIL, ISO
Potharaju 27001 LA
8 Zeel D Chavda 3+ Years 3+ Years CEH
9 Maheshkumar 3+ Years 6+ Years ECSA, ISO27001
Palaniyappan
10 Kapil Bhardwaj 4+ Years 10+ Years CEH, ISO 27001, ITIL,
Prozm Asset Management
Pro, JNCIA
11 G Shanmugaraj 1+ Year 3+ Years CEH

12 Rishi Singh 2 Month 3+ Years CEH
13 Immanuel 6 Month 1+ Years CEH, ECSA
14 Gurdeep Singh 2+ Years 11+ Years CISA, ISO 27001, ITIL v4
15 Harshita Lal 3+ Years 5+ Years ISO L1 27001, ISO BS

10012, ISA-IEC 62443-32,
62443-33
16 Minaj Khan 5+ Years 15+ Years ITIL, ISO 27001, PMP
17 Diksha Garg 2+ Years 3+ Years ISO 27001
18 Divya Sharma 4+ Years 10+ Years ISO 27001, CEH, CISA
19 Pragati Priya 5+ Years 3+ Years ISO 27001
20 Pritam Pattnaik 5+ Years 14+ Years ISO 27001, CCNA, PRINCE
2
21 Shivam Bhardwaj 3+ Years 10+ Years CEH, ISO 27001
22 Deeprag Rana 3+ Years 16+ Years Prince 2, AWS, CDCP, ISO
27001
23 Vedant Singh 3+ Years 3+ Years ISO 27001, IS0 9001, BS
10012
24 Rajesh Kumar 4+ Years 15+ Years CISA, ISO 27001
25 Chirag Barot 4+ Years 12+ Years ITIL
26 Uddin Mohammed 5+ Years 11+ Years CISA, ISO 27001, ISO
20000,CCNA Security
27 Akhil Khanna 3+ Years 12+ Years CEH, ISO 27001, Qualys
Vulnerability Management
1. State Data Center Third Party Audit: State Government (Critical), Tamil Nadu, more
than 5 CR
9. List of Information Security Audit Tools used(commercial/ freeware/proprietary): Burp Suite,

Nessus, Web Inspect, HP Fortify, Nikto, Postman
10. Outsourcing of Project to External Information Security Auditors / Experts: No ( If yes,
kindly provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details: Not Applicable
12. Whether organization is a subsidiary of any foreign based organization? No

13. Locations of Overseas Headquarters/Offices, if any:M/s Deloitte Touche Tohmatsu India

Limited Liability Partnership, Indiabulls Finance Centre, Tower 3, 27th – 32nd Floor, Senapati
Bapat Marg, Elphinstone Road (West), Mumbai-400013, Maharashtra, India
*Information as provided by DTTILLP on July 01, 2021
Back
M/s Grant Thornton Bharat LLP
Grant Thornton Bharat LLP,

L 41, Connaught Circus,
Outer Circle, New Delhi. PIN - 110 001
 Network security audit : Yes

 Web application security audit : Yes
 Wireless security audit : Yes
 Compliance audits (ISO 27001, PCI and guidelines from regulators etc.) : Yes
 IOT security testing : Yes
 Mobile application security : Yes
 Secure Configuration reviews : Yes
 Source code reviews : Yes
 API security assessments : Yes
 Cloud security : Yes
 Red Teaming : Yes
 Secure Network Architecture Review : Yes
 Cyber Incident Investigation : Yes
 Phishing Campaign : Yes
Govt. : 0
PSU : 2
Private : 156

Web-application security audit : 30+
Compliance audits (ISO 27001, PCI etc.) :
135+
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) :
4+
ICS/OT Audits : 2
Cloud security Audits: : 10+

CISSPs : 0
BS7799 / ISO27001 LAs / LI : 25
CISAs : 7
DISAs / ISAs : 0
Any other information security qualification : 4 OSCP

15 CEH
2 ECSA
4 ISO 22301
1 CISM
6 CCNA
4 SAP
2 DSCI
1 CPISI
7 ITIL
1 GDPR FAS
2 RHCS
Critical sector organizations (attach Annexure if required) : Please refer to Annexure 1
Leading IT / ITES GT have examined client’s Facility Level Countries: 16
Service Provider Controls and Client services controls
related system as of date and throughout Facilities
the period and the suitability of the design covered:57
and operating effectiveness of client’s
controls to achieve the related control
objectives. Control areas covered are-
 Physical Security - Entity;

 Physical Security - Restricted Area;
 Human Resource;
 Master Service Agreement Monitoring;
 Data Security and Confidentiality;
 Environmental Controls, Capacity &
Continuity;
 Logical Access;
 Anti-virus;
 Global Telecom Operations;
 Back-up;
 Security Incident Management; and
 • Other client specific control areas
Commercial Tools:
 Nessus
 Burpsuite
 Snappytick
Freeware Tools:
 Metasploit
 Wireshark
 NMAP
 SQLMap
 Nikto
 MobiSF
 Hydra
 Cain and Abel
 John The Ripper
The list of tools mentioned above are indicative
10. Outsourcing of Project to External Information Security Auditors / Experts : : No( If

yes, kindly provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : : Yes
Yes, Grant Thornton Bharat is part of the GT Member Firm network which is spread across the
globe in 140 countries.
12. Whether organization is a subsidiary of any foreign based organization? : : No

Grant Thornton in India is a member firm within Grant Thornton International (GTIL), global
organization with member firms in over 140 countries. Grant Thornton Bharat LLP (formerly
Grant Thornton India) is registered with limited liability with identity number AAA-7677 and
has its registered office at L-41 Connaught Circus, New Delhi, 110001. References to Grant
Thornton are to Grant Thornton International Ltd (Grant Thornton International) or its member
firms. Grant Thornton International and the member firms are not a worldwide partnership.
Services are delivered independently by the member firms. Member firms carry the Grant
Thornton name, either exclusively or as part of their national practice names and provide
assurance, tax and advisory services to their clients. All member firms share both a common
global strategy and a common global culture focusing on improvement in quality of service
delivery, procedures to monitor quality, and the risk management methodology.
13. Locations of Overseas Headquarters/Offices, if any : : No
*Information as provided by Grant Thornton Bharat LLPon 2ndJuly 2021
Back
Annexure 1:
Experience in
S. Duration with Qualifications related to
Name of Employee Information
No. GTBLLP Information security
Security
Master’s in information
1 Akshay Garkel 3+ years 19+ years
technology
2 Rohit Bharath Das 3+ years 13+ years CISA, ISO 27001, COBIT 5
3 Jignesh Shah 3+ years 18+ Years CEH, CISA qualified, ISO 27001
Sindhu Shaji
4 2 years 13+ years CISA
Vethody
Pradeep Dhanaji
5 2 years 13+ years ISO 27001 LA, CEH, CCNA
Mahangare
6 Abhijeet Jayaraj 3 years 8 years CEH, OSCP
CEH, Post Graduate Diploma in
Sagar Prakash
7 2.5+ years 6+ years Digital & Cyber Forensics and
Gajara
related laws, CCI (ASCL)
8 Mrinmayee Anerao 3 years 7+ years CEH
CISA,ISO 27001 LA
9 Ankita Sinha 8years 3 years
ISO 22301 BCMS LI
10 Mainul Hasan 7 months 2 years CEH, OSCP, ISO 27001 LA
11 Amit Bedwa 4 years 2.5+ years ISO 27001, ISO 22301
12 Gurpreet Singh 1.5+ years 7+ years CEH, ECSA
13 Aditya Joshi 3.5 Years 1+years CISA
Gurpreet Singh
14 1.5 years 1.5 years ISO27001 LA
Raina
ISO 27001:2013 LA, ITIL Version
15 Juhee Sharma 1+ year 1+ year 4 , Fortinet NSE Level 1 and
Level 2 certified
ISO 27001:2013 LA,
ISO27001:2013 LI, CCNA,
CCNA-Security, CCSA, Qualys
16 Mohit Gera 11 months 10.5 years
Guard Certified Specialist,
Accredited Certified Engineer
(ACE) – Palo Alto
5 years & 6
17 Steadin Fernandes 6 years ISO 27001:2013
Months
ISO 27001:2013 Lead Auditor,
DSCI Certified Privacy Lead
18 Siddhesh Shirkar 1yr 11months 4yr 11months Assessor (DCPLA), Certified
Payment Card Industry Security
Implementer (CPISI v3.2)
19 Shivani Koul 2 years 2 years ISO 27001:2013 LI
20 Shruthi Nair 2 years 2 years ISO 27001:2013 LI
21 Harsh Awasthi 1 Year 1 Month ISO 27001:2013 LI
22 Armaan Kishan 1 year 1 year ISO 27001:2013 LA
PGD- IT (Symbiosis University),
24 Lalit Sharma 8+ years 9 Years DCPP (DSCI), ITIL (Foundation),
CISA (Q), CISM (Q)
CEH v10 (Oct 2019-2022), AWS
25 Shivani Kamal 2.3 Years 2.3 Years
technical Professional (Lifetime)
ISO27001:2005 LI : OneTrust
26 Nitish Mishra 2.8 years 8 years
Data Mapping Expert,
OneTrust Privacy Management
Professional;OneTrust Vendor
Risk Management Expert
27 Ankitha Chinnapolu 5.11 years 8.8 years ITIL, RHCSA, RHCE, CCNA
Back
M/s KPMG Assurance and Consulting Services LLP
KPMG Assurance and Consulting Services LLP

DLF Building No. 10, 8th Floor, Tower C, DLF Cyber City, Phase 2,
Gurgaon, Haryana, 122002

 Web-application security audit : Yes
 Compliance audits (ISO 27001, PCI, etc.) : Yes
• Mobile Application Security Audit : Yes
• Secure configuration audit (Server, Firewall, etc.) : Yes
• Source Code Review : Yes
• Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : Yes
• Information security policy review and ssessment against best
security practices/Information System Audit : Yes
• IOT security Testing : Yes
• API Security Assessments : Yes
• Telecom security : Yes
• Secure Network Architecture Review : Yes
• Digital forensic : Yes
• Cyber Incident Response : Yes
• Data leak Monitoring : Yes
• Cyber Threat Intelligence/Open Source Intelligence : Yes
• Red Team : Yes
• Breach and Attack Simulation (BAS) : Yes
• Brand Monitoring : Yes
• Phishing Campaign : Yes
• ICS/OT security Audits : Yes
• Cloud security Audits : Yes
• Brand monitoring : Yes
• Threat Hunting : Yes
Govt. : 20+
PSU : 30+
Private : 70+

Network security audit: 70+

Wireless security audit: 20+
Compliance audits (ISO 27001, PCI, etc.): 25+
Mobile Application Security audit 25+
Secure configuration audit (Server, Firewall, etc.) 35+
Source Code Review 15+
Finance Sector Audits (Swift, ATMs, API, Payment 45+
Gateway etc.)
ICS/OT Audits 15+
Cyber Incident response 20+
Cloud security Audits 15+
Threat Hunting and advisories 10+
CISSPs : 10+
BS7799 / ISO27001 LAs : 30+
CISAs : 55
CEH/OSCP : 131
CCSK/OSCP : 10
CCNA / CCNP/CCIE : 15
CHFI / ECIH : 10
Cloud Security Certification : 110+
S. Name of Duration with Experience Qualifications related

No. Employee <organization> in to Information
Information security
Security
1 Sony Anthony 20yrs 26yrs ISO 27001, ISO 22301, ISO

20000
2 Manish 8yrs 19yrs CEH, CCNA, CISA, ISO 22301
Tembhurkar
3 Urmimala 11yrs 15yrs CEH, ISMS-27001:2013, ITIL,
Dasgupta QualysGuard
4 Anupama Atluri 11yrs 15yrs CEH, CCSK, ISO Lead
Implementer, IBM Certified
Pen tester
5 Areeb Naqi 5yrs 8yrs OSCP,CEH, ISO 27001 LA,
ECIH,CISM
6 Sohil Thanki 8yrs 11yrs CISA, ISO 27001 LA, ISO 23001
7 Rishabh Dangwal 6yrs 9yrs OSCP, CEH,CISM
8 Abhishek Dashora 6yrs 8yrs CEH, CCSK
9 Harsha Bhatt 7yrs 8Yrs OSCP, CCSK, Blockchain
10 Anish Mitra 7Yrs 11Yrs OSCP, CEH,ECSA, CCSK,ITIL,
Qualys Certified Pen tester
Cyber Security Governance and Assurance program for largest identity management
program in India:
 KPMG is currently working with India’s largest identity management program, to
implement cyber security Governance, Risk and Compliance and Performance
framework. KPMG is conducting periodic security risk assessment, business
application reviews and vulnerability identifications across client’s technology
ecosystem.
 KPMG is supporting client in implementation of ISMS framework against ISO
27001 standards and periodic cyber security maturity reviews threat assessments
and BCP/ DR reviews.
 KPMG provides support in cyber incident investigation and forensic analysis. As a
part of engagement, KPMG is involved in proactive identification of the possible
cyber fraud scenarios and highlight the same to the client so that appropriate
safeguards and controls can be established to prevent the incidents.
 KPMG is also engaged with the client for service level monitoring of the contracts
for various ecosystem partners to provide performance assurance services and
assisting the organizations’ performance as per the desired levels.
 KPMG has been providing support in design of Privacy framework design and
certification against standards. The key activity includes of designing a privacy
framework to ensure the sensitive and critical data is well protected and is being
complied to across the ecosystem and provides continuous oversight support for
managing Information Security, Privacy risks in accordance with its business
requirements, laws and regulations.
 Value of the engagement is more than INR 10Cr
Cyber Forensics Incident Investigation for Large E-Commerce Organization:

 KPMG performed the cyber forensics incident investigation for a large BFSI India
where in KPMG performed forensics imaging of various servers and endpoints
which were suspected to be a part of data breach. As a part of engagement, KPMG
conducted the in-dept analysis of forensics images to identify the root cause and
incident timelines of the data breach.
 KPMG was engaged with the client to review the logs for various security solutions
to understand the tactics, techniques and procedures used by attacker to
compromise the systems. As a part of the assessment, detail cyber security
investigation report was submitted which also outlines the root cause of incident,
security roadmap and recommendations to mitigate identified gaps to enable
Client to further strengthen the security posture of an organization.
Security testing across multiple telecom clients in India:

 KPMG has been providing security assessment service to improve the security
posture across 4G networks for a telecom operator in India. KPMG performed
circle wide node security assessments. We also assisted clients in security testing
of web based and client based Mobile Apps, including SIM card testing and
Telecom solutions like Femtocell and Pico cells. KPMG helped client to prepare
and implement minimum baseline security standards for various network
elements and devices.
Security Audit for Nationalized Bank:

 KPMG has been engaged with a leading bank to conduct quarterly security audit of
its applications, vulnerability assessment, external penetration test, IT DR review
and review of policy and process. KPMG conducts periodic security assessment for
the bank’s IT systems and infrastructure covering data centre, DR site, IT Head
office, call centres, sample ATM machines and other sample office network spread
across the country.
 The value of engagement is more than INR 1Cr.
Security assessment of critical infrastructure organization

 KPMG is working with a power and utility company in India to assess the security
controls in IT and operational technology (OT) systems which are deployed in the
Generation plant, Transmission and Distribution etc. The security assessment
includes review of device security configuration, vulnerability assessment,
technical security testing and review of OT security policy and procedures.
Cyber security audit of critical infrastructure:

 KPMG is working with a leading company to assess the security controls in IT and
operational technology (OT) systems .
 The security assessment includes the review of their information security policy,
OT system applications and web application security testing, network device
vulnerability assessment & security configuration, server systems & workstation
systems audit.
 The activity also includes secure network architecture review of Data
centers/OCCs , develop & document emergency contingency plan and cyber crisis
management plan for IT & OT facilities of SCADA,BMS,S&T & IT.
 The value of engagement is more than INR 35 Lakhs.
Cyber security audit of critical infrastructure for a leading Oil and Gas organization:
 KPMG is working with a leading oil and gas company to assess the security
controls in IT and operational technology (OT) systems which are deployed in their
refinery and pipeline locations across multiple locations in India.
 The security assessment includes application security, review of device security
configuration, security assessment of network devices, critical servers & systems
such as DCS,HMI, engineering workstations, SCADA systems, industrial control
systems(ICS) et al.
 The activity also includes Network architecture review of IT & OT landscape,
technical security testing and review of OT security controls with respect to
industry standards and best practices.
Security Audit of a large BFSI Client

 KPMG is currently working with one of the leading investment bank on the
application security testing services which includes manual security testing of
organization’s business critical applications, internet facing applications, payment
applications, thick client applications and source code review. As part of the
application security testing service KPMG is responsible to manage the overall
security testing program of the client from project initiation to delivery phase.
KPMG is also responsible to conduct risk assessment and documentation of the
issues identified and track them to completion with the help of application
developers.
 The overall value of the project is approximately INR 3Cr.
Cyber Security Assessment of Large Oil and Gas Company:

 KPMG has worked with one of the largest oil company of India, to secure their
infrastructure and application environment through continues security testing .
 KPMG has conducted Vulnerability Assessment and penetration Testing of client's
critical infrastructure and supported them in mitigating any reported security
flaws.
 KPMG has performed the security assessment of applications which includes the
manual security testing of organization’s business critical applications, internet
facing applications, Web services and mobile application.
 KPMG has supported the organization in implementing the security configuration
of their critical assets.
 KPMG has performed the Daily Website Monitoring of business-critical applications
and present the weekly reports for any changes observed and the vulnerability
present across the website.
 The overall value of the project is approximately INR 1.5Cr.
Commercial
 Acunetix,
 Burp,
 Nessus
 AppScan
 WebInspect
Proprietary
 KRaptor,
 KPMG Brand Protection Tool,
 KPMG SABA,
 KCR Tool
 KPMG Digital Signals Insight Platform
 KPMG Threat intelligence tool
Open source tools
 BackTrack,
 Kali Linux,
 Paros,
 SQLMap,
 nmap,
 Wireshark


*Information as provided by: KPMG Assurance and Consulting Services LLP on 8th June 2022
Back
M/s Mahindra Special Services Group
1. Name & location of the empaneled Information Security Auditing Organization :
Mahindra Special Services Group

(Divisionof Mahindra Defence Systems Limited)
Mahindra Towers, P.K Kurne Chowk,
Dr. G.M Bhosale Marg, Worli, Mumbai - 400018, India
2. Carrying out Information Security Audits since : : 2002

 Compliance audits(ISO 22301) : Yes
 Mobile Application Security Audit : Yes
Govt. : 9
PSU : 14
Private : 66


Compliance audits (ISO 27001, ISO 22301, ISO 20000, PCI, etc.) : 40+
CISSPs : 0
BS7799 / ISO27001 LAs : 17
CISAs : 4
DISAs / ISAs : 0
Any other information security qualification (CISM, OSCP, CEH, CND) : 40
Experience
S. Duration with in Qualifications related to
Name of Employee
No. <organization> Information Information security
Security
MS ( Cyber Law & Information

1 Shailesh Srivastava 11.63 15 Security);B. Tech. ( Electrical
Engg.);L.L.B. ISO 27001 LA,
ISO 27001 LI, ISO 22301 LA,
CISM, CDPSE, ITIL
MBA (Fin), B.Com, ADMAS ISO

2 Vipul Mathur 10.56 5
27001 LA; OPQ 32r
3 Anil Govindu 7.90 6 B Sc.(Physics) ISO 27001 LA
B.Com. ISO 27001 LA, CCNA,

4 Chiragali Peerzada 6.05 10
ISO 22301 LI, CEH, CISA
B.Com. ISO 27001 LA, ISO

5 Neeraj Rathi 5.93 15
22301 LI
M.Tech. Electronics &

6 Sunil Sharma 5.28 10 Telecommunication ISO
27001LA
MBA (Operation) ISO 27001

7 Suresh Mishra 4.83 15
LA, OSHAS, ISO 9001
MS, BE, ISO 27001 LA; ISO

8 K Harisaiprasad 3.87 10
9001, ISO 22301 LA, CISA
BCA, MCA ISO 27001 LA,ISO

9 Navin Kumar Pandey 3.25 6
22301 LI ITIL
10 Prashant Tatipamula 1.7 6 BCA, ECSA , CISE
BBA, MBA, Diploma in Labour

11 Praful Mathur 3.17 3
Law ISO 27001 LA
B.Tech(Information
12 Deepak Pandita 3.17 3.5
Technology) CEH
B.Sc., M.Sc. (Computer Sc.)

13 Dinesh Usnale 4 5
CEH
14 B.Sc. (Physics) ISO 27001 LA,

Prakash Salunkhe 2.40 7
ISO 27001 LI
BE (Computers) CCNA (CISCO

15 Rijo Raju 3 3
Certified)
16 Aamir Peerzada 1.73 5 B.Com., MBA ISO 27001 LA
17 B.E (Instrumentation &

Divya Mhatre 1.48 2.10
Control) ISO 27001 LA
18 Shruti Kulkarni 3 5 B.E. (Electronics and TC) CEH
19 Akshay Patil 2.5 3 BCA, MCA CEH
20 Vaibhav Bhagat 2 3.5 CEH
BE (Electronic & Telecomm)

21 Priya Gaikwad 2 3.10
CEH, CND
22 Rohit Hire 2 2 BE (Computers) CEH, CND,

CHFI,CCNA
23 Ganesh Mane 1.10 11 B.Com. MBA OSCP
24 Kamalteja Kasturi 1.10 4.10 MCA B.Sc. CEH
MBA BE (Electronic &

Telecomm) CISA, ISO
25 Prathik Shanbhag 2.2 7
27001:2013 LA, ISO
22301:2012 LA, CEH V8
B.Sc. IT ISO 27001 LA, ISO

26 Dipali Bhanushali 1 3
22301 LI
27 Vaibhav Chavan 1.5 7 B.Sc. CEH
28 Tushar Rasam 1.6 4 B.E in Instrumentation CEH
etc.) along with estimated total project value.
 M&M Limited – 15 years for ISO27001 Sustenance and ongoing – 100 plus locations – INR
12 Cr+
 M&M Limited - 3 years for Network and Application Testing – From one location
enterprise wide – INR 3 Cr+
 Bajaj Allianz General Insurance Company – Network and Application Testing – 6 years
and ongoing – 1 location – INR 2 Cr+
 Bajaj Allianz Life Insurance Company – Network & Application Testing – 6 years and
ongoing – 1 location – INR 1 Cr+
 Bajaj Finserv- Consulting for ISO 27001. – Sustenance – 6 years. – 1 location – INR 1
Cr+
 Airport Authority Of India- Consulting for ISO 27001, IS Audit, VA PT( Network and
application) – 3 years- INR 45 L
 Union Bank of India - Consulting For ISO 27001 and ISO 22301 – 6th year in progress –
INR 50 L
 SIDBI – ISO27001 – Certification, Surveillance and Sustenance of ISO 27001 – 5th year in
progress – INR 40L+
 PNBM – ISO27001/22301/20000 and VAPT – Sustenance – 4th year in progress – INR 1 Cr

+
 State bank of India - VA PT( Network and application) – 5 years – INR 2 Cr+
 Lupin Pharma: ISO 27001 Implementation, Certificate, Audits, VAPT – 10th years in a row
– INR 5 Cr+
 National Stock Exchange (Server VAPT , Web Application Security, Configuration Audit ) –
INR 2 Cr+
I. Commercial Tools
1. Burp Suite Professional
2. Nessus Professional
3. Netsparker Professional
4. FTK
5. Core Impact
II. Open Source Tools

1. Kali Linux
2. Nmap
3. Wireshark
4. OWASP ZAP
5. Paros
6. Web Scarab
7. Aircrack suite
8. Nikto
9. MBSA
10. L0phtcrack: Password Cracker
11. BackTrack
12. OpenVas
13. W3af
14. Directory Buster
15. SQL Map
16. SSL Strip
17. Tamper Data
18. FOCA
10. Outsourcing of Project to External Information Security Auditors/Experts : No

*Information as provided by Mahindra Defence Systems Limited (Division Mahindra Special Services
Group) on 26th October 2020.
Back
M/s Net Square Solutions Private Limited
Net Square Solutions Private Limited.

1, SanjivBaug baug, Near Parimal Crossing, Paldi,
Ahmedabad - 380007, Gujarat.
o Network security audit (Y/N): Y

o Webapplication security audit (Y/N): Y
o Mobile application security testing: Y
o Thick and thin client security audit: Y
o Secure Code Review: Y
o Wireless security audit (Y/N): Y
o Compliance audits (Y/N): Y, which includes
o ASP Audit: Y
o Site Audit: Y
o GIGW Audit: Y
o Cloud Security (AWS and Azure): Y
o Security Architecture Review:Y
o Red Team Assessment: Y
o IoT Security Assessment:Y
o Risk Assessment: Y
4. Information Security Audits carried out in last 12 Months (Starting from July 2020 till June
2021)
Government:10
PSU:0
Private:51
Total Nos. of Information Security Audits done:61
5. Number of audits in last 12 months, category-wise starting from July 2020 till June 2021
(Organization can add categories based on project handled by them)

Webapplication security audit: 40
Mobile application Security audit: 2
Compliance audits (Security audit and GIGW compliance): 2
Source code review:6
API Security Testing:6
6. Technical manpower deployed for information security audits:
o CISC:2
o CISSPs: 1
o BS7799 / ISO27001 LAs: 1
o CISAs: 1
o CEH andequivalent:11
o CPFA:2
o OSCP:3
o OSCE:1
o NSCE:13
o AWS Certified Cloud Practitioner: 1
Net Square also runs its own certification program called Net Square Certified Expert
(NSCE). Details of this are also available from the contacts provided above.
Nos. of Technical Personnel:75+

No. Employee <organization> Information Security to Information
security
1 Saumil Shah 20+ 20+ Master’s degree in
computer science,
CISSP
2 Hiren Shah 20+ 24+ B.Sc. (Physics &
Electronics), F.C.A.,
CISA & CGEIT
3 Rohan Braganza 9.5 10.7 M.Sc., CCNA & CEH
4 Ravi Paghdal 7.3 6.1 BCA, MCA, IBM
Certified IBM DB2
Academic Associate,
Microsoft Technology
Associate, NSCE
5 Jatan Rawal 4.2 5.8 M.Tech, OSCP &
OSCE
6 Rohit Jadhav 5.7 7.7 B.sc (IT), CISC,
CPH, CPFA
7 Jaimin Gohel 3.3 6.2 BCA, MCA, Microsoft
Technology
Associate
8 Aishwarya 4.3 4.3 B.E (CSE), "Certified
Gandhi professional hacker
(CPH), Certified
professional
forensics analyst
(CPFA), Certified
Information Security
Consultant (CISC)"
9 Viral Bhatt 2.9 2.9 BCA, CEH,CPTE, IBM
Enterprise
Application
Development - Q
and A
10 Ayushi Tomar 1.8 1.8 B.Tech, CEH
Net Square takes its non-disclosure agreement with customers very seriously and
therefore is in no position to share this information. Kindly contact us on the contact
details provided above for customer testimonials.
Net Square has a proprietary methodology for testing all kinds of IT environment
ranging from network, thick client application, web application, mobile application,
IoT devices etc. For details of the methodology and a list of tools that we use, kindly
contact us as the details provided above
10. Outsourcing of Project to External Information Security Auditors / Experts: (If yes, kindly
provide oversight arrangement (MoU, contract etc.))
YES, this is done based on the requirement of client and fitment of a partner with
whom Net Square has partnership agreements. Since these agreements are governed
by non-Disclosure clauses, we cannot provide such information on a public domain.
We bring in the right partner to the table when we see a need for one
11. Whether the organization has any Foreign Tie-Ups? If yes, give details:
YES, cannot provide details due to non-Disclosure agreements with our foreign
partners.
12. Whether the organization is a subsidiary of any foreign based organization? No

13. Locations of Overseas Headquarters/Offices, if any:No
*Information as provided by Net Square Solutions Private Limited on <2nd July 2021>
Back
M/s Paladion Networks Pvt. Ltd.
Paladion Networks Pvt. Ltd.

Shilpa Vidya, 49 1st Main,
3rd Phase JP Nagar,
Bangalore- 560078
 Network security audit (Y/N) : YES

 Web-application security audit (Y/N) : YES
 Wireless security audit (Y/N) : YES
Govt. : 7
PSU : 2
Private : more than 100
Total Nos. of Information Security Audits done : more than 300

Network security audit : 3000+ IP addresses

Web-application security audit : 2000+ applications
Wireless security audit : 10+ locations
Compliance audits (ISO 27001, PCI, etc.) :100+
CISSPs : 3
BS7799 / ISO27001 LAs : 23
CISAs : 1
DISAs / ISAs : 0
Any other information security qualification : 7 PCI QSA, 2
CRISC, 72 CEH, 15 ECSA, 8 OSCP
S. Name of Duration Experience in Qualifications

No. Employee with Information related to
Paladion Security Information security
1. Hrishikesh 16+ years 16+ years CISSP
Sivanandhan
2. Balaji V 15+ years 15+ years CSSA
3. Sanjeev Verma 13+ years 13+ years CISSP
4. Dawood Haddadi 10+ years 12+ years Certified Web Hacking
Security Professional,
ISO 27001 Lead
Auditor
5. Hariharan 9+ years 12+ years ISO 27001, CEH, PCI
Anantha Krishnan QSA
6. Satyam Singh 8+ years 8+ years GWAPT, OSCP
We execute 500+ projects each year globally. Here are a few of them-
S.No. Customer Details Scope Project

Value
1. A large Private Bank in a. Security Testing Rs. 3 crore+

India b. Security Monitoring
c. Threat Advisory
2. Global Bank with Delivery a. Web application security test Rs. 2 crore+
Centre in India b. Internal penetration test
c. External penetration test
3. Large IT company a. 20+ applications for Application Rs. 1 crore+

Penetration Test
b. 10+ applications for Source Code
Review
c. 200+ IP addresses for Internal
network penetration test
d. 50+ External network penetration
test
S. Activities Security Audit tools

No
1. Application Security Burp Proxy and Scanner, Paros Proxy and Scanner,
Assessment Wireshark, Winhe, CSRF Tester, OpenSSL,
tHCSSLCheck, Firefox Extensions
2. Source Code Review Fortify SCA & Paladion Code Scanner
3. Network Penetration Testing KALI Linux, Nslookup, Dnsrecin, Dnsmap,

Metagoofil, fragroute, whisker, Nmap, Firewalk,
SNMPc, Hping, xprobe, Amap, Nessus, Nikto,
L0phtcrack, John the ripper, Brutus, Sqldict,
Penetration Testing Orchestrator
4. Wireless Penetration Testing AirSnort, WinDump, Ethereal, WEPCrack,

NetStumbler, Kismet, AirTraf, Aircrack-ng Suite &
Ettercap
5. Internal Vulnerability SAINT & Nessus Professional

Scanning
6. ASV Scans SAINT
7. Configuration Review Nessus Professional

10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No
12. Whether organization is a subsidiary of any foreign based organization? : Yes/No

AtosSE
13. Locations of Overseas Headquarters/Offices, if any : Yes/No
11480 Commerce Park Drive, Suite 210

Reston, VA 20191 USA
*Information as provided by Paladion Networks Pvt. Ltd.on 26th October, 2020
Back
M/s Payatu Technologies Pvt Ltd
Payatu Technologies Pvt Ltd

502, 5th Floor, Tej House, 5MG Road, Pune-411001

 Compliance audits (ISO 27001, PCI, etc.) : No
 Red team assessment : Yes
 Mobile application security audit : Yes
 Cloud infrastructure security audit : Yes
 IoT product hardware security audit : Yes
 DevSecOps consulting : Yes
 Source code security analysis : Yes
 AI/ML product security audit : Yes
 Application/Product/Protocol fuzzing : Yes
 Binary/Firmware reverse engineering : Yes
Govt. : 0
PSU : 5+
Private : 145+


Mobile-application security audit : 40+
Cloud infrastructure security audit : 25+
IoT Product hardware security audit : 25+
RedTeam Assessment : 5+
Source Code Security Analysis : 5+
DevSecOps Consulting : 2
Binary/Firmware Reverse Engineering : 1
Application/Product/Protocol fuzzing : 1
Compliance audits (ISO 27001, PCI, etc.) : 0
OSCP : 5
OSWE : 1
OSCE : 1
OPSE : 1
CRTP : 1
SANS GWAPT : 1

No. Payatu Information Security Information security
1 Abhilash Nigam 2 months 3.5 years B.E.
2 Aman Aryan 2.5 years 4years BTech
3 Amit Kumar 1 months 2 years BTECH
4 ApparThusoo 1 year 1.7 years BE
5 Arjun Bahera 1.5 months 2years B.Tech
6 Arjun Singh 2 months 3 months BCA
7 Asmita 1 year 1 year BE
8 Dattatray Hinge 1.5 years 1.5 years B.SC. TECH (B.E.)
9 Devansh Bordia 2 months fresher B.Tech
10 Dipti Dhandha 9 months 2 years MTech
11 DOSHAN JINDE 1.5 months 4.7 years B.Sc(I.T)
12 Farid Luhar 1 month 2.5 years B.com
13 Gaurav bhosale 6 days 6 months BE, CSE
14 Gaurav Nayak 1.10 years 4 years MCA
15 Hari Prasad 6 days 3 years Diploma in Computer
Engineering
16 HrushikeshKakade 2.4 years 2.4 years BE
17 Irfan Mohammed 1.5 years 1.5 years BCA
18 Manmeet Singh 21 days 3 years BE
19 Mayank Arora 4 months 1.8 years MCA
20 Mihir Doshi 1.2 years 3 years MCA
21 Munawwar 1 year 1 year BE
Hussain Sheli
22 Nandhakumar 1.1 years 3.6 years BE
23 Nikhil Joshi 2.10 years 3 years BE
24 Nikhil Mittal 3 years 3 years BTECH (BE)
25 Nimit 1 month 3 years BTEC
26 Prateek Thakare 2 months fresher BE
27 RewanthTammana 2.4 years 2.3 years B.Tech (Bachelor of
Technology)
28 Saddam Hussain 1 month 1 year B.TECH
29 Samaksh Kaushik 6 months 3.5 years B.Tech
30 Shakir Zari 2.3 years 2.3 years BE perusing/Diploma in
Electronics
31 Sourov Ghosh 7 months 2.8 years B.Tech
32 Suraj Kumar 1 month 5 years B.Tech
33 YashodhanMandke 3 months 3 years M.Tech
S. Customer Details Scope Project

No. Value
1 One of the Middle East based IT 1. Web Application Security USD 1

consulting company 2. Security Analysis of Source Code Million+
2 One of the Europe based IT 1. IoT product hardware security Euro 100
consulting company assessment Thousand+
2. Web Application Security
Assessment
3. External Network Infrastructure
Assessment
4. Mobile Application Security
Assessment
3 USA based Analytics Product 1. Web Application Assessment USD 100

Company 2. Internal and External Thousand+
Infrastructure Assessment
Information Gathering
1. Dnsenum
2. Fierce domain scan
3. Dig
4. Whois
5. Wget
6. Google Advanced search
Mapping
1. Nmap
2. Scapy
3. Ike-scan
4. Superscan
5. Dirbuster
6. Openssl
7. THC SSLCheck
8. Sslscan
9. Netcat
10. Traceroute
11. Snmpcheck
12. Smtpscan
13. Smbclient
14. Wireshark
15. Web Browser
Vulnerability Assessment
2. Openvas
3. Skipfish
4. Ratproxy
5. IronWASP
6. Grendel scan
7. Web securify
8. Burp suite professional
9. Paros Proxy
10. SOAPUI
Exploitation
1. Custom python script
2. W3af
3. Metasploit
4. Sqlmap
5. Sqlninja
6. BeEF Framework
7. Hydra
11. Whether organization has any Foreign Tie-Ups? : No
1. The Hague – Netherlands

2. Sydney - Australia
*Information as provided by Payatu on 26th October 2020
Back
M/s Qseap Infotech Pvt. Ltd.
Qseap Infotech Pvt. Ltd. Mahape, Navi Mumbai.
Branch Office:
951, 24th Main Road, Second Floor, R. K Colony, Marenahalli,
2nd Phase, J.P. Nagar, Bengaluru, Karnataka 560078
 Network security audit (Y/N): Yes

 Web-application security audit (Y/N): Yes
 Wireless security audit (Y/N): Yes
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N): Yes
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N): Yes
 ICS/OT Audits (Y/N): Yes
 Cloud security Audits (Y/N): Yes
Govt. : 10+
PSU : 2+
Private : 30+


Mobile-application security audit: 6
Red team assessment : 2
VPN Pentesting :1
Work from Home Attack Simulation : 1
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): 10+
ICS/OT Audits: NA
CISSPs : 1
BS7799 / ISO27001 LAs : 11
CISAs : 4
CEH: 45
ECSA: 6
OSCP: 3
CPTE: 5
CCNA: 4
CISEH: 7
CompTIA Security+: 1
CISC: 5
CHFI: 1
CNSS: 8
CND: 2
CISM: 1
CPFA: 1
Total Nos. of Technical Personnel:160
Duration Experience in
Qualifications related to
S. No Name of Employees with Qseap Information
Information security
in Years Security in Years
1. Praveen Singh 10 Years 13 Years B. Tech IT
EMBA,
2. Sunil Kapri 10 Years 13 Years
BE in IT
CISA, CISSP, CISM, ISO
3. Jaya Bharthi 3 Years 38 Years
27001 LS, CEH, CAIIB
BE EXTC, CISA, ISACA
BS100012:2017 PIMS and
GDPR Lead Implementer
4. Hemant Dusane 0.1 Year 15 Years
(BSI), ISO27001 Lead
Auditor (BVQ), ISO20000
Lead Auditor (BSI), CSSA)
ISO27001 LA (BSI, IRCA)
5. Ketan Shah 0.1 Year 12 Years ECSA, CEH, MCITP, CCNA,
MCSA
CISA / ISO 27001 LA / CPTE
6. Gangadhar Kyatham 0.1 Year 23 Years / CEH / CCNA / MCP /
ITILv3
OSCP
7. Abhijit Ashok Doke 7.5 Years 8 Years CSIC
MBA in IT
CEH, MTAC
8. Kalyani Vishwas Mali 4.9 years 6 years
BE. In IT
BSs. In IT
Awdhesh Chintamani
9. 4.4 years 6 years CEH
Yadav
CCNA
ISO 27001 LA
PCIDSS Implementer
10. Ajita Haridas Gawai 4.3 years 4.3 years
MSc in Network Systems
Engineering
CEH, CND, CCNA
11. Ninad Rajeshbhai Gandhi 4.1 years 4.1 years B.E in Electronics and
Communications
CEH
CND
12. Brijesh Suresh Yadav 3.10 years 3.10 years
CCNA
B.E (EXTC)
CEH
13. Mandar Lingayat 3.7 years 3.7 years
BE EXTC
ISO 27001 LA
Professional Software
14. Onkar Ghadge 3.7 years 3.7 years
Testing Specialist
BE in IT
CISEH,OSCP
15. Vishnu s. Chandran 3.7 years 3.7 years
BE in IT
CCNA
16. Tanveer Shaikh 3.7 years 3.7 years
ECSA.v10
BE in EXTC
17. Sandeep Pandey 3.6 years 3.6 years BSc. IT

JAVA
18. Zeeshan Khan 3.6 years 3.6 years SQL
BE in Electrical
CEH
19. Ashish Jogi 3.6 years 3.6 years
BCA
ESCA
20. Faizan Ansari 3.6 years 3.6 years
BE EXTC
CEH, CNSS
21. Aditya Nagarkar 3.6 years 3.6 years
BE in EXTC
CCNA
22. Shahnawaz Shaikh 3.6 years 3.6 years CCNP
BE EXTC
CEH
CDAC, Certified Software
23. Rahul Subhash Ahire 3.4 years 3.4 years
Tester
BE in Computers
CEH, PJS
24. Ajay Jayram Doke 3.1 years 3.1 years
BE in Electrical
MSc in I.T
25. Subodh vishe 3.1 years 3.1 years
BSC-IT
CEH
CCNP
ISO 27001:2013 LA
26. Shweta Songaonkar 3 years 3 years
Certified Network Associate
Router and S/w
BE in EXTC
CEH
ISO 27001:2013 LA
27. Apoorva Satish Phatak MSc. in IT
2.9 years 2.9 years
BSc. In IT
ISO 27001:2013 LA
28. Amurta Anna Gangurde
2.9 years 2.9 years BE in EXTC
ESCA
CEH
Purushottam Jaywant
29. CND
Rane 2.9 years 2.9 years
CHFI
B.E in EXTC
CCNA
30. Mohd Uvais Shaikh
2.9 years 2.9 years B.E (EXTC)
31. Roshan Uke B.E in IT
2.9 years 2.9 years
BTech in Electronics and
32. Rana Pratap Dudipalla Communications
2.9 years 2.9 years
Engineering
CEH
33. Suraj Bade
2.8 years 2.8 years BSc in Computer Science
CEH
34. Vishvesh Bhatt 2.4 years 2.4 years
BE in EXTC
Redhat certified system
Adminstrator
35. Manish Karda 2.4 years 2.4 years
CPTE
BE in EXTC
CEH
36. Himanshu Kulkarni 2.4 years 2.4 years
B.E in Electronics
CEH
37. Rahul Nikam 2.3 years 2.3 years
BSc. IT
ISO 27001:2013 LA
38. Shalini Saini 2.4 years 2.4 years BE in EXTC
MBA
MCA - Master of Computer
Application, Programming
39. Shyam Dhuriya 2.4 years 2.4 years
BCA - Bachelor of Computer
Application, Programming
40. Rashmi Bhatt 2.4 years 2.4 years MCA in computer science
CISC
41. Zain Ahmed 2.4 years 2.4 years CPFA
BE EXTC
BE in Computer Science &
42. Darshana pund 2.4 years 2.4 years
Engineering
CEH
Cyber Protection and
43. Prem Singhote 2.4 years 2.4 years
Security Course
BCA
BE in Computer Science and
Technology
44. Sanjana Mahadeshwar 2.1 years 2.1 years PG Diploma in IT
Infrastructure, Systems and
Security
45. Ankita Desai 2.1 years 2.1 years BE in EXTC
CEH
46. Viraj Kishor Mota 2 years 2 years
BSc. IT
ISO 27001 LA
CNSS
47. Chetna Omeya Shinde 1.10 years 1.10 years
Software Testing
BE in IT
CISEH
48. Suraj Kalamkar 1.10 years 1.10 years CPTE
BSc in IT
CEH
49. Shubhangi Vijay Dawkhar 1.10 years 2.8years
BSc in Computer Science
Krutika Santosh CEH
50. 1.10 years 2.8 years
Haldankar BSc in IT
51. Sanket Yadav 1.10 years 2.5 years BSc in IT
52. Shashikumar Reddy 1.10 years 1.10 years BE in Mechanical
53. Tejaswi Sagi 1.10 years 1.10 years BE in Computer Science
54. Muthu Krishnan 1.10 years 1.10 years BE in Computer Science
CEH
55. Mohan Thakur 1.10 years 1.10 years
BE in EXTC
CEH
ECSA
56. Harsh Savla 1.10 years 2.5 years
BTech in Computer Science
Engineering
CISC
57. Ryan Nisar Pathan 1.10 years 2.5 years CEH
BE in EXTC
CEH
58. Uzaif Kotmire 1.9 years 2.5 years CISC
BE in EXTC
Bsc-IT
59. Swapnil Nikam 1.7 years 1.7 Years
CEH
MCA- IT
60. Sumit Satish Lambe 1.7 years 2.10 Years
BCA- IT
61. Devesh Nitin Chaudhari 1.7 years 2.10 Years BE. EXTC
CEH
62. Pooja Anilbhai Sali 1.7 years 2.10 Years MTech. Cyber Security
BE. EXTC
63. Sidh Jayesh Bhavsar 1.7 years 2.5 Years BSc in Computer Science
BSc IT
PGD -Digital and Cyber
64. Anish Tukaram Satam 1.7 years 2.10 Years
Forensics and Related Laws
CEH
CEH
65. Shweta Utpal Bhatia 1.7 years 3.9 Years
BSc IT
CNSS
66. Mohammad Aqib Shaikh 1.7 years 1.7 years BTech- Computer Science &
Engineering
ECSA
67. Harshad Sanjay Dudhane 1.6 years 1.6 years
BE. EXTC
68. Rutuja Vinaykumar Nikam 1.6 years 1.6 years BSc IT
69. Nidhin Sabu 1.6 years 1.6 years BTech. ECE
B.E ELECTRONICS
70. Chandan Vasudeo Kolhe 1.6 years 2.7 Years CISEH cyber security
CPTE cyber security
BE. EXTC
71. Prashant Karman Patel 1.6 years 1.6 years CNSS
CEH
BSc in Computer Science
CNSS
72. Amol Kedu Bhavar 1.6 years 1.2 years
AWS Security Fundamental
CISE
73. Manas Harsh 1.4 years 2.6 Years BCA Computer Science
BE EXTC
74. Akash Narayan Navghane 1.5 year 2.8 Years
Rakesh Sakharam MCA- IT
75. 1.4 year 2.7 Years
Kengale BCA- IT
CEH
76. Avneel Prabhu 1.4 year 2.7 Years
BE Computers
77. Shijo Raj 1.4 year 2.7 Years ME IT
78. Mayank Afle 1.5 year 10 Years BE IT
79. Pradip Sanjay Patil 1.4 year 1.4 year BE EXTC
80. Afroza Sulaiman 1.4 year 1.4 year BSc IT
Niraj Nandkumar CNSS
81. 1.4 year 1.6 Years
Pawaskar B.E ELECTRONICS
82. Khaja Mohiddin Syed 0.10 year 0.10 year BE CSE
BTech Computer
83. Rushikesh Shailesh Dave 1.5 year 3.5 Years Engineering
MSc Cyber Security
CEH
84. Hitesh Duseja 1.5 year 3.5 Years
BE EXTC
BE EXTC
85. Manali Sanjay Ahire 1.3 year 1.3 year CCNA ROUTING AND
SWITCHING
Pashmini Hiralal
86. 1.3 year 1.3 year BE IT
Sonawane
87. Mahesh Arjun Shinde 1.3 year 2.8 Years BSc IT
Pradeep kumar BTech in Electrical and
88. 1 year 1 year
shyamanthula Electronics Engineering
MSc. Computer Science
89. Ajay Thorbole 1.4 years 1.4 years CISEH
CPTE
BE. In Information
Technology
90. Vaibhav Barkade 1.4 years 1.4 years
CISEH
CPTE
BSc. IT
91. Ashish Upsham 1.4 years 1.4 years
CISEH
CPTE
MCA / BCA
CEH v.10
92. Prathamesh Sarvankar 2.5 years 2.5 years
Certified Network Security
Specialist - ICSI
Web Application Pentesting,
Ethical Hacking &
93. Vishal Mohan 0.9 years 0.9 years Pentesting, Network
Security Expert 3, Certified
Cisco Network Associate
94. Vinay Bhuria 0.8 years 0.8 years BSc. Computer Science
Bachelor of Computer
95. Kanika Ajay Kapoor 0.6 years 0.6 years
Applications
96. Rutuja Dashrath Shirke 0.5 years 0.5 years BE. Comps
CEH
97. Piyush Dutta 0.6 years 0.6 years
BSc.
CEH
98. Saddam Ahmad Shaikh 0.5 years 0.5 years
BE. EXTC
CEH
99. Pramod Ramdas Shirke 0.6 years 0.6 years
BE. EXTC
100. Gagandeep Somal 0.6 years 0.6 years BE. IT

S.No Activity Scope Complexity Location
Information
Technology (IT)
Network VAPT
Contingency Plan
Web Appsec
1 ICICI Bank for Business Mumbai
Mobile Appsec
Continuity during
COVID-19
Pandemic.
Indian Cyber Security and

Commodity Cyber Resilience
2 Process Audit Mumbai
Exchange as per SEBI
(ICEX) Guidelines
Website Security
3 UTIITSL Audit for UTIITSL Multiple Web Applications Mumbai
Applications
Annual charges for

availing
Stock information
4 Process Audit Mumbai
Holding security audit
ISMS advisory
services
Commercial:
 Nipper
 Acunetix
 Burp Suite Professional
 CheckMarx
Free ware:
 Zed Attack Proxy

 WebScarab
 Spike Proxy
 Metaspolit Framework
 SQLiX
 Absinthe
 Winhex
 DJ Decompiler
 VBReFormer
 Brutus
 APKInspector
 Error-Prone
 Echo Mirage
 Interactive TCP Relay
 NMAP
 Wikto
 Xprobe
 SINFP
 Hping2
 Wireshark Network Stuff
 Process Monitor
 Scanrand Superscan
 Bowser Extensions
 Amandroid
 Androwarn
 Android SDK


*Information as provided by Qseap Infotech Pvt. Ltd. on 02nd July,2020
Back
M/s SecureLayer7 Technologies Private Limited
SecureLayer7 Technologies Private Limited

Registered address: Plot No. 28, Vyankatesh Nagar, Beside Totala Hospital,
Jalna Road, Aurangabad – 431001, Maharashtra
Operations Address: TeerthTechnospace, B Wing, SecureLayer7 Technology
Private Limited, First Floor Teerth 2 work, Bengaluru - Mumbai Hwy, Baner,
Pune, Maharashtra 411045
2. Carrying out Information Security Audits Since : 2016
 Network security audit

 Web-application security audit
 Wireless security audit
 IoT Devices Security Audit
 Ransomware Readiness Assessment
 Website Malware Removal
 SAP Security Assessment
 Red Team Assessment
 AWS Penetration Testing
 Firewall Configuration Review
 VoIP Penetration Testing
 Mobile Application Security
 Source Code Audit
 Compliance audits (ISO 27001, PCI, etc.)
Govt. : 12
PSU : 05
Private : 04

CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : OSCP 05, CEH 08
1 Sandeep Kamble 5 Years 9 Years OSCP Certified
2 Rajasekara A 2 Years 5 Years OSCP Certified
3 Hridyesh 2 Years 4 Years ISO 27001
4 Tohuid Shaikh 3 Years 4 Years OSCP Certified
5 AkshayDarekar 4 Years 6 Years CEH, MCA Computer
6 Akash katare 2 Years 2 Years BE-Computer
Project Assessment Value
Eduvidhya Security Audit - Vulnerability Confidential

Web Conferencing Assessment and Penetration
System Design for Testing
Online Learning
 Acunetix
 Nessus
 Nmap
 Wireshark
 OpenVAS
 Nikto
 Metasploit
 Burp-Suite
 W3AF
 SQLMap
 Kali Linux
 Custom scripts


*Information as provided by SecureLayer7 Technologies Private Limited on October 26th

2020
Back
M/s SecurEyes Techno Services Pvt Ltd.
SecurEyes Techno Services Pvt Ltd.,

Registered Address:
3rd Floor, 3s, Swamy Towers, 51/27, outer Ring Road, Chinapanahalli,
Marathahalli, Bengaluru (Bangalore) Urban, PIN 560037
Corporate Office:
4th Floor, Delta Block, Sigma Soft Tech Park, Whitefield Main Road,
Varathur, Bangalore - 560066
 Network security audit - Yes

 Web-application security audit - Yes
 Wireless security audit - Yes
 Compliance audits (ISO 27001, PCI, etc.) - Yes
 Comprehensive Risk Management - Yes
 Application Security - Yes
 Vulnerability Assessment - Yes
 Code Security Review - Yes
 Enterprise Architecture Review - Yes
 Development & Review of Policy & Procedures - Yes
 Policy Implementation Review - Yes
 Regulatory Consultancy - Yes
 Custom ISMS Consultancy - Yes
 Training Services - Yes
 User & Identity Management - Yes
 Single Sign On - Yes
 Application Architecture Review - Yes
 Operational Security Guidelines - Yes
 Social Engineering Assessment - Yes
 Setting secure SDLC practice and Code security review - Yes
 Process Security Testing - Yes
 Red Teaming Assessments - Yes
 Physical Access and Environment Security Controls Review - Yes
 Advanced Penetration Resilience Testing - Yes
 Enterprise Security Architecture Review - Yes
Govt. : 196
PSU : 367
Private : 293


 Application security audit : 511
 Governance, Risk & Compliance (ISO 27001, PCI, etc.) : 13
 Business Continuity Review : 1
 Incident Management Review : 20
 Information Security Awareness Program : 1
 Red Teaming : 2
 Secure Configuration Review : 15
 Secure Code Review : 26
 VAPT : 4
Note: Some of the above audits may have been conducted for the same client through
different times/duration during the year.
6. Technical manpower deployed for informationsecurity audits: 82
CISSPs : 01
BS7799 / ISO27001 LAs : 22
CISAs : 08
CEH : 57
SANS : 4
CCNA : 5
CCNP : 02
SCSA : 01
ECSA : 09
Experience
S. Name of Duration with in Qualifications related to
No. Employee SecurEyes Information Information security
Security
1.
Karmendra Kohli 14Y 19.50 Y CISA, CEH, ISO 27001, GCIH,
2. Seemanta
14Y 18.50 Y CISA, CEH, SANS, ISO 27001
Patnaik
3.
Uma Pendyala 11.5 Y 16.00 Y CEH, CISA,ISO 27001
4. Sudip Narayan ISO 27001, CISA, SANS GCIH,

12.8 Y 13 Y
Das CEH
5. ISO 27001, CEHV9, CISSP,
Sujay Gankidi 2.3 Y 12 Y
ECSA, CRISC
6. Puneet Kumar
3.8 Y 7.6 Y CEH V.10,CISC,CPH,CPFA
Vohra
7. Sanket Laxman
2Y 2.40 Y CEH V10,CPTE
Patil
8.
Bharat Kumar 1.90 Y 3Y CEH V10,ESCA
9. Devkaran Singh
4.40 Y 3.10 Y CEH, ISO 27001
Rathore
10.
Kiran Koli 2.20 Y 5Y CEH V9,CCNA,CISM
11. Subhasmita
1.50 Y 2Y CEH V10
Panigrahi
12.
Priyatosh Jena 1.50 Y 2Y CEH V10
Experience
S. Name of Duration with in Qualifications related to
No. Employee SecurEyes Information Information security
Security
13.
Vikash Kumar 3.20 Y 4.5 Y CEH V10
14. Anisha
2.30 Y 2.30 Y CEH V10
Sundaray
15. Deepika
2.20 Y 2.70 Y CEH V10,ESCA
Pradhan
16. Binay Kumar
2.30 Y 2.70 Y CEH V10
Nayak
17. Mrutyunjay
8.6 Y 8.70 Y ISO 27001
Sahoo
18. CEH,ISO,CISA,SANS 504
Ankit Sharma 5.90 Y 5.90 Y
GCIH,ECSA
19.
Vikrant Singh 2.10 Y 4.10 Y CEH V10
20. Sidhant
2.90 Y 2.90 Y CEH V10
Maharathy
21.
Prajna S K 4.4 Y 4.6 Y IS027001, CEH
22.
Abinash Panda 4.4 Y 4.4 Y IS027001, CEH, ECSA
23.
Sajjan Ray 4.70 Y 4.90 Y RHCSA,CEH MASTER
24. Mahesh
2.30 Y 5,30 Y CEH V10,CISM
Tallapaneni
25. Bineetha
0.6 Y 2.80 Y CEH V11
Yadlapalli
26. Namrata
5.9 Y 5.9 Y CEH, ISO 27001, CISA
Mohanty
27. Deepika
2.2 Y 2.7 Y CEH V.10, ECSA
Pradhan
28. Suma M
4.4 Y 4.6 Y IS027001, CEH
Komannavar
29. Takkolu Suma
4.4 Y 4.6 Y IS027001, CEH
Reddy
30.
Ujal Mohan Ray 5.9 Y 10 Y CEH, ISO 27001
The largest project handled in last year, was an end-to-end Information security, business
continuity management & data privacy review for a large financial sector organization. The
details of the project are mentioned below:
Project Scope:
1. Current State Assessment against Cyber Security, Business Continuity & Best Practices
in the Data Privacy (including GDPR) including
a) Cyber Security Governance review both at the design and the implementation
levels
b) Review of the Cyber Security Competency levels of the IT, IS & Business
Continuity, Data Governance departments
c) InternalNetwork Penetration Testing (Blackbox) ofIPs
d) External Penetration Testing (Blackbox) of all Public IP addresses belonging to
the Organization
e)Config Review of N/W Components
f)Config Review of Servers (OS, DB, Web & App Servers)
g)Config Review of Security Appliances
h)Remote Connectivity Review
i)Application Penetration Testing (Grey Box) of Applications
j)Review of the SOC practice including SOC Governance, Implementation &
Operation
k) Review of Incident Management practice including IM Governance,
Implementation & Operation
l) Conducting Social Engineering Test using spear phishing technique across Staff
2. Developing the Roadmap for the Highest Cyber Security Maturity Level
3. Multiple Periodic Re-assessments& Reviews for assessing current state
4. Red Teaming
5. Data Privacy Assessment
6. Business Continuity Assessment
7. Drafting of the Data Privacy Framework
Project Complexity:
This was a project for a financial sector organization having a large IT setup. The project
covers a detailed assessment of technology, processes and people components for this critical
sector organization. Large number of applications, infrastructure systems and networks were
in the scope of the security assessment. The assessment included review of third-party
interfaces which were implemented to enable business across multiple interested parties. The
project required the assessment team to perform its review against local and international
best practices, compliance requirements and regulatory standards. This was an approximately
35-man month project with the team carrying out assessments across locations.
Locations:
Middle-East
Project Value:
Rs. ~3.0 Crores
i. Commercial Tools
1. Nessus (Commercial Professional Version)
3. Fortify
4. WebInspect
5. Nexpose
6. And many more licensed or subscription based commercial tools
ii. Freeware Tools

1. Google Search
2. SamSpade
3. Tcp traceroute
4. Nmap
5. Sparta
6. hping2
7. Protos
8. XProbe
9. P0f
10. Nmap-cronos
11. Httprint
12. Smtpscan
13. SinFP
14. Metasploit Framework
15. Nikto
16. Cain & Cable
17. SQL Map
…. And many other open source tools
iii. Proprietary Tools
1. SecurEyes Centralized Vulnerability Management System
2. SecurEyes Advance Social Engineering Test System
3. SecurEyes Advanced Penetration Testing Toolkit
4. SeInfo_Grabber
(Tool used for application security reconnaissance)
5. SEWindowsXP_VA
(Tool for VA of windows XP)
6. SEWindows2003_VA
(Tool for VA of windows 2003)
7. SEWindows2008_VA
8. SEWindows7_VA
9. SERedHat_VA
(Tool for VA of RedHat Linux)
10. SEAIX_VA
(Tool for VA of AIX)
11. SESolaris_VA
(Tool for VA of Solaris)
12. SEDB_VA
(Tool for VA of MS-SQL, MySQL, Oracle, PostGRE SQL)
13. SENW_VA
(Tool used for VA of network devices including switches, routers, Firewalls)


SecurEyes FZC
SAIF Plus, R5-05/C, P.O Box: 122708,
Sharjah, United Arab Emirates
SecurEyes LLC
Desk No. 023, Business Centre, Abu Dhabi Airports Free Zone, PO Box: 2313,
Abu Dhabi, United Arab Emirates
SecurEyes KSA
3321, Al Sulaimaniyah Dist. Al Safwah Centre, Unit No. 28
Riyadh, 12223-7656, KSA
SecurEyes INC
310, Alder Road, P.O.Box: 841,
Dover, DE – 19904, USA
*Information as provided by M/s. SecurEyes Techno Services Pvt.Ltd.on 24 August 2021
Back
M/s Security Brigade InfoSec Pvt. Ltd.
Security Brigade InfoSec Pvt. Ltd.

3rd Floor, Kohinoor Estate, Lower Parel, Mumbai - 400013
 Network security audit

 Web-application security audit
 Wireless security audit
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.)
 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.)
 ICS/OT Audits
 Cloud security Audits
 Web Application Penetration Testing
 Mobile Application Penetration Testing
 Network Penetration Testing
 Network Vulnerability Assessment
 Web Application Automated Vulnerability Assessment
 WAP Application Penetration Testing
 Thick Client Penetration Testing
 Firewall Configuration Review
 Wireless Penetration Testing
 Server Configuration Review
 Database Configuration Review
 Source Code Review
 Email Configuration Review
 Network Architecture Review
 Process and Policy Review
 Incident Response
 Spear Phishing Activity
 Data Leakage Gap Analysis
 Defacement Monitoring
 Forensics Investigation & Analysis
 Application Malware Scan
 Network Malware Scan
 SAR
Govt.: 30+
PSU: 200+
Private: 150+
Total Nos. of Information Security Audits done: 50+


Wireless security audit:20+
ICS/OT Audits:10+
Cloud security Audits:15+
CISSPs: -
BS7799 / ISO27001 LAs: -
CISAs: -
DISAs / ISAs: -
Any other information security qualification:12
Total Nos. of Technical Personnel: 14

1 Yash Kadakia Oct 2016 21 years ECPPT
2 Chintan Joshi Sept 2010 12 years ECPPT
3 Abhishek Gupta Nov 12, 2018 2.7 years CEH certified, ECPPT
4 Aditya Patil Mar 11, 2019 2.3 years VIVA Tech
certification, Python
and Mysql
certification, national
conference on role of
engineers seminar
certification, ECPPT
5 Akshay Dandekar Feb 03, 2020 1.4 years CEH certified, MSC IT
certified
6 Ishan Patil July 16, 2018 2.11 years NPTEL Online
Certification
7 Kartik Badge Mar 04, 2021 1 year -
8 Nikhil Raut Feb 01, 2021 1 year ECPPT
9 Pranav Kumar July 1, 2020 3 years ECPPT
10 Ramneek July 1. 2019 2 years ECPPT
11 Samuel Valmiki Feb 1, 2021 1 year ECPPT
12 Siddarth Dec 20, 2017 3.6 years CEH certified, ECPPT
Gowrishankar
13 Sonali Singh Dec 1, 2020 1 year -
14 Sourav Kalal May 4. 2020 1.1 years -
Quarterly Red Team Assessment for multiple locations, Web application PT, Network
PT, Source Code Review, Compliance Reviews for a Major Service Provider in India
Information Gathering
- Bile-Suite
- Cisco torch
- SpiderFoot
- W3af
- Maltego
- SEAT
- In-House sdFinder
- … and 50 other tools
Port Scanning
- Nmap
- In-House networkMapper
- Amap
- Foundstone
- hPing
- ... and 30 other tools
Application Security Assessment

- In-House webSpider
- In-House webDiscovery
- In-House webTester
- Achilles
- Sandcat
- Pixy
- W3af
- Nikto
- Paros
Threat Profiling & Risk Identification

- In-House Risk Assessment
Network & System Vulnerability Assessment

- Metasploit
- Nessus
- SAINT
- Inguma
- SARA
- Nipper
- GFI
- Safety-Lab
- Firecat
- Owasp CLASP
- Themis
- In-house VAFramework
Exploitation
- Saint
- SQL Ninja
- SQL Map
- Inguma
- Metasploit
Social Engineering
- Social-Engineering Toolkit (SET)
- Firecat
- People Search
Privilege Escalation
- Cain & Abel
- OphCrack
- Fgdup
- Nipper
- Medusa
- Lynix
- Hydra
- … and 40 others
Commercial Tools
- Nessus Commercial
- Burp Suite


*Information as provided by Security Brigade InfoSec Pvt. Ltd. on 01/07/2021
Back
M/s TAC InfoSec Private Limited
TAC InfoSec Private Limited
3. Capability to audit , category wise

 Web-application VAPT: Yes
 Source Code Review: Yes
 Red Teaming: Yes
 Mobile application security audit: Yes
 Social Engineering: Yes
 Vulnerability Assessment: Yes
Govt. : 50+>
PSU : 10
Private : 1000+

Mobile Application Security Audit : 500+
CISSPs : 1
BS7799 / ISO27001 LAs : 2
CISAs : 0
DISAs / ISAs : 0
CSSP : 1+
CSSA : 1+
CEH : 10+

1. Akash Joshi 4+ 5+ ECSA, CHFI, ISO
27001 LA, CEH,
MSC (Cyber
Security)
2. Rohit Thakur 1 4+ CEH
3. Raja Nagori 1 4+ CEH
4. Ajay Shrimali 2+ 2+ CEH

4.5+ 4.5+ B-Tech (Information
5. Saransh Rawat Technology) CEH
One of the largest BFSI: 200+ Mobile Applications, 100+ Web Applications, 200+ Network
Devices, Source Code Review, Configuration Review, and Risk Advisory.
Value of the Project was approx 90 Lacs.
1.) Acunetix Consultant Edition (Commercial)

2.) Burp Suite Pro (Commercial)
3.) Dirbuster (Open Source)
4.) Nikto (Open Source)
5.) OWASP ZAP Proxy
Network VAPT:
1.) Nessus Vulnerability Scanner

2.) Wireshark
3.) Cain & Abel
4.) Metasploit
5.) smbclient
6.) snmpenum
7.) enum4linux
8.) netcat
9.) nslookup
10.) Exploit codes from exploit.db
11.) Other Kali OS tools as per the vulnerability
Configuration Review (OS & Devices):
1.) Nessus
2.) Nipper freeware
3.) Manual review
Wireless Penetration Testing:
1.) Atheros wifi card

2.) Aircrack-ng
3.) Wapiti
4.) Wifi - Pineapple
Red-Team:
1.) Malicious USB

2.) TAC PhishInfielder (TAC’s tool)
3.) Payloads (Self-Created)
4.) Other tools in kali OS.

*Information as provided by TAC InfoSec Private Limited on 30/06/2021
Back
M/s TATA Communications Ltd
TATA Communications Ltd,

5th Next Gen Tower New IDC Building, Ho Chi Minh Marg, opp.
Savitri Cinema, Greater Kailash, New Delhi- 110048
 Cyber Security Maturity Assessment (Y)

 Compliance audits (ISO 27001, PCI, etc.) (Y)
 Network security Audit (Y)
 Vulnerability Assessment and Management (Y)
 Penetration Testing (Infra/App) (Y)
 Web-application security audit (Y)
 Mobile Application security assessment (Y)
 Phishing Simulation Exercise (Y)
 Regulatory Audit/Assessment (Y)
 Wireless security audit (Y)
 Red Team Assessment (Y)
Govt. : 10
PSU : 20
Private : 50


 Vulnerability Assessment : 75
 External Penetration Testing : 50
 Web and Mobile application security audit : 50
 Red Teaming Assessment : 2
 Phishing Simulation Exercise : 4
CISSPs : 10
BS7799 / ISO27001 LAs : 20
CISAs : 8
Any other information security qualification
(CEH, ECSA, Pentester Academy, CREST) : 15
Experience Qualifications
Duration with
S. in related to
Name of Employee Tata
No. Information Information
Communications
Security security
CEH, ECSA,
Mohan Dass
1 12 23 CHFI, CCSK,
<mohan.dass@tatacommunications.com>
CISSP, QGCS
Rajaguru G S CEH, ITIL,QCS,

2 12 14
<rajaguru.gs@tatacommunications.com> ISO 27701 LA
Janardan Shinde CCNA

3 10 1.5
<janardan.shinde@tatacommunications.com> ,OSCP,ITIL,CISA
OSCP (Offensive
Security) ,
CREST
Practitioner
Security Analyst
Saranya Manoharan
4 3 9 (CPSA), CEH
<saranya.manoharan@tatacommunications.com>
(Certified
Ethical Hacker),
Qualys Guard
certified
specialist
CREST
Practitioner
Security Analyst
(CPSA), CEH,
Prasath Jayasundar Qualys Guard
5 3 8
<Prasath.Jayasundar@tatacommunications.com> certified
specialist in
Vulnerability
Management,
CCSK
CEH, Qualys
Divya Dilli
6 3 6 Guard certified
<divya.dilli@tatacommunications.com>
specialist
CEH, CCNA,
Navdeep Sethi
7 1 6 Qualys Guard
<navdeep.sethi@tatacommunications.com>
VM Certified
Nissmole Srambikal
8 2 5.5 CEH , ECSA
<nissmole.srambikal@tatacommunications.com>
Application Security audit for one of the largest Rating/Research organisation in India, covering
Security Audit for all their critical business applications and infrastructure across global locations. Deal
value is around INR 50Lakh.
Security Assessments including the Infrastructure Vulnerability assessment, Penetration testing,

Application Security testing, web application monitoring and GRC implementation for one of the
largest PSU Banks in India to manage their complete security area of the organisation, deal value
including all security services is around INR 2Cr.
 Nessus Pro
 Qualysguard (VMDR)
 Tenable.sc , Tenable.io
 Metasploit Pro
 Burpsuite Pro
 NMAP
 Kali Linux
 Nipper Studio
 Algosec


Dubai Office
 Office No. 308, Building No. 12, Dubai Internet City, Dubai, United Arab Emirates. Tel:
80033111133
Singapore Office
 18 Tai Seng Street, 18 Tai Seng, #04-01, Singapore 539775 , Tel +65 6632 6700, Tel:
1800 555 4357
A list of Tata Communications office locations worldwide can be found at

https://www.tatacommunications.com/about/offices/
*Information as provided by Tata Communications Ltd on 26-Oct-2020
Back
M/s AKS Information Technology Services Pvt. Ltd.
AKS Information Technology Services Pvt. Ltd.,

B-21, Sector – 59, Noida (UP) - 201309
 Network security audit (Y/N) YES

 Vulnerability Assessment & Penetration Testing (Y/N) YES
 Configuration/Hardening review YES
 Web-application security audit (Y/N) YES
 Mobile Application Audit (Y/N) YES
 Thick Client Application Audit YES
 Wireless security audit (Y/N) YES
 Implementation & Compliance of Security standards/regulations YES
(ISO 27001, ISO 22301, ISO 20000, ISO 25000, ISO 27701, GDPR,PCI etc.)
 Payment Gateway Audit (Y/N) YES
 Industrial Control Systems (SCADA, DDCMIS, DCS) Audit (Y/N) YES
 IT & OT Audit of Power Generation, Power Transmission & Power Distribution YES
 Telecom Audit (Y/N) YES
 Information Systems Audit (Y/N)
 IS Audit of Bank as per RBI Gopalakrishna Committee Report, SEBI guidelines YES
 Compliance audit as per Government Guidelines
(IT Act, CVC, RBI, SEBI etc.) (Y/N) YES
 IT Risk Assessment (Y/N) YES
 Formulation of IT policies & Procedures (Y/N) YES
 Formulation/Review of Cyber Crisis Management Plan (CCMP) YES
 Data Migration Audit (Y/N) YES
 UIDAI AUA/KUA Audit (Y/N) YES
 ERP Audit (SAP, Oracle etc) (Y/N) YES
 Source Code Review (Y/N) YES
 Load Testing/Performance Testing (Y/N) YES
 Functional Testing (Y/N) YES
 Usability Testing (Y/N) YES
 Portability Testing (Y/N) YES
 Inter-operability Testing (Y/N) YES
 Accessibility Testing (Y/N) YES
 Configuration & Compatibility Testing (Y/N) YES
 Red Teaming Assessment YES
 DDoS Assessment YES
 IoT Audit YES
 Social Engineering YES
 SOC 1 Type 2 Audit (SSAE18 & ISAE3402) YES
 Cloud Security Audits YES
 Data Localization Audits YES
 Scalability and Resiliency Audit YES
 Malware Analysis YES
 Compliance of Cyber Security Assessment Framework (CSAF) YES
 Digital Forensics Investigation (Mobile Forensics, Computer Forensics, YES
Audio/Video Forensics, Network Forensics, CDR Analysis,
Email Forensics etc.) (Y/N)

Govt: 700+
PSU: 100+
United Nations/UNDP/WHO 5+
Private: 300+
 Network security audit 100+

 Vulnerability Assessment & Penetration Testing 100+
 Web-application security audit 800+
 Mobile Application Audit 100+
 Wireless security audit 10+
 Implementation & Compliance of Security standards/regulations 10+
(ISO 27001, ISO 22301, ISO 20000, ISO 25000, ISO 27701, GDPR,PCI etc.)
 Payment Gateway Audit 20+
 Industrial Control Systems (SCADA, DDCMIS, DCS) Audit 30+
 IT & OT Audit 30+
(Power Generation, Power Transmission & Power Distribution)
 Telecom Audit 5+
 Information Systems Audit 30+
 IS Audit of Bank as per RBI Gopalakrishna Committee Report& 20+
SEBI guidelines
 Compliance audit as per Government Guidelines 10+
(IT Act, CVC, RBI, SEBI etc.)
 IT Risk Assessment 10+
 Formulation of IT policies & Procedures 10+
 Data Migration Audit 5+
 UIDAI AUA/KUA Audit 10+
 ERP Audit (SAP, Oracle etc) 5+
 Source Code Review 10+
 Load Testing/Performance Testing 10+
 Functional Testing 20+
 Source Code Review 10+
CISSPs : 03
ISO27001: 08
CISAs : 06
DISAs / ISAs : 00
CEH/CCNA/CASP/MBCI/OSCP 60+
S. No. Name of Employee Working with Experience in Qualifications related

AKS IT since Information Security to Information security
(Yrs)
1. Ashish Kumar Saxena Sep 2006 21+ CISSP, CISA, MBCI,
ISO 27001
2. Anil Malik Feb 2016 17+ BS 7799 LA, ISO
27001 & ISO 20000
3. Anshul Saxena Nov 2014 11+ MS (Information
Security), CASP
4. Ravi Chaubey May 2013 16+ CEH, CISA, CISSP, ISO
27001 LA
5.
Rajesh Sharma Oct 2019 10+ CISA, ISO 27001
6.
Anil Kumar Jun 2021 15+ CISA
7.
Devesh Rawat Dec 2015 6.0 CEH
8.
Yogendra Singh May 2016 9+ CEH
9.
Rahul Kumar Singh Aug 2017 4+ CEH
10.
Rupika Luhach Feb 2018 4+ CEH
11.
Jyoti Sharma Oct 2018 3 CEH
12. CEH
Sachin Singh Apr 2019 2+
13. CEH
Amit Kumar Jul 2019 5+
14. Jul 2018 3 CEH

Vignesh R.G
15. Shubham Saxena July 2019 2+ CEH
16. Ome Mishra July 2019 2.0 CEH
17. Prashant Thakur July 2019 2.0 CEH
18. Rupanshi Sharma Aug 2019 2 CEH
19. Sahil Verma Aug 2019 2 CEH
20. Sachin Sharma Aug 2019 2 CEH
21. Ayush Sharma Jan 2020 2 CEH
22. Anmol Bagul Feb 2020 2 CEH
23. Vaibhav Chavan Feb 2020 2 CEH
24. Sandy Sharma Feb 2020 2 CEH
25. Mohit Maurya Aug 2020 2+ CEH
26. Harshit Prajapat Sep 2020 1.0 CEH
27. Adarsh Giri Jan 2020 2 CEH
28.
Alok Kumar Jun 2018 5+ CCNA, CEH
29.
Arnav Shukla Jan 2019 3+ CEH
30. Aditya Pratap Jun 2020 1.5 CHFI
31. Manoj Kumar Singh Dec 2018 3 CHFI

32. Lokesh Burlla Sep 2020 2.0 CASP
33. CEH
Ankit Kumar Oct 2020 2
34. Oct 2020 1.0 CEH

Sumit Jha
35. CEH
Charchit Sharma Oct 2020 1.0
36. CEH
Pallavi Roy Nov 2020 1.0
37.
Himanshu Kumar Dec 2020 1.0 CEH
38.
Suraj Gupta Dec 2020 1.0 CASP
39.
Khushboo Singh Dec 2020 1.0 CASP
40.
Shubham Kumar Dec 2020 1.0 CASP
41. 2.0
Akash Pandey Jan 2021 CASP
42. 1.0
Aravind Mulakala Jan 2021 CASP
43. Kunal Tiwari Mar 2021 3+ CEH
44. Mar 2021 5+ CASP

Miftah Siddiqui
45. Y. Hemanth Kumar Feb 2020 2 CEH
46. Nitin Sharma Oct 2019 2+ CASP
47. Apr 2021 2+ CEH

Ankita Pal
48. Apr 2021 2+ CEH

Hitesh Balani
49. May 2021 4+ CEH

Rohit Singh Chauhan
50. Yash Warrdhan Aug 2020 1+ CEH

Gautam
51. Sep 2020 1+ CASP
Jugal Kalal
52. Oct 2020 1+ CEH

Ashu Jaiswal
53. Oct 2020 1+ CEH

Ketan Kaushik
54. Nov 2020 2+ CEH

Robin Verma
55. Nov 2020 2+ CEH

Akshay Sawant
56. Feb 2021 1.0 CASP

Pranjal Gupta
57. Feb 2021 1.0 CEH

Jahan Dhandapani
58. Apr 2021 2+ CCNA

Vikram Kumar
59. Apr 2021 1.0 CASP
Yash Patil
60.
Piyush Garg Jun 2016 5+ CASP
61.
Antony Ukken Jun 2018 3+ CASP
62.
Ankur Upadhyay Jun 2018 3+ CASP
63.
Arjit Agrawal July 2015 6+ CASP
64. Akash Anand Gupta Jun 2020 4+ CASP
65. Abhijeet Singh Aug 2020 1.0 CEH
66. Jun 2019 2+ CASP

Tarun Grover
67.
Ankit Sharma Feb 2020 2+ CASP
 Carrying out Cyber Security Audit for one of the National Level Power Sector Project
including audit of SCADA system, Project value is approx. 1.3 Crore
 Carried out Infrastructure, Process & Security Audit of one of the competition
exams conducted online. Total Number of Nodes were approx. 2,00,000. 31
different cities with 276 locations. Project value was approx. 70 Lakh
 Carried out IT Security Audit, ISO 25000 for one of the International Stock
Exchange. Project value was approx. 43 Lakhs.
 Carried out SOC 1 Type 2 Audit (SSAE18 & ISAE3402) of foreign offices of leading
bank
Freeware Tools
 Nmap, Superscan and Fport - Port Scanners

 Metasploit framework, Netcat, BeEF, Cain & able, Hydra, John the ripper - Penetration
Testing & Password cracking
 Process explorer, Sigcheck, Kproccheck - Windows Kernel & malware detection
 Netstumbler, Aircrack-ng suite & Kismet – WLAN Auditing
 OpenVas, W3af, Nikto - Vulnerability scanner
 Wireshark – Packet Analyser
Commercial Tools
 Nessus– Vulnerability Scanner

 Burp Suite, Acunetix - Web application auditing
 Immunity Canvas – Penetration Testing
 Passware: Password Cracking
 Manage Engine, Solarwind – Network Performance Testing
 Arbutus Analyzer - Migration Audit & Log Analysis
 Social Engineering ToolKit – Internet Evidence Finder
 Forensics Imaging and Analysis: FTK and Tableau, Paraben E3:DS
 Data Recovery Tool: E4SeUS Recovery Wizard
 CDR Analysis Tool: ASI CDR & Tower Dump Analysis Tool
 Video Forensics: Kinesense LE
 Mobile Forensics: MobilEdit, UFED4PC
 Proprietary Tools - ISA Log Analyzer, HaltDoS Web Application Firewall (WAF),
HaltDoS Traffic inspector


*Information as provided by AKS Information Technology Services Pvt. Ltd. on 01st July 2021
Back
M/s ALLIED BOSTON CONSULTANTS INDIA PVT. LTD.
ALLIED BOSTON CONSULTANTS INDIA PVT. LTD.

DELHI/NOIDA, BANGALORE, HYDERABAD, CHENNAI, KOLKATA, PUNE,
MUMBAI

 Mobile application security audit (Y/N) : YES
 IT Infra Devices Configuration audit (Y/N) : YES
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) : YES
 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) (Y/N) : YES
 ICS/OT Audits (Y/N) : YES
 Cloud security Audits (Y/N) : YES
 Cyber Forensic (Y/N) : YES
Govt. : 34
PSU : 10
Private : 28


Mobile security audit : 12
Server-side audits : 02
Source Code Reviews : 02
Database Functionality Test : 01
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : 04
ICS/OT Audits : 01
Cyber Forensic audit : 01
CISSPs : 01
BS7799 / ISO27001 LAs : 10
CISAs : 04
DISAs / ISAs : 00
 CEH / ECSA / OSCP : 09
 CHFI : 02
 CISM : 02
 CCP / CCNA / ICSI : 03
Total Nos. of Technical Personnel :19

No. <organization> Information Information security
Security
1 T. Ganguly 17 years 30 years ISO 27001
2 Arun Mathur 2 years 30 years CISA, ISO 27001
3 Satish G. Meda 5.5 years 28 years CISA, ISO 27001, CRISC
4 Yatindra 7 years 27 years ISO 27001, CRISC, ISO
Shrivastava 31000 risk management
5 S.K. Thilakan 2 year 24 years MCSE, Dipl. Electronics &
Telecommunications
6 Chandrakesh Rai 7 months 24 years CISA, CISSP, CRISC,
CISM, ISO 27001
7 Sarat L. 8 months 19 years CCP, CCNA, CCNA
Security, CCSP
8 Ravi V. Reddy 2 years 15 years Certified Software Test
Engineer, Microsoft
certified data scientist
9 Kunal S. 8 months 11 years CHFI, CEH, ISO 27001,
AWS & Cybrary certified
10 Rahul Das 1.5years 10 years ISO 27001, RSA certified,
Kaspersky certified,
Rapid7 inSightVM
certified Administrator
11 Abhishek 6 months 9 years CEH, ECSA, OSCP,
OSWP, CISM, CCSK,
Azure Administrator
certified
12 Khiladi Bayal 1.5years 8 years OCSP, CEH, ISO 27001
13 G. Baba 3 months 7 years CEH, CHFI, CEI
14 Sahil 8 months 6.5 years CEH, CSA, LPT, CPEH,
ISO27001, Red Teaming,
AWS certified
15 Avinash Kalal 1.5years 6 years MCA, CEH
16 Chitranshu Jain 2 years 3 years CEH, CCNA, TCP-IP
17 Jayant Sharma 3 months 3.5 years CEH
18 Rakesh S.P. 7 months 3.5 years CISA, ISO 27001
19 Priyanka Jangid 3 months 7 months CISEH, CNSS
 A smart city project involving security assessment (VAPT, Configuration audits) of

thick-clients, SCADA & other IoT devices, CCTV cameras, boom barriers, web
applications, servers, network devices, etc.
 Security audit of web application along with payment gateway for a renowned
educational institution of GoI.
 Application VAPT and source code review of critical applications of a small finance
bank.
 Software solution security auditand IRDAI compliance for an insurance aggregator
company.
 Security audit of applications & payment gateway for a financial institution
company into banking and insurance.
 RBI-SAR compliance audit for a banking software solution provider.
 Security audits ofIT systems, computer forensic, and applications VAPT for Defense
organizations under MoD.
 Application security audits for Government institutions in healthcare sector.
 Application security for central and state government departments such as SSC,
CGST & Central Excise offices across India, CSIR, Centre for Smart Governance,
National Health Mission.
 Security audit of website, CMS, mobile application (android and iOS) for a software
development company working for GoI departments.
 VA / configuration audit of IT infrastructure (servers, UTM/firewall, switch, wireless
controller) and PT of UTM/firewall device for a mid-size IT infrastructure company.
Commercial Tools Freeware tools Proprietary tools
 Burp Suite professional  Kali Linux and  Custom developed

 Nessus Professional applications Scripts for cyber forensic
 Rapid7 (Nexpose)  OWASP-ZAP
 Qualis (On demand)  Open Vas
 Acunetix  SQLMAP
 EnCase  AirCrack Suite
 SonarCube  Zenmap
 Vega
 Nikto
 Wireshark
 Metasploit
 TestSSL
 SSLScan
 MobSF
 Android Emulator
 Hydra
 Ubuntu VMs
 DirBuster etc.

11. Whether organization has any Foreign Tie-Ups? If yes, give details : NO

13. Locations of Overseas Headquarters/Offices, if any : NO
*Information as provided by Allied Boston Consultants India Pvt. Ltd. on <02-June-2021>
Back
M/s Network Intelligence (I) Pvt. Ltd.
Network Intelligence (I) Pvt. Ltd.

Registered Office:
204, Ecospace IT Park, Off Old Nagardas Road, Andheri (E),
Mumbai-400069, Maharashtra, India.
 Subcategory:Technical Security Assessments

 Network Security: Yes
 Web Application and Web Services Security: Yes
 Mobile Application / Thick-Client: Yes
 Source Code Review: Yes
 Infrastructure VAPT, PCI ASV Scanning: Yes
 VOIP and IVR Testing: Yes
 Configuration Review (Operating Systems, Databases, Network Devices): Yes
 Configuration Review (Security Solutions such as PIM, DAM, WAF, etc.): Yes
 Wireless Security Audit: Yes
 Subcategory: Strategic Assessments

 ERP Security (SAP, Oracle): Yes
 Cloud Security Assessment: Yes
 Application Security Design Review: Yes
 Banking Products -SWIFT, Finacle, etc.: Yes
 DevOps Security: Yes
 Blockchain Assessment: Yes
 SDLC Gap Assessment: Yes
 OT and IoT Security Assessment: Yes
 ICS Security Assessment: Yes
 Subcategory: Offensive Assessments

 Red Team Assessment: Yes
 Adversary Simulation: Yes
 Password Cracking: Yes
 DDoS Simulation: Yes
 Bug Bounty Program: Yes
 Phishing / Spear Phishing: Yes
 Vishing, Smshing: Yes
 Subcategory: Advisory and Consulting

 Technical Security Audits: Yes
 Maturity Assessment as per frameworks (C2M2, NIST, etc.): Yes
 War Game Assessment: Yes
 Remediation Consulting: Yes
 Data Flow and Data Classification: Yes
 Awareness Drills: Yes
 Subcategory: Training
 Security Awareness: Yes
 Customized Cybersecurity Trainings : Yes for all levels i.e beginner, intermediary
and advanced
Govt. : Nil
PSU : 50+
Private : 500+


Wireless security audit:20+
ICS/OT Audits:2+
Staff Certifications count
Certifications Count
Certified Ethical Hacker 119
Offensive Security Certified Professional (OSCP) 15
Certified Information Security Consultant (CISC) 131
Certified Information Systems Auditor (CISA) & Certified Information Systems Security Professional
10
(CISSP)
Associate Fellow of Business Continuity Institute (AFBCI by The BCI, UK) / Certified Business Continuity
2
Professional (CBCP by DRI International USA)
CREST Certified 2
PCI DSS Qualified Security Assessor (QSA) 6
ISO 27001 Lead Auditor / Lead Implementer/ ISO9001 / ISO 14001 / ISO23001 / BS25999 / ITIL /
45
ISO20000 / ISO22301
Cyberark/Imperva/QRadar/Arcsight Certified 30
Certified Professional Hacker (CPH) / Certified Professional Forensics Analyst (CPFS) 149
©2021 Network Intelligence. All Rights Reserved. 33
S. Technical Personnel’s Place of Working Information Total Credentials Self- Specify in

No. Name Posting with the Security experience verified by signed Yes/No
organization related in organization copy of whether t
since qualifications information (Yes/No) Passport person wi
(month & (CISSP/ISMS security (if any) deployed
year) LA / CISM/ related (Yes/No) governme
CISA/ ISA activities and critica
etc., state as (years) sector
applicable) audits/pro
1. Vaibhav SheorajVerma Pune July 2015 CISC; CPH; 6 years Yes Yes. Can Yes
CPFA; OSCP; be
Certified Red submitted
Teaming if
Expert required
(CRTE);
2. AtulMishrilal Sharma Pune September OSCP 6 Years Yes Yes. Can Yes
2015 be
submitted
if
required
3. ShashankHanumantGosavi Mumbai April 2014 OSWP; Azure 7 Years Yes Yes. Can Yes
Fundamentals; be
submitted
if
required
4. Ashutosh Digambar Mumbai March 2017 CISSP, CISA, 15 years Yes Yes. Can Yes
Mahashabde CISM, CRISC, be
ISO submitted
27001:2013 if
LA, COBIT5 required
Foundation,
COBIT 2019
Foundation,
BS 25999-2
LA, ITIL 4
Foundation,
ISO 20000-
1:2011 LA,
Cloud Security
CSA Star
Certified
Auditor
5. Vikas Shrinivas Vedak Mumbai January ISO 20 years Yes Yes. Can Yes
2018 27001:2013 be
LA, ISO submitted
27001:2013 if
LI, ITIL 4 required
Foundation
6. Vishal Jeetendra Jain Mumbai May 2018 CISA, ISO 4 years Yes Yes. Can Yes
27001:2013 be
LA, ISO submitted
27001:2013, if
CDPSE required
S.No Category Brief Description of Details of Contact Person at Additional Info.

(Govt./PSU/Private) Scope of Work Auditee Organization (Name, email,
website URL, Mobile, telephone,
fax, etc)
1 Private We are doing Yes Bank, Apart from these,
Application security Ms. Anuprita Daga, we are regularly
assessment and CRO & CISO conducting RBI
source code review anuprita.daga@yesbank.in audit, UPI Audit,
for all Yes bank and +919324788940 NPCI Audit and
group’s application. other regulatory
We also manage audits for the bank.
their SOC. We are also
conducting third
party vendor audit
for banks’ vendors
2 Private Application Security Kotak Bank We also manage the

Testing Mr. Jaypaul Reddy Incident Response
Source Code Review Jaypaul.reddy@kotak.com for the bank
Bug Bounty,
GRC services +919167930323
3 Private Providing 24x7 SOC HDFC Bank We also provide

services Mr. Sameer Ratolikar, CISO other services incl
3rd Party product Sameer.Ratolikar@hdfcbank.com Third Party Audits
Monitoring +919820303045
Qualys, Nessus, Burpsuite, Fortify, Solar AppScreener etc : Commercial
Firesec, BlueScope : Proprietary
KALI Linux, Metasploit, Cain and Abel, Wireshark, HPing, Microsoft Baseline Security Analyzer
(MBSA), Nmap Suite etc : Freeware

We donot outsource security auditing work to 3rd parties.

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
We have partnered with various international security solutions which we are reselling and / or
providing support in the region. Some of the 3rd party products are:
- IBM QRadar
- HP ArcSight & Fortify
- Qualys
- Tenable Nessus
- Appknox
- Checkmarx
- TripWire
- Cylus
- Cylance
- CyberArk
- TrendMicro

We are not a subsidiary / member of any foreign based organization. We have a 22% investment from
a US based firm - CULBRO HELIX INVESTMENTS LLC, a limited liability company, registered,
incorporated and existing under the laws of the State of Delaware, the United States of America,
bearing the registration number 83-0538738. Its registered office is at C/o Corporation Trust Center,
1209 Orange Street, Wilmington, New Castle County, Delaware 19801, USA. This is a minority
holding. Major share continues to remain with the Indian Directors. The HQ of the Network
Intelligence is located in Mumbai
The shareholding patterns is as under :
KK Mookhey – 57%
Culbro Helix – 22%
Karishma Mookhey– 16%
Employee Stock Ownership Plan - 5%
Listing of our branch offices is given below

# USA
Network Intelligence LLC
16192, Coastal Highway,
Lewes, Delaware 19958,
County of Sussex
# UAE
Network Intelligence India Pvt Ltd
803, Blue Bay Tower, Business Bay,
Dubai, United Arab Emirates
# Singapore
Network Intelligence Pte Ltd
30 Cecil Street
#19-08 Prudential Tower
Singapore (049712)
# Netherland
Network Intelligence Europe B.V.
Bezoekadres, Herengracht 420,
1017BZ Amsterdam
*Information as provided by Network Intelligence India Pvt. Ltd.on 2nd July 2021
Back
M/s Price water house Coopers Pvt. Ltd. (PwC PL)
1. Name & location of the empanelled Information Security Auditing
Price water house Coopers Pvt. Ltd. (PwC PL)
S No. Location Address

PricewaterhouseCoopers Pvt Ltd 1701, 17th Floor, Shapath V,
1. Ahmedabad Opp. Karnavati Club, S G Highway Ahmedabad, Gujarat 380
051,Telephone: [91] (79) 3091 7000
PricewaterhouseCoopers Pvt Ltd
The Millenia, Tower D, # 1 & 2 Murphy Road, Ulsoor
2. Bangalore Bangalore, Karnataka 560008
Telephone: [91] (80) 4079 4000, 5000, 6000, 7000
Telecopier: [91] (80) 4079 4222
OB 2, 2nd floor, D B Corporate Park,D B Mall, Arera Hills, M P
3 Bhopal
Nagar, Bhopal, Madhya Pradesh 462011, India
Telephone: [91] (755) 676 6202
PricewaterhouseCoopers Pvt Ltd Prestige Palladium Bayan,
8th floor 129-140, Greams Road, Chennai, Tamil Nadu 600
4 Chennai
006 Telephone: [91] (44) 4228 5000 Telecopier: [91] (44)
4228 5100
Premises No. 11, 2nd Floor, Mak Plaza, Municipal no 75A
5 Dehradun
Rajpur Road, Dehradun, Uttarakhand 248002,India
Telephone: [91] (135) 2740729
PricewaterhouseCoopers Pvt Ltd 7th Floor, Building No.8,
Tower-C DLF Cyber City, Gurgaon, Haryana 122002 ;
Telephone: [91] (124) 626 6600 ; Telecopier: [91] (124) 626
6500
PricewaterhouseCoopers Pvt Ltd Building 10, Tower C, DLF
6 Delhi NCR
Cyber City, Gurgaon, Haryana 122002 , Telephone: [91]
(124) 330 6000, Telecopier: [91] (124) 330 6999
PricewaterhouseCoopers Pvt Ltd Building 8, Tower B, DLF
Cyber City, Gurgaon, Haryana 122002 ; Telephone: [91]
(124) 462 0000, 306 0000 ; Telecopier: [91] (124) 462 0620
PricewaterhouseCoopers Pvt Ltd Plot no. 77/A, 8-624/A/1 ,
3rd Floor , Road No. 10 , Banjara Hills , Hyderabad,
7 Hyderabad
Telangana 500 034 Telephone: [91] (40) 4424 6000
Telecopier: [91] (40) 4424 6300
PricewaterhouseCoopers Pvt Ltd Plot No Y-14, Block EP,
Sector V, Salt Lake Electronics Complex Bidhan Nagar,
Kolkata, West Bengal 700 091
Telephone: [91] (33) 2357 9260, 7600
Telecopier: [91] (33) 2357 7496, 7456
8 Kolkata
PricewaterhouseCoopers Pvt Ltd, Plot Nos 56 & 57, Block DN-
57, Sector-V, Salt Lake Electronics Complex, Kolkata, West
Bengal 700 091
Telephone: [91] (33) 2357 9100, 9101, 4400 1111
Telecopier: [91] (33) 2357 3395, 2754
PricewaterhouseCoopers Pvt Ltd, 252 Veer Savarkar Marg,
Next to Mayor's Bungalow, ShivajiPark, Dadar Mumbai,
Maharashtra 400 028
9 Mumbai Telephone: [91] (22) 6669 1000
Telecopier: [91] (22) 6654 7800/7801/7802
PricewaterhouseCoopers Pvt Ltd, NESCO IT Bld III, 8th Floor,
NESCO IT Park, Nescso Complex,Gate No. 3 Western Express
Highway ,Goregoan East, Mumbai, Maharashtra 400 063
Telephone: [91] (22) 6119 8000
Telecopier: [91] (22) 6119 8799
PricewaterhouseCoopers Pvt Ltd, PwC House, Plot No. 18 A,
Guru Nanak Road (Station Road), Bandra, Mumbai,
Maharashtra 400 050
Telephone: [91] (22) 6689 1000
Telecopier: [91] (22) 6689 1888
PricewaterhouseCoopers Pvt Ltd Tower A - Wing 1, 7th floor
Business Bay Airport Road Yerwada, Pune, Maharashtra
10 Pune 411006
Telephone: [91] (20) 4100 4444
Telecopier: [91] (20) 4100 6161
Unit No 004, 9th Floor, Tower C
Commercial Complex, CBD, Sector 21, Naya Raipur
11 Raipur
Raipur, Chhattisgarh 492002, India
Telephone: [91] (771) 242 9100
Eastlin Complex, Near Himurja SDA Commercial Complex
12 Shimla
Kusumpti, Shimla, Himachal Pradesh 171009, India
Telephone: [91] (177) 2971828

 Compliance audits - Yes
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) - Yes
 ICS/OT Audits - Yes
 Cloud security Audits - Yes
 Information security policy review and assessment against best
security practices - Yes
 Communications Security Testing - Yes
Govt. : 10+
PSU : 10+
Private : 200+


Compliance audits: 50+
ICS/OT Audits:10
CISSPs : 10+
BS7799 / ISO27001: 100+
CISAs : 10+
DISAs / ISAs : 1
Any other information security qualification:400+ (OSCP, CEH, CISM, DCPP etc.)

No. PwC Information Security Information security
1. Rajinder Singh 7+ years 16+ years  CISSP
 CIPP/US,
CIPP/E, CIPT,
FIP
 DCPP
 CEH
 BCCS
 CISRA
 CCNA
 ISO31000
 ISO27001
2 Ankit Goel 5+ years 11+ years  OSCP
 CEH
 OWASP
Member
3 Faiz Haque 7+ years 7+ years  ISO 27001 LA
 ISO
22301:2012 LA
 BS 10012
 DCPP
 ISO 27001 LI
 TOGAF 9
4 G Karthik 3+ years 3+ years  OSCP
 ISO 9001:2015
LA
5 Sameer Gupta 4+ years 4+ years  Associate of
(ISC)2 towards
Certified
Information
Systems
Security
Professional
(CISSP)
 DCPP
 ISO 31000
 ISO 27001 LA
 ISO 27001 LI
PwC India was engaged by a large PSU organization to provide various cyber security audit
services. We perform application, infrastructure security penetration test (ethical hacking),
including manual and automated tool techniques to uncover potential security issues.
Contract Value: Confidential
S No. Tools Freeware/ Commercial

1 Nessus Professional Commercial
2 Acunetix WVS Commercial
3 HPE Webinspect Commercial
4 HPE Fortify AWB Commercial
5 Burp Suite Professional Commercial
6 Nmap/Zenmap Freeware
7 Nikto Freeware
8 Kali Linux and associated tools Freeware
9 AirCrack-Ng Freeware
10 MobSF Freeware
11 Metasploit Framework Freeware
12 QARK Freeware
13 Nipper etc. Freeware

11. Whether organization has any Foreign Tie-Ups? If yes, give details :
PricewaterhouseCoopers Pvt. Ltd. (“PwCPL” or “the Company” hereinafter), a distinct and

separate legal entity being incorporated under the Companies Act, 1956, engaged in rendering
advisory and consulting services. PwCPL is an Indian member company of this global network
and provide advisory and consulting services.
12. Whether organization is a subsidiary of any foreign based organization? :
PricewaterhouseCoopers Pvt. Ltd. (“PwCPL” or “the Company” hereinafter), a distinct

andseparate legal entity being incorporated under the Companies Act, 1956, engaged in
renderingadvisory and consulting services. PwCPL is an Indian member company of this global
networkand provide advisory and consulting services.
13. Locations of Overseas Headquarters/Offices, if any : NA
*Information as provided by PricewaterhouseCoopers Pvt. Ltd. on 2nd July 2021
Back
M/s Xiarch Solutions Private Limited
M/s Xiarch Solutions Private Limited,

352, 2nd Floor, Tarun Enclave, Pitampura,
New Delhi-110034, India
Ph: 011 - 4551 0033, 9810874431
Fax 011 - 6617 3033

 Cyber Forensics investigations : Yes
 API Security Audit : Yes
 Mobile Application Security Audit (iOS, Android) : Yes
 Source Code Review/Audit : Yes
 IS Audit : Yes
 Network Performance Testing : Yes
 SOC 2 Type 1 & Type 2 : Yes
 GDPR Compliance : Yes
 Load Testing : Yes
 ISNP Audit : Yes
 Root Cause Analysis : Yes
 AUA/KUA (Aadhaar Audit) : Yes
 AEPS & Aadhaar Pay Micro ATM Audit : Yes
 Email Spear Phishing : Yes
 Compliance Audit (RBI, SEBI, NHB, Stock Exchanges) : Yes
 IT/OT Infrastructure Audit : Yes
 IT General Controls : Yes
 Cloud Security Audit : Yes
 e-Sign Compliance audit : Yes
 Backend Architecture Review : Yes
 Process and Policy Review : Yes
 IoT Security Assessment : Yes
 Red Team Assessment : Yes
 Incident Response : Yes
 Server & Database Configuration Review : Yes
 Thick Client Security Audit : Yes
 Data Localization Audit : Yes
 Networking Device Configuration Audit : Yes
 SCADA Security Audit : Yes
Govt. : 760+
PSU : 20+
Private : 232+

based on project handled by them).
Cyber Forensics investigations : 2+
API Security Audit : 25+
Mobile Application Security Audit (iOS, Android) : 28+
Source Code Audit : 4+
IS Audit : 20+
ISNP Audit : 5
AUA/KUA (Aadhaar Audit) : 10+
AEPS & Aadhaar Pay Micro ATM Audit : 19+
Compliance Audit (RBI, SEBI, NHB, Stock Exchanges) : 10+
IT Infrastructure Audit : 15+
CISSPs : 1
BS7799 / ISO27001 Las : 1
CISAs : 1
DISAs / ISAs : 0
S. Name of Duration with Qualifications related to Experience in

No. Employee Xiarch Information security Information
Solutions Pvt. Security
Ltd.
1 Utsav Mittal 12 years CISSP, CEH, MS Infosec 12+ Years
Purdue Univ, USA
2 Sandeep Sikka 6.6 years CISA, ISO 27001:2005: Lead 25+ years
Implementor
3 Ashish Chandra 7 years MCA, CEH, GNIIT 9 years
4 Kritika Mittal 8 years B-tech (CSE ) , M-tech (CSE 8 Years
with specialization in
Information security )
5 Kritika Mishra 4.1 years B.Tech, CEH 4.1 years
6 Shubham Dabre 3.10 years CEH 3.10 years
7 Abhishek Kataria 3.10 years B.Tech(Mech), MBA, CEH 3.10 years
8 Md. Tanveer Alam 3.7 years B.sc Diploma in Software 3.7 years
Engineering (Java
Specialization),Oracle
Database 11g, CEH
9 Vivek Jain 3.6 years M.Sc(CS&IS), CEH 3.6 years
10 Sanjay Kumar 3.3 years BE (IT), CEH 5 Years
11 Ajay Kant 3 years BCA, MCA(Pursuing),CEH 3 years
12 Kamalesh Maity 2.5 years B-tech, CEH 5.6 Years
13 Sidhant Maithani 2.7 years BCA, MCA, CEH 2.7 years
14 Shubham Patil 2.3 years BE- IT, CEH 2.3 years
15 Naman Gupta 2.3 years BCA(Pursuing), CEH 2.3 years
16 Sushil Kumar 1.8 years MCA, CEH 3 Year
Jaiswal
17 Vipul Chauhan 1.5 years PGDIS, ACISE, LCSP 1.5 years
18 Sarthak Goyal 1.5 years B.Tech (Cs), CEH V10, 1.5 years
Diploma in Information
Security
19 Ajaz Sayed 1.3 years Diploma, BE(ETRX), CISC, 1.3 years
CEHv10
20 Jitender Kumar 1.4 years Master of Science in 1.4 years
Information Technology
(Pursuing)
21 Aakash Mishra 2 years MCA 2 years
22 Nitin Gupta 1 year B-tech (ECE) 1 year
23 Garima Kalra 8 Months MCA 8 Months
24 Srikar Sama 3 Months B-tech (ECE) 3 Months
25 Pratik Shah 2 Months MCA, CEH, CNSS, NSE 1 and 2 Months
2
S. No Project Scope of work Complexity Location

1 Petroleum Industry 150 Web Applications, 200 -Web Applications for Black Mumbai
Servers audit, box Testing,
Email Spear Phishing Drill -Web Applications for Grey
(Internal Employees), Network box Testing,
device Configuration Review, -Email Spear Phishing Drill,
Onsite Training at different -Vulnerability Assessment &
locations and Forensics Penetration Testing of
Investigation Activities. Critical IT Systems including
Servers, Databases,
Network devices, Security
devices etc,
-Configuration Review of
Network & Security
solutions,
-Cyber Security Awareness
Workshop for End-users,
-Forensics / Incident
Investigation
2 Project for Approx 660 Websites and web Audit of all websites and Gujarat
Government of Applications Security Audit web applications (hosted in
Gujarat GSDC and NIC Data Centre).
3 One of the Largest Managing complete IS and Work included Compliance, Delhi/NCR
NBFC in India Compliance Services. Vulnerability Assessment
Penetration Testing, Web
Application Security, Infra
Audit, Aadhaar Audit etc
4 SaaS Company Information Security, Cyber - Application Security Delhi/NCR
Security Services and Assessment
Compliance Services - VAPT
- API Security Assessment
-Devices Configuration
Review/ Audit
- Compliance Service
-IT Security Roadmap
Development and consulting
5 Maharatna Company SCADA/Industrial Control -SCADA/Industrial Control PAN India
Systems/ Distributed Control Systems/Distributed Control
Systems Security Vulnerability Systems Security
Assessment and Penetration Vulnerability Assessment
Testing. and Penetration Testing.
-Servers/WorkStation
Vulnerability Assessment
and Penetration Testing
-Firewall and Switches
Configuration Review.
-Policies and Procedure
Review
6 India's largest Comprehensive IT Security - Different Locations IT Infra PAN India

public sector trading Audit of IT Infrastructure & VAPT
body. Systems. - IS Policy Review
7 Industry - Power Cyber Security Audit of -Network Architecture Delhi/NCR
Market Regulation Information Technology Review,
(Govt. Sector) System -VA & PT (Internal) of
Servers, Desktops,
-Network & Security Devices
and Applications,
-Configuration Audit of
Servers,
-Network Devices & Security
Devices,
-External Penetration
Testing for Public IPs,
-Source Code Review

 Burp Suite
 Puma Scan
 SQL Map
 Nmap
 Superscan
 Kali Linux
 Metasploit Framework, Netcat , BeEf
 Wireshark – Packet Analyser
 Cisco Netwitness
 Tenable Nessus
 Rapid7 Nexpose community edition
 Tamper Data
 Directory Buster
 Nikto
 Ettercap
 Paros Proxy
 Webscarab
 Brutus
 Encase, FTK, Pro discover etc
 Custom Scripts and tools
 OWASP Xenotix
 Browser Addons
 Echo Mirage
 Paros Proxy
 Fiddler Proxy
 Angry IP Scanner
 Nmap
 Aircrack
 Kismet
 WinHex
 Proccess Monitor
 WP-Scanner
 Accunetix Vulnerability Scanner


*Information as provided by Xiarch Solutions Private Limited on 26/10/2020
Back
M/s Yoganandh & Ram LLP
Yoganandh & Ram LLP

G-1, SHREE VISHNU APARTMENTS,
#12, 12TH CROSS STREET,DHANDEESWARAM NAGAR,
VELACHERY, CHENNAI – 600 042
2. Carrying out Information Security Audits since : September-2009

(11 Years – 1 Month)
 Network security audit : YES

 Web-application security audit : YES
 Wireless security audit : YES
 IT Security Audit : YES
 Data Centre Physical and Environment Security Audit : YES
 Internet & Mobile Security Audit : YES
 CBS/ERP Application Security Assessment : YES
 Information Security Policy Formulation & Assessment : YES
 Data Migration Audit : YES
 Cyber Forensics & Mail Forensics Analysis : YES
 Compliance audits (ISO 27001, PCI, CCA, IRDA, CRA, etc.) : YES
 NPA Configuration Review : YES
 Swift Infrastructure Audit : YES
 AUA/KUA Audit : YES
 BCP Policy Formation & Assessment : YES
 BCP DR Testing & Implementation : YES
Govt. : 18
PSU : 06
Private : 49

based on project handled by them).

Data Migration Audit : 1
CBS/ERP Application Security Assessments : 1
Internet Banking & Mobile Security Audit : 10
Information Security Policy Formulation &assessment : 3
AUA/KUA Audit : 4
CISSPs : 1
CISAs : 11
ISO27001 LAs : 7
BS 10012 : 9
BS25999 : 1
DISAs / ISAs : 2

1. Certified Ethical Hacker : 3
2. M.Sc/M.Tech- Cyber Forensics and Information Security: 3
3. PG Diploma in Cyber Law : 1
4. System Security Certified Practitioner : 1
5. CloudU : 1
6. CRisc : 1
7. CDCP : 1
8. ECSA : 1
Critical sector organizations (attach Annexure if required) : As per Annexure-1
IT Security Audit for one of the leading Bank in India

1. Scope inclusive of
a. Vulnerability Assessment for over 200 Servers,

b. Web Application Penetration Testing of Internet & Mobile Banking
Applications,
c. CBS Application Review,
d. Policy Assessment,
e. Application security Assessments,
f. ATM Switch Review,
g. Physical and Environmental Audit.
2. Value: Over 12 Lakhs

3. No. of Applications: 20+
4. No. of Server: 200+
5. Locations: Chennai, Bangalore
1. Nessus(Commercial)
2. Burpsuite(Commercial)
3. Nmap
4. Nikto
5. Sqlmap
6. John the Ripper
7. Wireshark
8. Hping3
9. SNMP Walk
10. Metasploit
11. W3af
12. Netcat
13. Pdump
14. THC Hydra
15. Acunetix Free Web Application Scanner
16. Dirbuster
17. ZAP
18. PW Dump
19. OWASP Xenotix
20. SEToolikit
21. Aircrack-ng


*Information as provided by Yoganandh & Ram LLP
Back
Annexure-1
Sl.No Name of Employee Duration with Experience in Qualifications related

organization Information to Information
Security security
1. T Manoj Kumar Jain 14 Years 10 Years CISA, ISO 27001:2013
Lead Auditor
2. R Chandrasekhar 10 Years 6 Months 17 Years CISA, DISA, CISSP, ISO
27001:2013 Lead
Auditor, ISO 25999, PG
Diploma Cyber Law
3. T Mariappan 11 Years 2 Months 10 Years CISA, DISA
4. Sangeetha N 4 Years 4 months 4 Years 4 Months CISA, ISO 27001:2013

Lead Auditor
5. T Chandra Prakash Jain 8 Years 7 Months 8 Years 7 Months CISA
6. Pavana Kumar LKG Mushti 6 Years 7 Months 6 Years 7 Months CISA, ISO 27001:2013
Lead Auditor
7. Sreevatchan S 4 Years 1 Month 4 Years 1 Month Certified Ethical Hacker
(C|EH)
8. Padmanaban K 3 Years 7 Months 21 Years CISA, CISM
9. Krishnan J 3 Years 4 Months 3 Years 4 Months CISA, , ISO 27001:2013

Lead Auditor
10. Madhan Prasad 3 Years 5 Months 3 Years 5 Months M.Tech., M.Sc., Cyber
Forensics & Information
Security
11. Prasanna P 8 Years 3 Years ISO 27001:2013 Lead

Auditor
12. Vasanth K 3 Years 4 Months 3 Years 4 Months CISA
13. Selin Raj 2 Years 6 Months 2 Years 6 Months B.Tech, CEH, M.Sc.,
Cyber Forensics &
14. Srinivasan V V 2 Years 5 Months 2 Years 5 Months CISA
15. Sowmya Rajan 2 Years 2 Months 2 Year 2 Months CISA, ISO 27001:2013
Lead Auditor
16. Vignesh 1 Year 4 Months 1 Year 4 Months M.Tech, Certified Ethical

Hacker (C|EH),
Back
STQC Directorate, Ministry of Electronics and IT, Govt. of India
STQC-IT
STQC Directorate,
Electronics Niketan, 6 C G O Complex,
Lodhi Road, New Delhi-110003

Govt. : 125
PSU : 20
Private : 40


CISSPs : 0
BS7799 / ISO27001 LAs : 14
CISAs : <number
of>
DISAs / ISAs : <number
of>
Any other information security qualification : <number
of>
S. Technical Place of Posting Working Total Information

No. Personnel’s with the experience Security related
Name organizatio in qualifications
n since information (CISSP/ISMS LA
(month & security / CISM/ CISA/
year) related ISA etc., state
activities as applicable)
(years)
1 Subhendu Das STQC, Kolkata 30 19 ISMS LA, CEH,
CC Validator
2. Malabika STQC, Kolkata 28 19 CEH, ISMS LA,
Ghose CC Evaluator
3. Manikanta Das STQC, Kolkata 31 17 ISMS LA, CEH,
CC Evaluator
4. Arpita Datta STQC, Kolkata 20 13 CEH, Master
Trainer (ISEA
Project)
5 Sanjay Kumar STQC, Kolkata 20 13 CPSSE
Prusty (Certified
Professional for
Secure
Software
Engineering),
Trained in IOT
Security
6 Arup Datta STQC, Kolkata 17 7 CNSM, Trained
in IOT Security
7 Subrata Giri STQC, Kolkata 14 7 CNSM
8 Ratna STQC, Kolkata 31 2 Trained in
Bhattacharya Source Code
Review
9 Anurag STQC, Kolkata 2 2 Trained in
Cryptography,
IOT security
10 Amrita Som STQC, Kolkata 5 2 Trained in
Reverse
Engineering
11 Bony Thomas ERTL(S),Thiruva February, 4 ISMS LA
nanthapuram 1997
12 Praveen PS ERTL(S),Thiruva March, 5 ISMS LA
nanthapuram 2014
13 T.V. STQC IT February, 10 years ISMS LA
Subramanyam Services, 1987
Hyderababad
14 Satish Kumar STQC IT September, 2 Years
Services, 2017
Hyderababad
15 G Nagaraju STQC IT February, 1 Years
Services, 2018
Hyderababad
16 Mohammad STQC IT October, 1 Year
AkramSohail Services, 2017
Hyderababad
17 ChandraSekha STQC IT December, 1 Year
r Yadav Services, 2018
Hyderababad
18 Dr. S STQC, Chennai 1990 20 years ISMS LA, STQC-
Velmourougan CISP, CEH,CRP
19 M Vellaipandi STQC, Chennai 13/05/199 15 Years ISMS LA
3
20 C STQC, Chennai 27/07/199 20 years
Chollanathan 2
21 V STQC, Chennai 01/02/199 20 years ISMS LA, STQC-
Jambulingam 1 CISP,CEH. CRP
22 NandlalJadav STQC, Chennai 09/2017 2 years
23 Aditya Kumar STQC, Chennai 24/02/201 6years
Dewangan 4
24 Suresh STQC, Delhi 04/04/199 19 Years ISMS LA, STQC-
Chandra 0 CISP,
25 A. K. STQC, Delhi 16/08/199 19 Years ISMS LA, STQC-
Upadhyaya 1 CISP,
26 Sanjeev STQC, Delhi 16/11/199 19 Years ISMS LA, STQC-
Kumar 3 CISP,
27 M. K. Saxena STQC, Delhi 04/07/198 19 Years ISMS LA, STQC-
5 CISP,
28 Sunil Kumar STQC, Delhi 04/04/201 5 years
Yadav 4
29 Anjali Jain STQC, Delhi 21/09/201 2 Years
7
30 Swati Gupta STQC, Delhi 21/09/201 2 Years
7
31 Pinky Bai STQC, Delhi 18/09/201 2 Years
7
32 CharupriyaBis STQC, Delhi 21/09/201 2 Years
ht 7
33 Manish Kumar STQC, Delhi 19/09/201 2 Years
Selal 7
34 Praveen STQC, Delhi 12/12/201 2 Years
Kumar 7
35 Mohammed STQC, Delhi 26/09/201 2 Years
Danish 7
36 Ritu Luthra STQC, Delhi 21/04/200 10 Years
8
37 Makrand STQC, Mumbai 1986 7 Years ISMS-LA, ITSM-
Deshpande LA, ISA
38 Sunil Kumar STQC, Mumbai 2017 2 Years
Singh
39 Dineshh Saini STQC, Mumbai 2017 2 Years
40 N STQC, Mumbai 2018 17 years
SamayaBalan
(Deputed from
MEITY)
41 S.P.Tharesh STQC, 1999 11 years ISMS-LA
Kumar Bengaluru
42 Prashant STQC, 2017 2 years
Kumar Varma Bengaluru
43 Ziaul Hasan STQC, 2017 2 years
Bengaluru
• Conformity assessment of different eProcurement and auction systems for Coal

Auction, OFB eProcurement, Director General of Hydro Carbon, Non-Coal Mining Lease
have been completed in time bound manner. The systemsare developed by M/S
mjunction or M/S MSTC Kolkata or (n)codeGujratandare being successfully used.
• Security vulnerability assessment for the websites of Govt. of West Bengal, various
PSUs, Indian Embassies / High Commissions at different countries like Germany,
Romania, Sri Lanka, Tajikistan, Vietnam, United Kingdom and Russia Conducted and
certificate issued for ‘safe to host’.
 Security evaluation of IT Security Products like Core Routers, Networks POTP/PTN

Access Systems, SDH/SONET based Optical Networking Equipment, Telecom Element
management , Dos Mitigation Platform etc.based on Common Criteria standards
(https://www.commoncriteria-india.gov.in/product-certified)
• Security vulnerability assessment of servers and network devices for organization like
IRCTC, CRIS, MSRTC, Power Grid Corporation etc. has been completed.
 Security Assessment of different Mobile Apps both on Android and iOS platforms based
on OWASP MASVS 1.2
Commercial: Appscan, Acunetix, N-Stalker, Nessus (Professional Feed), Burp Suite,

Webinspect
Freeware: nmap, dirbuster, Paros, SSL Digger, HPing3, WebScarab, SqlMap,

BackTrack Suite, Nipper, OpenVAS


*Information as provided by STQC IT, Kolkataon 26thOctober 2020 based on data of last 12
months i.e. from Oct-2019 to Sept-2020
Back
M/s Protiviti India Member Private Limited
Protiviti India Member Private Limited
 Network Security Audit (Y)

 Compliance audits (ISO 27001, PCI, etc.) (Y)
 Configuration Review audits (Y)
 Domain & Email exchange audit(Y)
 Cloud security audits (Y)
 Mobile device management solution review(Y)
 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.)(Y)
 Source code review audits (Y)
 Mobile application security audit (Y)
 Network and Web application architecture review audit(Y)
 Endpoint security Audits (Y)
 Cyber Forensics(Y)
 Incident response (Y)
 IOT/DCS devices security audit(Y)
Govt. : 2
PSU : 1
Private : ~210
Total Nos. of Information Security Audits done :~213

 Network Security Audit : ~41

 Web-application security audit : ~41
 Compliance audits (ISO 27001, PCI, etc.) : ~150
 Configuration Review audits : ~3
 Cloud security audits : ~2
 Mobile device management solution review : ~1
 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : ~2
 Source code review audits : `2
 Mobile application security audit : ~1
 Network and Web application architecture review audit : ~1
 Cyber Forensics / Incident Response : ~1
Certification Count
ISO 27K LI 19
ISO 22301 LA/LI- BSI
LA 25999 8
ISO 20K LA 51
CHFI 4
CEH 25
OSCP 6
CISA 15
CCSA 1
ITIL 13
Prince2 Practitioner 1
CCNA 8
Blockchain Essential 1
CDPSE 1
PCI DSS 2
DCPP 1
AWS Solutions Architect
- Associate 2
AWS Security
Fundamentals 3
ICSI 4
ECSA 4
OPSEC 2
COBIT 5 Implementer 2
JCHNP 1
ACSE 1
CISM 2
CPISI 1
Beyond Trust 1
One Trust 16
Carbon Black Associate
Analyst (EDR 4
Carbon cloud Black 1
Carbon Black Advanced
Analyst 1
Rapid 7 Insight VM 2
CompTIA Security + 3
CNSS 8
Fortinet Network
Security Expert 5
Qualys Vulnerability
Management 4
Splunk 3
Microsoft Azure Security
Certified(AZ-500) 4
API Security Architect 1
SAP 3
CCENT 1
CISEH 1
DSCI Certified Privacy
lead Assessor (DCPLA) 2
GDPR Practitioner 3
IBM Agile Explorer 1
RSA Certified Security
Professional 1
Cyber Ark 4
CISSP 2
CSA-Cloud security
alliance STAR
certification 2
ITSM 1
CCSK 1
AML 1
Basell 1
Green Belt 1
Certified Crisis
Management Specialist 1
CIAM (Certified Identity
and Access Manager) 1
Oracle Certifications 3
Cloud Certifications 4
Total 264
The indicative list is as under:
Years Total
Sr. Post
Name with years of Graduation Certifications
No. Graduation
Protiviti experience
1 Abhishek Gautam 1.7 7.7 BE, 2014 CHFI, ISO 27001 LA
ISO 27001 LA
Beyond trust Certified
2 Amish Kaul 2.2 4 BE CS, 2015 MBA IT, 2019
Secure Password
Management
OneTrust Vendor
3 Chintamani Gupta 3.9 7 BSc IT MCA
Management
CEH V10, Carbon
PGDM Black Associate
4 Dhruv Raina 1.7 5.11 B.Tech ECE Information Analyst (EDR ),
security, 2017 Carbon Black
Advanced Analyst
5 Harin Kumar 1.2 6 Btech ,2014 NA NA
ISO27001 LI
ISO 22301 LI
Carbon Black Cloud
Associate Analyst
OneTrust Vendor Risk
Management Expert
PGDM in One Trust Privacy
Operations Management
Bsc (Physics, Maths, Management, Professional
Statistics), 2011, 2019, from One Trust GRC
6 Kamlesh Gusian 1.9 9.1
from HNBGU Welingkar Solutions Expert
Uttarakhand Institute of One Trust Targeted
Management Data Discovery
Mumbai Expert Certification
ITIL Foundation
Certified Network
Security Specialist -
ICSI
AWS Security
Fundamentals
Onetrust Vendor Risk

PG Diploma Management Expert
7 Kishan Kumar 1.9 9.4 B.Tech (ECE) (Information CEH, CHFI, CCNA,
Security), 2015 ISO 27001 LA
Onetrust Privacy
Management
Professional
Shraddha MBA ISO/IEC 27001: 2013
8 2 13.11 BCOM
Korgaonkar (Finance),MCOM LI
Vendor Risk
Mangement -
Onetrust
CEHV8, Rapid 7
9 Muktanand Kale 1.8 6 BE EXTC,2014
Insight VM
CEHV9, ECSA V9,

PG Diploma
CCNA(Expired)
10 Neelesh Kanojiya 1.6 6.8 BE, 2012 (Information
One Trust Vendor
Security), 2019
Risk Management
OSCP, Rapid 7
11 Parth Srivastava 1.9 6 B.tech, 2015
Insight VM
ISO27001 LI, IA
M.Sc. Disaster
Prathamesh ISO22301 LI, IA
12 2.1 7 BSC, 2012 Management,
Baviskar One trust: Vendor
2015
Management
B.E. - Electronics Qualys Vulnerabiliy

and Management, CNSS,
13 Prachi Hajare 2.6 5.5
Telecommunication Fortinet Network
2015 Security Expert
OSSTMM Professional
Security Expert
B.E. (Computer (OPSE)
14 Pranav Kathale 1.7 7.11 Science and - Splunk 7.x
Engineeing) Fundamentals Part 1
CarbonBlack Defense
Associate Analyst
B.E. (Computer
15 Ranvijay Singh 3.3 4.5 Science and
Engineeing), 2016
PGDM in
16 Rahul Bhalekar 1.7 8.8 BCA, 2017 Information ISO 27001 LI
Security
ISO 27001 LA,

Protiviti US Lab
Challenge - Inetrnal
Certification, Access
Data Certified
Computer Science MBA in IT &
17 Rahul Rohit 2.10 3 Investigator, Carbon
Engineering Operation
Black Defense
Associate Analyst
Microsoft Azure
Security Certified(AZ-
500)
CEH, CCNA R&S,

18 Sanjeev Jha 2.7 6.5 B.Sc.IT MCA Protiviti US Lab
Challenge - Internal
CEHV10
NSE1(Fortinet's
Network Security
Expert Certification )
NSE2(Fortinet's
BE(Electronics)2014- Network Security
19 Satish Yadav 1.5 2.9
2018 Expert Certification )
Onetrust Vendor Risk
Management Expert
NSE(Fortinet's The
Threat Landscape
Certification )
20 Suraj Nair 3 6.7 Msc, 2015 CEH V8, ECSA V8

MSc in ISO 27001 LA, ISO
Information 22301 LI, ITIL, One
21 Subir Kochar 1.9 6.1 BE CSE 2009-2013
security (2013- Trust Vendor Risk
15) Management Expert
ISO 27001 LA
22 Sagar Padaya 2 4.11 BSCIT MBA-ITBM
ICSI CNSS free
training course
Splunk Enterprise
Certified Architect v7,
Splunk Architecture
Certified, Splunk
Admin Certified,
Splunk Power User
M.Tech in Cyber Certified, Palo alto
23 Tushavara Oakesh 1.8 5 B.E IT
Security, 2017 ACE networks OS V8,
Red Hat Automation
with Ansible I, Qualys
Vulnerability
Management, CB
Response Advanced
Analyst
Chartered
24 Sandeep Gupta 3.5
Accountant
CISA,BSI LA
Prashant Ramdas Chartered (I25999), BSI LA
25 2.3 20+
Bhat Accountant (I25999), SAP FI
certified
Bachelor of
CISA, CCNA, CCSA,
26 Vaibhav Koul 3 15+ Electrical
CDPSE
Engineering,
, Certified CompTIA
Security+ (SY0-601),
Red Hat Certified
System Administrator
Dharamraj BSC. Computer MSC.IT Part One (RHCSE), Red Hat
27 0.8 4.1
Vishwakarma Science, 2016 perusing Certified Linux
Engineer (RHCE),
ITIL® 4 Foundation
Certification in IT
Service Management
28 Sonu Sahu 0.6 4 B.Tech, 2017 CEH, OSCP

29 Nitin Bhardwaj 0.6 3.5 BE 2015 MBA – TM 2019 ISO 27001 LA
CEH v10, ISO 27001

30 Saurabh Jagtap 0.7 5.1 BE, 2015 Certified Internal
Auditor
31 Jinesh R 0.6 2.5 BE, 2017 OSCP, CCENT
1. ISO 27001 LA
2018
2. (Comprehensive
32 Deepak Joshi 0.7 6.2 BSC, 2011
and Ethical Hacking)
CISEH 2019
3. Carbon cloud Black
2020
Abdul Khader OIM -L1-Internal

33 0.9 6.1 B.sc(M.E.Cs),2006 M.C.A,2009
Shaik OIM-L2-Internal
ISO 27001 2013 LA
Certified EU GDPR
Imp
Certified PCI DSS
v3.2 Imp
DSCI Certified
Privacy lead Assessor
(DCPLA)
AWS Solution
34 Varun Goyal 0.6 6.3 BE, 2014 Architect
Dipoma in Cyber law
35 Aayush Mittal 0.8 3 B.Tech - CSE, 2017
Master of Cyber
Law & ISO 27001 LA,
Samarth Kumar B. Tech , Mechanical
36 0.6 3.6 Information One Trust Certified
Mishra Engr. 2016
Security (MCLIS) Privacy Professional
, 2020
CISA,
CCNA,
CEHv9,
37 Sahil Chander 0.3 12 BE, 2008-09 PGDM ISO27001 (LI)
ISO 27701
ISO 31000
CNDv1
Vijay Singh
38 0.4 3.5 BE, 2017 ISO 27001 LA
Thakur
Qualys,
ISO 27001 LA
39 Amey Sawant 0.6 8.5 BSc.IT, 2012 MSc.CS, 2017
Splunk dashboard
and log management
CISA,CPISI,CCSA,ISO
40 SARITA PADMINI 0.3 12+ Btech, 2007 MBA 27001 LA, One Trust
Privacy Professional
ISO 27001 LA,

41 Madhuri Mandal 0.3 4.1 B.Tech, 2016 NA IBM Agile Explorer,
ITIL Foundation V3
42 Sarth Dixit 0.3 NA B.Com(Hons.)2018 NA NA

ISO 27001 LA
One Trust data

mapping certification
43 Smruti Pradhan 0.3 6 2014 2018
One Trust targeted
data discovery
certification
ISO 27001 LA,

Post-Graduation
BE Electronics and ISO 27001 LI,
Diploma
44 Nikita Kale 0.3 5.2 Telecommunication, CISA Preliminary
(PGDITISS),
2015 exam cleared,
2016
EX-PCI QSA
ISO 27001 LA,

ISO 22301 LA,
MBA- ITBM, CEH,
45 Anuj Banura 0.3 3 BCA, 2016
2018 CCNA,
DCPLA,
DCPP
CEH, CHFI, ECSA,

ACSE, JCHNP,
Masters in Cyber OPSEC, ITIL,
46 Gaurav Sharma 0.5 9 B.Com, 2007
Security,2015 ISO/IEC 27001 LA -
TUV SUD,
OSCP,CISA, CISM
ISO 27001 LA
ECC - CEH v9
Asian School of Cyber
Laws - Advanced
Diploma in Cyber
Laws
M.Sc.
B.Sc. Computer Asian School of Cyber
47 Rudhir Anil Moghe 0.5 4.5 Information
Science Laws - Diploma in
Technology
Internet Crime
Investigation
AWS Security
Fundamentals
Fortinet NSE1 and
NSE2
Krishna Chartered
48 Srinu Elike 0.2 4 NA
University/2015 accountantancy
49 Vishal Bhandari 0.3 0.2 B.tech, 2020 NA CEH
50 Arnab Biswas 0.2 9 MBA (Finance) CEH, ISO 27001
M.Sc. Network
Tech – 2015, CCNA, CEH, Comptia
51 Divesh Sood 0.2 4 BCA, 2010-2013
M.Tech Cyber Security +
Security- 2018
MBA 2020 (In-
52 Gandharv Saxena 0.2 0 B.tech, 2018 process, Result NA
not out yet)
53 Hitesh Agarwal 0.3 3.8 B.Sc, 2013 MCA, 2016 CEH, ECSA
Varadaraj
54 Hanamant 0.2 2.7 BE, 2018 NA
Jahagirdar
55 Nihal Kazi 0.3 2.7 B.com 2016 CISA
56 Preeti Thakur 0.3 9 BSc IT NA
Power BI,
MBA In finance,
ISO 27001,
Pursuing,
57 Kanchi 0.3 3 Btech IT, 2018 Cyber security audits,
completed by
GDPR, Java, Adv
2022
Java, C and C++
MBA(Marketing),
58 Mrunal Kiran Sali 0.2 3.8 BCOM, 2014 NA
2017
CompTIA Security +,
59 Kunal Tagra 0.3 4 B.Tech. CSE, 2017 MBA, 2020 ISO 27001 LA, ISO
27001 LI
CSA-Cloud security
60 Prajwal Prabhu 0.4 5.6 BE, 2015 alliance STAR
certification
CISA (R)
ISO/IEC 27001: 2013
LA
61 Rukhsar Singh 0.2 10 B.SC, 2004 PGDBA, 2011
ITIL
CCIE(Written
Certified)
MCA(master of
62 Ravuri Venu 0.11 9 BSC computer
applications)
63 ANUPAM GAUTAM 0.5 3 BCOM 2016 MBA IT, 2020 ISO 27001 LI
AKSHAT
64 0.5 1..5 B.Tech, CS, 2015 NA NA
SARASWAT
ISO 31000 - Certified
Professional in Risk
Management –
Foundation Level
65 AKSHAI SURESH 0.2 2.5 B.E (EXTC), 2017 MBA, 2019
ITSMS based on
ISO/IEC 20000-
1:2011 Foundation
Level
Master’s Degree
66 BHARATH KUMAR 0.3 5.8 B.Tech, 2010
in CS, 2016
DEVENDRA CEH, CNSS, API

67 0.2 3.6 BTech, 2018
YADAV Security Architect
SAP S/4 HANA Sales

68 GAGAN RJ 4.5 B.E-2016
1809 Upskilling
B.Tech (Computer
69 KAVITA CHELLANI 1.9 9 NA
Science) – 2012
Privacy Information
Management System
ISO 27701:2019,
QRC
Bachelor of CISSP Review, ISC^2
Master of Cyber
Engineering in General Data
Law and
Information Protection
Information
Technology from Regulation, Risk Pro
70 KOUSTUBH S 0.2 1.7 Security from
Rajiv Gandhi Personal Data
the National Law
Prodyogiki Protection
Institute
Vishwavidyalaya, Regulation, Risk Pro
University, 2020
2016 One Trust Certified
GRC Professional
One Trust Vendor
Risk Management
Expert
M.Tech(VLSISD)
71 MALA CHENNAIAH 0.9 5.8 B.Tech(ECE) 2007
2010
CEHv11, CDAC,
72 MAYUR GANGWAL 0.1 4.3 BE, 2016 Qualys,
Vectra
WebLogic
implementation
73 AKULA NAGESH 0.3 15.8 B.Tech(2005) specialist
soa implementation
specialist
74 NEHA RAMESH 0.2 5.4 B.Tech (ECE) PGDBA ISO 27001 LA
CyberArk Certified
Trustee, Defender,
Sentry and CDE
75 PIYUSH PAREEK 0.1 4 BE, 2017
Fortinet Network
Security Expert(NSE1
& NSE2)
PRATEEK
76 0.2 2.3 B.Com(H), 2015
SATSANGI
CISSP,
CISA,
ISO 27001 LA,
ISO 27701 LI,
Certified Ethical
SAHIL Hacker V9,
77 0.2 7 BE Computers, 2014
ACHAREKAR Certified Network
Defender V1,
AWS Certified Cloud
Practitioner,
Azure AZ 900
Fundamentals
SANTOSH ISO 27001:2013

78 0.2 2.4 B Tech
SHARMA Lead Auditor, CNSS
79 SUNIL ARAVIND 0.2 9 BE 2012 ITIL

SUBHRAJIT
80 0.2 CCNA, CEH, PCNSA
BASAK
ISO 27001 LI
GDPR- Data
protection officer
skills
FireEye Systems
SHASHANK Engineer
81 0.2 3.8 BE, 2016 NO
BHUTE Metasploit Pro
certified
CyberArk certified
trustee
Certified Ethical
hacking (attempted)
SHOBHIT MBA IT &

82 2.6 11 B.Tech (CSE) – 2007 CyberArk Certified
SINGHAL Systems, 2013
Trustee
ISO 27001:2013 LA,

Business Analytics
83 UMANG AGARWAL 0.2 5.6 B. Tech., 2015 and Data
Visualization Using R
and Tableau
84 VIJAYA ANNANGI 1.11 5.2 B.Tech(2009) M.Tech(2013)

85 OMKAR RANE 0.2 5.3 BSC, 2014 ISO 27001 LI
86 Sneha Mahulkar 0.1 1.7 B.Sc. IT 2011 M.Sc. IT 2015 CEH
87 Saif Ahmad 0.1 3.8 B. Tech, 2017 No ISO 27001 LA
BA Hons. ISO 27001- Lead
88 Sanya Kansal 0.1 6.5 LLB, 2015
Philosophy, 2010 Implementer
Chennakesavula
89 Naga Venkata Sai 0.1 3.3 B.tech(ECE) 2017 CompTIA Security +
Anitha
Cisco Certified
Network Associate -
Training certification
Master of Cyber Fortinet’s Network
Rahul Bhushan Law and Security Expert
90 0.1 0 BCA, 2017
Singh Information Certification
Security,2020 (NSE)level 1
Fortinet’s Network
Security Associate
(NSA) level 2
CISA, CDPSE,
91 Sanjay Soni 0.1 12 Bcom 2008
ISO27001 LA
92 Biswajit Das 0.1 6 B.Tech. (2014) MBA (2015)
CyberArk Defender-
No Expiry
CyberArk Sentry- No
Expiry
CyberArk certified
Delivery Eng.-
Expiry2022
93 Richa Singh 0.1 11 BCOM MHRM
AZ-900 Microsoft
certified Azure
Fundamentals-No
expiry
Certified Network
Security Specialist -
CNSS
Nikhil Maharu
94 0.1 4.4 B.E. (2014) MBA (2020) ISO 27001 LA
Borse
95 Sanka Vishnu 0.2 4 Bsc(Comp) 2014 MCA(2017)
96 Garima Singh 0.1 7 B.Tech(2011) MBA(2016
RSA Certified
97 Kritika Ambasht 0.1 5.10 B.Tech, 2015
Security Professional
Shaik Mahaboob
98 0.1 4.50 B.tech(CSE) 2012
Basha
Mannem
99 0.1
Venkatarao
Syed Inzamam
100 0.1
Firoz
101 Manish Chadha 2.4 20+ BE MBA CISA, ITIL, ISO27001
CISA, ISO27001 Lead

Auditor, Prince2
102 Manish Jain 1.1 13+ BE MBA Practitioner, ISO
22301, ISO 31000,
ISO 20000, NIST
103 Garima Saksena 0.1 17+ B.Com MBA SAP(FICO)

ISO27001 Lead
104 Ankit Panwar 2.2 7+ Btech MBA
Auditor
ISO 27001:2013
105 Snigdh Mayank 1.7 5+ B.Tech NA
Lead Implementer
ISO 27001 Lead

Auditor, AWS
Security
106 Omair Parvez 5 7+ B.Tech NA
Fundamentals,
Certified Ethical
Hacker
107 Anand Paswan 0.1 5+ B.Sc. IT MBA NA

ISO270001LA, ISO
108 Ayush Beri 1.9 5+ B.Tech NA
22301LA
ISO 27K :2013 Lead

109 Aditya Tiwari 2.8 5+ BE NA
Implementer
ISO 27001:2013
110 Pooja Tanwar 2.3 4+ BCA MCA
Lead Implementer
ISO 27001:2013
111 Paras Makhija 2.3 2+ B.Tech -
Lead Implementer
Khalid Basir
112 1.9 3+ BCA MCA
Ahmed
English honours
113 Ashish Kumar 2.5 4+ NA ISO270001LA
(BA)
114 Yash Malhotra 0.1 <1 B.Tech N/A N/A
115 Madhav Rao 0.3 0
CISA, ISO27K LA,

Neelakantan
116 2.10 12 COBIT Assessor/
Sethuraman
Implementer, ITIL
117 Bhargava Naidu 0.9 0
Ekansh
118 2.1 0
Choudhary
AWS Certified
119 Kabileshkumar K 2.1 0 Solutions Architect
Associate
ISO27K LA,Data
120 Kanagavarsha M 1 0
Privacy (One Trust)
OneTrust Certified
121 Karunya Devi 0.11 0
Privacy Professional.
ISO27K LA,CISA
(CISA Passed), OSCP
(Trained), Microsoft
Azure
122 Kharthik Kumar 1 0
Fundamentals(AZ-
900), CCNA Routing
& Switching
,CCNA CyberOps
OneTrust Certified
Privacy Professional.
Elearn Security Junior
Mohankumar
123 0.9 0 Penetration Tester
Kamaraj
Microsoft Azure
Fundamentals(AZ-
900)
OSCP, CNSS Certified

124 Rajani Sagale 0.8 4 Network Security
Specialist
125 Ruchika Markad 3.1 0 ISO27K LA

126 S Sankaran 2.1 0
Thirupuranthagam 1. OneTrust Certified
127 0.11 0
P Privacy Professional
128 Naveen Kumar 0.3 0 ISO27K LA

129 Puneet S 0.2 2
Deepak 1.ISO 27001

130
Venkatesan 2. Cloud Security
131 Karthik Gajendran 1 0 1.ISO 27001

132 Karthikeyan A 0 1.ISO 27001
133 Aswathy Mohanan 0 CEH
134 Nasreen Fathima 0 1.ISO 27001
135 SABARI KUMAR 0 1.ISO 27001
CISA, ISO 27K LA,

cloud, Oracle Cloud
136 Naveenaa M 3.6 5 Infrastructure
Associate, CCNA
CNSS
Cloud, ISO27K LA ,
LI, CISM, One Trust
Privacy Professional
Oracle Cloud
137 Shubham Swami 0.7 5 Infrastructure
Foundations (OCI)
2020 Certified
Associate
BS 10012
ISO27K LI, COBIT,

138 Suresh D 0.8 12
ITIL, Cloud
ITIL, Oracle certified

139 Ashwin Rao 0.3 6.5
Associate -2009
140 Gaurav Singh 0.2 6 ISO27K LA

ISO27K LA, CEH,
141 Adarsh Hirenallur 0.9 10
CCNA
ISO27K LA, CEH,

142 Ebin Joseph 0.6 7
ISO22301 LA
ISO27K LI,CIAM
Harshaditya
143 2.7 7 (Certified Identity
Rachapudi
and Access Manager)
ITIL, Certified Crisis

144 Rathish Raghul 0.7 0 Management
Specialist
145 Vijai K 7.2 0
Jayaprakash Prince 2, ITIL, CISA,

146 0.3 13
Reddy CEH, ISO27K LA
AML, Basell-2 &

Basell-3 trained
147 Arun Raja 0.2 0 Green Belt Trained
and Assessment
Cleared
148 Akshay Prasad 0.9 5
OSCP, ICSI |
Certified Network
149 Giridhar Ramesh 4.9 4.9
Security Specialist
(CNSS)
150 Tanmoy Bhadra 3.8 6

151 Anil Notagar 0.2 3.5
CISA, ITIL and ITSM

152 Ganesh Kumar 0.2 10 certification from
EXIN
153 Poojita Hegde 0.2 0.2

154 Sai Bhargavi 0.2 4
Sudheer
155 0.2 7 ISO27K LA
Gopalakrishnan
Karthikeyan ISO27K LA, LI, CHFI,

156 0.2 7
Chandrasekar CSA STAR,
One of the large banks in India -IT Audits including security assessments – Quarterly
assessment of Internal & External VAPT, configuration review of servers network devices and
web application security assessment as well as IT audit
One of the largest Pharma companies - Third Party Assessments - Performing IT/IS
reviews of third parties, planned to conduct approximately 1500-2000 assessments a year
One of the leading banks in India – IT Audits: Performingthemed audits across various
areas of information security such as review of critical application review, Internet Gateway
Review, ATM/Switch review, Cloud Review, Mobile Banking Review and Vendor reviews.
One of the leading hospitality companies – IT/IS assessments : Performed themed

audits for the corporate entity as well as hotel properties. The coverage included data privacy,
information security as well as technical assessments related to VAPT and configuration review.
One of the largest multinational conglomerate corporation headquartered in Tokyo.

Have been assisting the client in performing IT audits covering various domains over the last 5
years. The work has been performed in India, US and multiple other countries/cities. Detailed
IT control testing covering test of design and effectiveness have been performed for client’s
various functions.
Illustrative list of tools is as under :

 Acunetix
 Nessus
 Nmap
 Wireshark
 OpenVAS
 Nikto
 Metasploit
 Burpsuite
 Beef
 W3AF
 SQLMap
 Kali Linux
 Dradis framework
 MobSF
 Fiddler
 Custom Scripts
 Genny Motion
 Echo Mirage
 Vound Intella Pro
 X-ways forensics
 Magnet Axiom
 EnCase
 FTK
 Syhunt
 Checkmarx
 OWASP ZAP
 Paros
 Web Scarab
 Aircrack suite
 MBSA
 FOCA
 Inhouse custom scripts / Tools

We have alliance partners for tools and technologies that help us deliver the information /
cyber security audits and projects. Some of our alliance partners are: Flexera, Kaspersky etc.
Further, we have a network where in our global offices assist in providing support from a
global technology alliance perspective
12. Whether organization is a subsidiary of any foreign based organization? : Yes

if yes, give details
The parent company of Protiviti India Member Pvt. Ltd (headquartered in Gurugram) is
Independent Consultants FZE (Sharjah). Protiviti India Member Pvt. Ltd. is member firm of the
Protiviti Inc. Protiviti Inc. is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in
1948, Robert Half is a member of the S&P 500 index.
The parent company of Protiviti India Member Pvt. Ltd (headquartered in Gurugram) is
Independent Consultants FZE (Sharjah). Protiviti India Member Pvt. Ltd. is member firm of the
Protiviti Inc. Protiviti Inc. is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in
1948, Robert Half is a member of the S&P 500 index. Offices of Protiviti Inc. and the member
firms are spread across 75+ offices across 27 countries.
Australia:-
1. Level 32, 10 Eagle Street, Brisbane, QLD, 4000, Australia
2. Level 12, 14 Moore Street, Canberra, ACT, 2601, Australia
3. Level 39, 140 William Street, Melbourne, VIC, 3000, Australia
4. Level 19, St. Martin's Tower, 44 St. Georges Terrace, Perth, WA, 6000, Australia
5. Level 24, No 1 Martin Place, Sydney, NSW, 2000, Australia.
China:-
6. Unit 718, China World Office 1, No. 1 Jianguomenwai Street, Chaoyang District,
Beijing, China
7. 9th Floor, Nexxus Building, 41 Connaught Road, Central, Hong Kong S.A.R., China.
8. Rm. 1915-16, Bldg. 2, International Commerce Centre, No. 288 South Shaanxi Road,
Shanghai, 200030, China.
9. Unit 1404, Tower One, Kerry Plaza, No. 1 Zhong Xin Si Road, Futian District,
Shenzhen, 518048, China.
Japan:-
10. Osaka Center Building 13F, 4-1-3 Kyutaro-machi, Osaka, 27, 541-0056, Japan.
11. Ote Center Building, 1-1-3 Ote-machi, Tokyo, 13, 100-0004, Japan.
Singapore: -
12. 9 Raffles Place, #40-02 Republic Plaza I, 048619, Singapore.
Bahrain:-
13. Platinum Tower, 17th Floor Bldg 190, Road 2803, Block 428, Seef, P.O. Box 10231,
Manama, Bahrain.
France:-
14. 15-19 rue des Mathurins, Paris, 75009, France.
Germany:-
15. Protiviti GmbH, Upper West (27th Floor) Kantstr. 164, 10623, Berlin, Germany.
16. Protiviti GmbH, Kennedydamm 24, 40476, Düsseldorf, Germany.
17. Mainzer Landstraße 50, 60325, Frankfurt, Germany.
18. Sendlinger Straße 12, 80331 München, Germany.
Italy:-
19. Via Tiziano, 32, Milan, MI, 20145, Italy.
20. Via Bissolati 76, Rome, RM, 00187, Italy.
21. Via Viotti, 1, Turin, TO, 10121, Italy
Kuwait:-
22. Al Shaheed Tower, 4th Floor, Khaled Ben Al Waleed Street, Sharq, P.O. Box 1773,
Safat, 13018, Kuwait.
Netherlands:-
23. SOM 1 building (Floor M); Gustav Mahlerlaan 32; 1082 MC Amsterdam, Netherlands.
Oman:-
24. Al Ufuq Building, Shatti Al Qurum, P.O. Box 1130, Ruwi, PC 112, Oman.
Qatar:-
25. Palm Tower B, 19th Floor, P.O. Box 13374, West Bay Doha, Qatar.
Saudi Arabia:-
26. Al-Ibdaa Tower, 18th Floor, King Fahad Branch Road, Al-Olaya, Building No. 7906,
P.O. Box 3825, Riyadh, 12313, Saudi Arabia.
South Africa:-
27. Suite 1A, 100 On Armstrong, La Lucia, Durban, 4051, South Africa.
28. 15 Forest Rd, Building 1 Waverley Office Park, Johannesburg, 2090, South Africa.
United Arab Emirates:-

29. 9th Floor, Al Ghaith Holding Tower, Airport Road, P.O. Box 32468, AZ, United Arab
Emirates.
30. U-Bora Tower 2, 21st Floor, Office 2104, Business Bay, P.O. Box 78475, DU, United
Arab Emirates.
United Kingdom:
31. Colmore Building, 20 Colmore Circus, Queensway, Birmingham, B4 6AT, United
Kingdom.
32. Whitefriars, Lewins Mead, Bristol, BS1 2NT, United Kingdom.
33. The Bourse, Boar Lane, Leeds, LS1 5EQ, United Kingdom.
34. Protiviti Limited, The Shard, 32 London Bridge Street, London, SE1 9SG, United
Kingdom.
35. 8th Floor, The Zenith Building, 26 Spring Gardens, Manchester, M2 1AB, United
Kingdom.
36. Pinnacle Mews, 1 Grafton Mews, Milton Keynes, MK9 1FB, United Kingdom.
37. Suite B, Ground Floor, The Stella Building, Whitehall Way, Swindon, SN5 6NX, United
Kingdom.
Bulgaria:-
38. 146, Vitosha blvd., entrance B, 3rd floor, office 32, Sofia 1000, Bulgaria.
Egypt:-
39. Cairo Complex, Ankara Street, Bureau 1, Second Floor Sheraton Area, Heliopolis,
Cairo, Egypt.
Switzerland:-
40. Bahnhofpl. 9, 8001 Zürich, Switzerland.
Argentina:-
41. Alicia Moreau de Justo 1150, piso 3, oficina 306A, (CPAAX1107), Dock 8, Puerto
Madero, Ciudad Autónoma de Buenos Aires, Argentina.
Brazil:-
42. Rua Antonio de Albuquerque, 330, 8º andar Savassi, Belo Horizonte, MG, Brazil
43. Av. Rio Branco, 109, Cj. 702, 7º andar, Rio de Janeiro, RJ, 20040-004, Brazil.
44. Rua James Joule 65-5º andar, Sao Paulo, SP, 04576-080, Brazil.
Chile:-
45. Alonso de Córdova 5320, Off 1905 Las Condes, Santiago, RM, Chile.
Mexico:-
46. Paseo de la Reforma 243 P18, Mexico, DIF, 06500, Mexico.
Peru:-
47. Amador Merino 307 Of. 501, 27, LIM, 15046, Peru.
Venezuela:-
48. Av. La Estancia, CCCT Pirámide Invertida, Piso 6, Oficina 612, Urb. Chuao, Municipio
Chacao Codigo Postal 1064 Estado Miranda Caracas, Venezuela.
Colombia:-
49. Calle 95 con Carrera 15, Edificio 14-48, Oficina 305, Bogota, 110221, Colombia.
Canada:-
50. 487 Riverbend Dr, 3rd Floor, Kitchener, ON, N2K 3S3, Canada.
51. 1, Place Ville Marie, Suite 2330, Montréal, QC, H3B 3M5, Canada.
52. Brookfield Place, 181 Bay Street, Suite 820, Toronto, ON, M5J 2T3, Canada.
United States:-
53. 1640 King Street Suite 400, Alexandria, VA, 22314.
54. Regions Plaza, 1180 West Peachtree St., NE Suite 400, Atlanta, GA, 30309.
55. 1 East Pratt Street, Suite 900, Baltimore, MD, 21202.
56. Oliver Street Tower, 125 High Street, 17th Floor, Boston, MA, 02110.
57. 201 South College Street, 15th Floor, Suite 1500, Charlotte, NC, 28244.
58. 101 North Wacker Drive, Suite 1400, Chicago, IL, 60606.
59. PNC Center, 201 E. Fifth Street Suite 700, Cincinnati, OH, 45202.
60. 1001 Lakeside Avenue, Suite 1320, Cleveland, OH, 44114.
61. 13727 Noel Road, Suite 800, Dallas, TX, 75240.
62. 1125 Seventeenth Street, Suite 825, Denver, CO, 80202.
63. 200 E. Broward Blvd, Suite 1600, Ft. Lauderdale, FL, 33301.
64. 600 Travis Street, 8th Floor, Houston, TX, 77002.
65. 135 N. Pennsylvania St, Suite 1700, Indianapolis, IN, 46204
66. 9401 Indian Creek Parkway, Suite 770, Overland Park, KS, 66210
67. 400 S. Hope Street, Suite 900, Los Angeles, CA, 90071.
68. 411 E. Wisconsin Avenue, Suite 2150, Milwaukee, WI, 53202-4413
69. 225 South Sixth Street, Suite 1730, Minneapolis, MN, 55402
70. 888 7th Ave 13th Floor, New York, NY, 10106
71. 301 E. Pine St, Suite 225, Orlando, FL, 32801
72. 1700 Market Street, Suite 2850, Philadelphia, PA, 19103
73. Airport Tech Center 4127 E. Van Buren Street, Suite 210, Phoenix, AZ, 85008
74. 1001 Liberty Ave, Suite 400, Pittsburgh, PA, 15222
75. 222 SW Columbia St, Suite 1100, Portland, OR, 97201
76. 1051 East Cary St., Suite 602, Richmond, VA, 23219
77. 2180 Harvard St., Suite 250, Sacramento, CA, 95815
78. 3451 N. Triumph Blvd., Suite 103, Lehi, UT, 84043
79. 555 Market Street, Suite 1800, San Francisco, CA, 94105
80. 10 Almaden Blvd., Suite 900, San Jose, CA, 95113.
81. 601 Union St., Suite 4300, Seattle, WA, 98101
82. 1401 S. Brentwood Blvd, Suite 715, St. Louis, MO, 63144
83. 263 Tresser Blvd., 12th Floor, Stamford, CT, 06901
84. Corporate Center III, 4221 Boy Scout. Blvd., Suite 450, Tampa, FL, 33607
85. 1751 Pinnacle Dr., Suite 1600, Mclean, VA, 22102
86. 131 Frogale Ct., Winchester, VA, 22601
87. 10 Woodbridge Center Dr., Woodbridge, NJ, 07095
Switzerland:-
88. Bahnhofpl. 9, 8001 Zürich, Switzerland
India:-
89. 77º Town Centre, Ground Floor (East Wing), Building 3 Block B, Divyasree Technopolis
Yemalur, Bengaluru, KA, 560037, India
90. 4th Floor, A Wing, Alexander Square, No 2, Sardar Patel Road, Little Mount, Guindy,
Chennai, TN, 600032, India
91. Q City, 5th Floor, Block A, Survey No. 109, 110 & 111/2, Nanakramguda Village,
Serilingampally Mandal, R.R. District, Hyderabad, TG, 500 032, India
92. PS Srijan Corporate Park, 1001B, 10th floor, Tower-2, Plot No. 2, Block EP & GP,
Sector –V, Salt Lake City, Kolkata, WB, 700091, India
93. 1st Floor, Godrej Coliseum, Unit No 101, B Wing, Somaiya Hospital Road, Sion (East),
Mumbai, MH, 400 022, India
94. 15th Floor, Tower A, DLF Building No. 5, DLF Phase III, DLF Cyber City, Gurgaon, HR,
122002, India
*Information as provided by Protiviti India Member Pvt. Ltd. on 07.07.2021
Back
M/s eSec Forte Technologies Pvt. Ltd.
M/S ESEC FORTE® TECHNOLOGIES PRIVATE LIMITED
Registered Address:
DELHI: A-2/10, A-2 Block, Rohini Sector- 5, New Delhi – 110085
Corporate Office (Mailing Address):

GURUGRAM:Plot No. 311,Jwala Mill Road, Udyog Vihar Phase- IV,
Gurugram – 122015, Haryana, India
Branch Office:
BANGALORE:143, 3rd Floor, 10th Cross, Indira Nagar 1st Stage,
Bangalore – 560038, Karnataka, India
MUMBAI:Plot C-59, Bandra Kurla Complex, Bandra East, Mumbai-
400051, Maharashtra, India
2. Carrying out Information Security Audits since :

<2011>
 Network security audit : (Yes)

 Web-application security audit : (Yes)
 Mobile-application security audit : (Yes)
 API security audit : (Yes)
 Cloud Security Assessment : (Yes)
 Wireless security audit : (Yes)
 Compliance audits (ISO 27001, PCI, etc.) : (Yes)
 Firewall Audits : (Yes)
 Digital Forensic Investigations : (Yes)
 Red Team Assessment : (Yes)
 Source Code Review : (Yes)
 Penetration Testing : (Yes)
 Vulnerability Assessment : (Yes)
 Incident Response : (Yes)
Govt. : 5+
PSU : 5+
Private : 75+

Network security audit :

<20+>
Web-application security audit :
<20+>
Red Team Assessment : <5+>
Wireless security audit : <5+>
Forensic Analysis and Incident Response : <5+>
Compliance audits (ISO 27001, PCI, etc.) :
<10+>
CISSPs : <2>
CISM : <3>
OSCP : <6>
BS7799 / ISO27001 LAs : <3>
CISAs : <2>
CEH : <20+>
PCI QSA : <1>
CCSK : <1>
CHFI : <1>
CDFE : <1>
CTIA : <1>
ECIH : <1>
Others : <20+>
S. Name of Duration with Experience Qualifications related to Information

No. Employee <eSec Forte in security
Technologies> Information
Security
1 Sachin 2011 15Years CISSP, PCI QSA, CEH, CDFE, ISO
Kumar 27001,Nexpose Certified Administrator,
Metasploit Certified Administrator,B.Tech
2 Saurabh S 2017 14 Years B.Tech, MS in Cyber Law and Security ,
MCSE: Security, ITIL V3,ECSA, CyberarK
Vault Administrator, CPISI – PCI DSS
v3.2, Sourcefire Certified Professional,
Qualys Guard Security Expert.
3 Kunal Bajaj 2013 12 Years ISO 27001, B.Tech, MBA
4 Mohit Mittal 2015 14 Years CISM, CISA, AWS CSA, PMP
5 SB 2020 20 Years ISO 27001LA, CISM, CCSK
6 PK 2020 20+ CISSP, CISA, CISM, Certified RSA SE In
ASOC, MBA
7 JK 2016 6 Years M.Tech, B.Tech, CEH, Tufin Certified
Engineer
8 VR 2017 4 Years B.E., RHCE, RHCSA
9 VR 2019 6 Years ISO/IEC 27001:2005 Lead Auditor,
Certified Cyber Security Expert, Master of
Science in Cyber Law & Information
Security
10 S.C 2019 5 years OSCP, MCA, BCA
11 TS 2018 3 years OSCP, Tenable Certified Associate,
Fortinet’s Network Security Expert
Certification
12 AS 2019 1.5 years OSCP
13 DS 2019 10 Years Microsoft Certified: Azure Security
Engineer Associate, Palo Alto Networks
PSE,Certified Incident Handler (ECIH),
OPSec for ICS (DHS, US), Certified Threat
Intelligence Analyst (CTIA), CHFI
14 SS 2018 3 years OSCP, Fortinet’s Network Security Expert
Certification
15 Md. S 2019 4 Years OSCP, Certified Red Team Professional,
MCA, BCA
16 VS 2019 1.5 years OSCP, CEH
17 AK 2019 5 Years CEH
18 VP 2018 10 Years CyberArk Vault Administrator, Tufin
Certified Engineer, CCNP, CCNA
19 AC 2014 7 years TCSE, CMO
20 HK 2018 5 years TCSE, CEH, Tenable Certified Associate
21 AS 2019 5 Years TCSE, RHCE, RHCSA, Tenable.se Cert,
B.Tech
22 AT 2020 2 years Associate of ISC2 – CISSP, Certified
Ethical Hacker, CompTIA Security+
23 AW 2018 3 years ICSI – CNSS, AWS Security, Fortinet’s
Network Security Expert Certification,
24 RS 2019 3 years AWS Cloud Practitioner Essentials, Splunk
Infrastructure Overview, ICSI, UK –
Certified Network Security Specialist,
Splunk UBA
25 MS 2020 2.5 years ISO 27001:2013
26 MC 2020 1 year ISO 27001 : 2013 Lead Auditor
o Conducting Network Audit for Govt. Entity across 100+ locations for 10,000+
End points.
o Performed Audit of 100+ Applications for a large Business Process
Organization across different environments
o Performed Application Audit of~ 50 WAPT of very large and complicated
applications.
• Metasploit
• Nexpose
• Nessus
• Nipper
• Netsparker
 HCL App Scan
• Checkmarx
• Burp Suite
• Nmap
• SSLScan
• Wireshark
• Immunity Canvas
• Immunity Silica
• Hak5 (Pineapple Wifi)
• Social Engineering Toolkit
• Kali Linux
• Aircrack-ng
• Ettercap
• John the Ripper
• Kismet
• Maltego
• Cuckoo
• Volatility
• sslstrip
• hping3
• dnswalk

Yes, eSecForte Technologies is partner with multiple OEM Companies such as Tenable,
AccessData, Cato Networks, Tufin, BeyondTrust, OpenText, Logrhythym, HCL Software,
Microfocus etc. for Information Security and Forensic Products.
eSec Forte acts as Value Added Partner for these companies and is involved in Pre-Sales,
Implementation and Post-Sales activities.

Singapore : eSec Forte® Technologies Singapore PTE Ltd.

1 North Bridge Road, #11-10, High Street Centre, Singapore 179094 P: +65 31650903
Sri Lanka :eSec Forte Technologies Sri Lanka Pvt. Ltd.

Level 26 & 34, East Tower, World Trade Center, Echelon Square, Colombo, 00100, Sri Lanka
*Information as provided by <eSec Forte® Technologies Private Limited> on <29

December 2020>
Back
M/s Talakunchi Networks Pvt Ltd
Talakunchi Networks Pvt. Ltd., Mumbai

 Mobile Security audit : Yes
 Red Team and Blue Team Assessments : Yes
 Source Code Review : Yes
 Web and Mobile Application Security Testing (VAPT) : Yes
 Network, Server and Firewall Security Testing (VAPT) : Yes
 Vulnerability Assessment and Configuration Assessment : Yes
 SAP Security Audits : Yes
 IOT, Embedded and SCADA Security Assessments : Yes
 Cyber Security Threat Analysis : Yes
 Compromised Assessments : Yes
 Incidence Management and Response : Yes
 Reverse Engineering and Forensic Assessments : Yes
 Building & Maintaining Security Operations Centre (SOC) : Yes
 Managed Security Services (MSS) : Yes
 Managed Detection and Response (MDR) : Yes
 Security Awareness Trainings : Yes
 Physical Access Controls & Security Testing : Yes
 Business Continuity Disaster Recovery Planning (BCP-DRP) : Yes
 Regulatory Compliance Implementation and Management
(RBI, NCIIPC, IRDA, ISNP, SEBI, TRAI) : Yes
 International Cyber Security Framework
(ISO, NIST, ISACA, SANS, CIS) : Yes
Govt. : 4
PSU : NA
Private : 50+


Mobile Security audit : 15+
CISSPs : NA
BS7799 / ISO27001 LAs : NA
CISAs : 2
DISAs / ISAs : NA
20CEH, 2 OSCP, 8ECIH, 7 CTIA, 5 ECSA, 2 CHFI, 1 ECSP.Net, 7
CCNA
47
S. Name of Duration with Experience in Qualifications

No. Employee <organization> Information related to
Security Information security
1 Rahul Gala 4.5 Years 12.5 Years BE, OSCP, CISA, CEH,
ECSA, ECSP,GCIH, CEI
2 Vishal Shah 4.5 Years 12.5 Years BE, OSCP, CISA,
CEH,GCIH, FireEye
3 Pranjali Shah 4.5 Years 7.2 Years BE
4 Sujal Shah 4.5 Years 7.2 Years BE
5 Harshil Shah 4.2 Years 4.2 Years BE, CEH, ECSA, CTIA,
ECIH
6 Atik Vora 4.2 Years 4.2 Years BE, ECSA, ECSA
Practical, ECIH
7 Krishna Dasari 3 Years 3 Years BE
8 Narendra 2.5 Years 3 Years BE
Vishwakarma
9 Talha Sayed 2.5 Years 2.5 Years BE, CEH, ECSA, ECSA
Practical
10 Musharraf Khan 2.5 Years 2.5 Years BE, CEH, ECSA
11 Faisal Sonalkar 2.5 Years 2.5 Years BSc, CEH, CCNA
12 Saad Sonalkar 2.5 Years 2.5 Years BE, CEH
13 Sanket Patil 2 Years 2 Years MCA
14 Viraj Nayak 2 Years 2 Years BSc Comp
15 Nitesh Singh 1.5 Years 1.5 Years BE, CEH
16 Omkar Mane 1 Year 1 Year BE, CEH
17 Shahid Shaikh 1 Year 1 Year BE, CEH
18 Ravindra Auti 1 Year 1 Year MCA, CEH
19 Prajay Shetty 1 Year 1 Year BE, CEH
20 Harsh Bhanushali 1 Year 1 Year MSc
Private Sector Bank

 Application Penetration Testing – 90+ Web Application, 8 Mobile Applications, 20+ API
 Infrastructure Penetration Testing – 2000+ IP Addresses Quarterly Basis
 Configuration Audit – 2000+ Servers & Network Devices Half Yearly
 Security Solutions Review – 40 Devices of 8 different category of devices
Project Term – 1.5 Years

Project Value – Approx. 1 Cr
Squad1 (Proprietary)
Burp Suite Professional
MicroFocus Fortify
MicroFocusWebInspect
Nessus Professional
QualysGuard
Kali Linux
Metasploit
SQLMAP
Wireshark
ZAP
Charle’s Proxy
Netsparker
Nikto
CSRF Tester
Wapiti
Fiddler
SQL Ninja
W3af
WinHex
WebScarab
IDAPro
Drozer
MobSF
Nmap
Aircrack-ng
Cain & Able
JohnTheRipper
IronWasp
Nagios
Social Engineer Toolkit


*Information as provided by Talakunchi Networks Pvt. Ltd. on 29-Dec-2020
Back
M/s A3S Tech & Company
A3S Tech & Company.

Registered Office- A/95 Kamla Nagar, Delhi- 110007.
Corporate Office- 1314, 13th Floor, Devika Tower,
Nehru Place, New Delhi- 110019

 Compliance audits (ISO 27001, ISO 22301, ISO 27701
PCI, GDPR, HIPPA etc.) (Y/N) : Yes
 Mobile Application Security Audit (Y/N) : Yes
 ERP Audit (Y/N) : Yes
 Payment Gateway Audit (Y/N) : Yes
 Compliance audit as per Government of India
guidelines (Y/N) : Yes
 Cloud Security Review (Y/N) : Yes
 Swift Review (Y/N) : Yes
 Concurrent/ Continuous Audit (Y/N) : Yes
 Data Privacy audits (Y/N) : Yes
 Regulatory audit as per guidelines by
RBI, IRDA, SEBI, UIDAI etc (Y/N) : Yes
Govt. : Nil
PSU : Nil
Private : 10+


BS7799 / ISO27001 LAs : 2

CISAs : 3
DISAs / ISAs : 1
1. Sagar Gupta 6+ years 8+ years CISA, ISA/DISA, ISO
27001 LA, CEH,
CDPSE
2. Arpita Gupta 6+ years 8+ years ISO 27001 LA
3. Akash Goel 1+ years 6+ years CISA
4. Vidhya Jayaraman 2+ years 4+ years CISA
5. Mahendra Pratap 1+ years 3+ years CEH

Singh
 Consultancy for Data Privacy and GDPR compliance for multiple locations in India for
Rs 15 lakhs+
 Consultancy for implementing ISO 27001for multiple locations for 10 lakhs+
• Nmap
• Backtrack kali linux
• Custom Scripts and tools.
• Metasploit Framework, Netcat , BeEf
• Wireshark
• Tenable Nessus
• Burpsuite
• SQL Map
• Tamper Data
• Directory Buster
• Nikto
• Ettercap
• Webscarab
• Veda
• Backtrack
• Meta Sploit
• A3S customised scripts


*Information as provided by <A3S Tech & Company > on October 25, 2020
Back
M/s Andhra Pradesh Technology Services Ltd
Andhra Pradesh Technology Services Ltd.

(Govt. of AP Undertaking)
Location: Vijayawada
 Network security audit : (Yes)

 Web-application security audit : (Yes)
 Mobile Application Security audit : (Yes)
 Wireless security audit : (Yes)
 Compliance audits (ISO 27001) : (Yes)
 Infrastructure Audits : (Yes)
 Source Code Review : (Yes)
 Configuration Review (OS, DBMS & Network Devices) : (Yes)
 Remediation Consulting : (Yes)
 RedTeam Assessment : (Yes)
Govt. : 371+
PSU : 5+
Private : 00


RedTeam Assessments : 15+
CISSPs : 00
BS7799 / ISO27001 LAs : 06
CISAs : 05
DISAs / ISAs : 00
1. ISMS : 01
2. OSCP : 01,
3. CEH : 04,
4. ECSA : 01,
S. Name of Employee Duration with Experience in Qualifications related

No. <organization> Information Security to Information security
1 Dr.G Jacob Victor 25-04-1998 17+ years PhD, ISMS, CISA
2 K.Dhavuryan Naik 14-08-1998 2+ years CISA, ISO 27001
3 K.Chandrasekhar 28-10-1992 2+ years CISA, ISO 27001
Reddy
4 P.Srinivasulu 06-04-1998 2+ years CISA, ISO 27001
5 M.SobhanBabu 30-06-1998 2+ years ISO 27001
6 PPV Satyanarayana 10-07-1992 2+ years ISO 27001
7 P.V Reddy 28-03-1998 2+ years ISO 27001
8 Ch. Venkateswara Dec, 2018 6+ years M.Tech, CISA, OSCP,
Reddy CEH,Nessus, Nessus
Security Center, Qualys
9 S. Mohana Krushna Mar, 2019 4+ years CEH
10 A KS Prabhat Verma Mar, 2018 2+ years CEH, Qualys (VM)
11 G.Yaswanth Kumar Jan, 2019 2+ years CEH, Qualys (VM)
12 T.Sreeja Dec, 2017 2+ years M.Tech (Cyber
Security) Qualys (VM)
13 G. Raghuveera July, 2017 3+ years Qualys (VM)
14 K.SriPraveena Sep, 2018 2+ years ECSA, Qualys (VM)
15 N.Durga Pavani Feb, 2019 2+ years Qualys (VM)
S.No Name of Scope of work Value

Client
Department
1. AP Transco The scope covers Transco infrastructure Inter
which transmits power to the DisComs who Departmental
further distribute the power further entire within the AP
Andhra Pradesh. State
The audit scope covers applications cover in Government
the Fire wall rule set review, Configuration
scanning of IT Assets, Application Security
scanning, Internal vulnerability scan, External
vulnerability scan, Internal and external
penetration testing.
2. Department of The Scope covers department centralized Inter

Municipal web portals along with the individual Departmental
Administration applications of 100+ Municipalities. The within the AP
assessment scope covers Application Security State
scanning, Internal vulnerability scan, External Government
vulnerability scan, Internal and external
penetration testing.
3. AP State Data The scope covers IT infra and security audit. Inter
Centre The audit scope covers applications cover in Departmental
the Fire wall rule set review, Configuration within the AP
scanning of IT Assets, Internal vulnerability State
scan, External vulnerability scan, Internal and Government
external penetration testing.
9. List of Information Security Audit Tools used (Commercial/ freeware/proprietary):

commercial:Acunetix, Burp Suite, Nessus, Nexpose, Metasploit.
Freeware: Kali Linux open source tools and MobSF ..etc

*Information as provided by Andhra Pradesh Technology Services Ltd on22/10/2020
Back
M/s Bharti Airtel Service Limited
Bharti Airtel Service Ltd

Plot# 16, UdyogViharPhase-IV
Sector 18, Gurgaon-122016
2. Carrying out Information Security Audits since : 2015-

16

 Compliance audits (ISO 27001, PCI, etc.) (Y/N) – Y
(Assessments)
Govt. : <number
of>
PSU : 1
Private : 7


Wireless security audit : NA
CISSPs : NA
BS7799 / ISO27001 LAs : 4
CISAs : 2
DISAs / ISAs : NA
Any other information security qualification :CISM – 4, CEH - 8
S. Name of Duration Experience in Qualifications related to

No. Employee with BASL Information Information security
Security
1 Aamir Banday 5 7 CISM, CEH, ISO27001
LA/LI, PCI DSS (QSA)
2 Ekta Bhurani 5 6 CEH, ISO27001 LA/LI
3 Ummed Meel 0.3 5 CEH, ISO27001 LA
4 Navneet Kumar 1.2 5 CEH, ISO27001 LA
5 Garima Maithani 1.3 1.3 CEH, ISO27001 LA
6 Ankit Gautam 1.3 1.3 CEH, ISO27001 LA
7 Saumya Yajurvedi 1.2 5 CEH, ISO27001 LA
8 Arvind Bhat 2 15 CISM, ISO27001 LA
9 Ashutosh Makkar 2.2 6 CISM, CEH, ISO27001 LA
10 Suchet Pajani 1.3 5 CISM, CEH, ISO27001 LA
11 Manish Tiwari 3.5 20 CISA, ISO27001 LA
Vulnerability Management, Penetration Testing, Firewall Assurance services for the

customer with user base of 4000+ nos, and with DC, DR and Cloud base Infra set-up.
The project value is ~2.5 Million per year.
The Services included Quarterly Vulnerability Management, and Half-Yearly

Penetration Testing & Firewall Assurance / assessment services. The locations included
Noida, and Bangalore.
1. BurpSuite
2. SQLMap
3. Acunetix
4. Nikto
5. HOLM Security
6. ZAPProxy
7. MetasploitFramework
8. Wireshark
9. Dirbuster


*Information as provided by Bharti Airtel Services Limited on 23-Oct-2020
Back
M/s Codec Networks Pvt Ltd
Codec Networks Pvt Ltd

507, New Delhi House, Barakhamba Road, New Delhi 110001
+91 9971676124, 9911738718, 011-43752299, 011-43049696
mktg@codecnetworks.com
 Network Security Audit (Y/N): Yes

 Web-application Security Audit (Y/N): Yes
 ERP and SAP Application Security Audit (Y/N): Yes
 Mobile Application Security Audit: Yes
 IoT Security Audit: Yes
 IT and OT SCADA System Security Audit (Y/N): Yes
 Wireless Security Audit (Y/N): Yes
 SDLC Review and Code Security Review: Yes
 Compliance audits (ISO 27001, ISO 27701, GDPR, SOC 2
ISO 20000, ISO 22301, HIPAA, PCI-DSSetc.) (Y/N): Yes
 IT Risk Assessments: Yes
 Formation and Review of IT Security Policy: Yes
 Business Continuity Planning / Disaster Recovery Audit: Yes
 IT General Controls Review: Yes
 Information Security Awareness and Trainings: Yes
 RBI Compliance Audit: Yes
 Aadhaar (UIDAI AUA/KUA) Compliance Audit: Yes
 ISNP Audit: Yes
 IT Security Due Diligence Audits: Yes
 Configuration Audits: Yes
Govt. : 14
PSU : 09
Private : 138


Compliance audits (ISO 27001, PCI, etc.): 08
IT Risk Assessments: 06
Formation and Review of IT Security Policy: 14
Mobile Application Security Audit: 24
IoT Security Audit: 02
SDLC Review and Code Security Review: 04
IT General Controls Review: 02
Configuration Audits: 09

CISSPs : 00
BS7799 / ISO27001 LAs : 03
CISAs : 01
DISAs / ISAs : 00
Any other information security qualification:10
S. Name of Employee Duration with Experience Qualifications related to
No. Codec Networks in Information security
Pvt Ltd Information
Security
CISA, CRISC, ISO 27001
LA, ISO 22301 LA, ISO
3001 RM, GDPR-CDPO,
Certified Payment Card
01 Mr. Rajendra Kathal 3 Years 16+ Years Industry Security
Implementer, COBIT5
Foundation, CEH, ISO
9001:2008, BS 15000,
ITIL v4 Foundation
ISO 27001 LA, BS 25999
Mr. Rajesh LA, ISO 31000 RM, ISO
02 5.5 Years 16+ Years
Sandheer 50001 LA, CDCP, Project
Management
03 Mr. Piyush Mittal 10+ Years 8+ Years BCA
04 Ms. Ritu Pandey 6+ Years 8+ Years MCA, ISO 27001 LA, CEH
MCA, OSCP, CEH, CASE,
Mr. Saurabh
05 5+ Years 5+ Years Seqrite Certified Endpoint
Bhardwaj
06 Mr. Gaurav Pant 4+ Years 4+ Years BCA, CEH
M.S in Cyber Security,
07 Mr. Rahul Kumawat 3+ Years 5+ Years CEH, ISCI CNSS, Fortinet
NSE 1 & 2
Mr. Amol
08 2.5+ Years 2.5+ Years MBA (ITBM)
Waghmare
09 Mr. Milan Singh 2.5+ Years 2.5+ Years B.Tech (CSE)
Mr. Shantanu
10 .5+ Years 1.5+ Years B.Tech (CSE), CEH, ECSA
Jahked
Project 1 The client is a reputed scheduled commercial bank(Client Name is kept

confidential due to signed NDA and taking care sensitivity of Data
Security)
Nature of Project Work: Review and gap assessment of IT Security
Policy, IT Policy, Cyber Security Policy, Vendor Management Policy, BCP
Policy, IS Policy, Antivirus policy.
PO Value of the one cycle of assessment was 1.25 Lacs.
Project 2 The client is a reputed Indian private sector enterprise involved in

power generation, infrastructure, construction and defence (Client
Name is kept confidential due to signed NDA and taking care sensitivity
of Data Security)
Nature of Project Work: During the Audit, the IT General Controls
function were reviewed to gauge the effectiveness, to ensure the
integrity of the data and processes that the IT systems support such as
applications, operating systems, databases, and supporting IT
infrastructure.
PO Value of the one cycle of assessment was 2.75 Lacs
Project 3 The client is a prominent organization in healthcare industry which

specializes in root cause analysis of patient’s health problems to design
personalized health interventions with an online web/mobile application.
(Name kept confidential due to NDA signed).
Nature of project Work: Provided Comprehensive HIPPA and GDPR
compliance Consultancy, GAP Analysis and Risk Assessment, HIPPA and
GDPR Policies implementation and Process Review with ISO 27001.
Data Protection Policy Formulation, Documentation, HIPPA and GDPR
Internal Audit, HIPPA and GDPR Awareness Trainings.
PO Value of the one-year contract terms was 6.8 Lacs
Project 4 The client is one of the top Fintech start-ups specialise in offering
personal loan, credit card and personal credit line to consumers. (Client
Name is kept confidential due to signed NDA and taking care sensitivity
of Data Security)
Nature of Project Work: Comprehensive Security Assessment (VAPT)
testing for 03 web applications including and 02 mobile application.
PO Value of the one cycle of assessment was 1.25 Lacs.
Project 5 The client provides one stop solution to industry clients for all their
supply chain management needs, from technology development to
analytics. (Name kept confidential due to NDA signed).
Nature of project Work: Provided Comprehensive IT Security
Consultancy, GAP Analysis and Risk Assessment, Security Policy and
Process Review with ISO 27001 and ISO 27701 Data Protection Policy
Formulation, Documentation, Cloud Infrastructure and Cloud Application
Security Audit, Internal Audit and Certification, Security Awareness
Trainings.
PO Value of the one-year contract terms was 5.50 Lacs.
Project 6 The client is one of the fastest growing Insurance Company in India
offer a wide choice of life and general insurance policies available with
multiple insurance companies. (Client Name is kept confidential due to
signed NDA and taking care sensitivity of Data Security)
testing for 10 web applications including API Testing and 04 Mobile
Application.
PO Value of the one year contract terms was 2.80 Lacs.
Project 7 The Client is a reputed NBFC Public Sector Undertaking (PSU) with their
HQ in New Delhi and 4 branch offices around India. (Client Name is
kept confidential due to signed NDA and taking care sensitivity of Data
Security)
Nature of Project work: Provided Comprehensive IT Security
Process Review with ISMS and BCMS Policy Formulation and
Documentation, Internal and External Network Vulnerability Assessment
Penetration Testing, Security Configuration Review, Final IT Security
Audit. Security Awareness Trainings.
Project 8 The clients is is a prominent organization in healthcare industry which

specializes in root cause analysis of patient’s health problems to design
personalized health interventions with an online web/mobile application.
(Name kept confidential due to NDA signed).
Nature of project Work: Provided Comprehensive IT Security
Process Review with ISO 27001 and ISO 27701 Data Protection Policy
Formulation, Documentation, Cloud Infrastructure and Cloud Application
Security Audit, Internal Audit and Certification, Web and Mobile
Application Vulnerability Assessment Penetration Testing, Security
Configuration Review, Security Awareness Trainings.
Project 9 The client is a reputed Information Security Services Provider in Israel

( Client Name kept confidential due to signed NDA)
Nature of Project Work : Provide comprehensive security assessment
tests for 16 web applications, 02 mobile applications, Source Code
Review, Network Penetration testing and Configuration Review Services.
Project 10 The client provides AI-powered based products and Data Science
Analytics based services in India, US, UK, Singapore, Dubai (Name kept
confidential due to NDA signed).
testing for 05 web applications including API testing, External Network
security assessment for 27 Public IPs, Internal Networks Security
Assessment and configuration audit services for more than 225 nodes
including wireless devices, network devices, servers and security
devices.
Project 11 The Client is one among top Manufacturing Industry in Delhi NCR and
exporter from India and provides Sports and Outdoor products in
coloration from European countries. (Name kept confidential due to
sensitivity and security of the project work and NDA signed).
Nature of Project Work: Provided Comprehensive IT Security
Process Review with ISO 27001 and Data Protection Policy Formulation,
Documentation, Internal and External Network Vulnerability Assessment
Penetration Testing, Security Configuration Review, Enterprise Security
Set up, Security Threat Monitoring and SOC Services. Security
Awareness Trainings.
Project 12 The Client is a Global Leader in Mobile Financial Services & Payment
Solutions and pioneers in m-commerce solutions provider based in India
and Middle East. (Name kept confidential due to sensitivity and security
of the project work and NDA signed).
Nature of Project Work: Security Assessment (VAPT) Testing for 06 web
applications including payment gateway and API testing, 02 mobile
applications along with source code review and performance testing
services.
Tenable Nessus Professional Burp Suite Professional Acunetix

GFI LanGuard HP Web Inspect Nmap
Metasploit Pro Nexpose QualysGuard
Kali Linux Framework – Netcat, Cryptcat, Hping, Sqlmap, JTR, OpenVAS, SET, MSF, Dirbuster
Android Debug Bridge (adb) Mobile Security Framework (MobSF) Drozer
John The Ripper L0pth Crack Brutus
Xposed Framework Apktool d2j-dex2jar
Hydra OpenSSH OpenSSL
Ettercap WPScan DNSdumpster
Testssl Fluxion Routersploit
Netstumbler Aircrack-ng suite HTTrack
Nikto BeEF OpenVAS
Wireshark – Packet Analyzer Kismet Cain & Able
Maltego Putty W3AF
Snort Paros Proxy SNMPWalk
RAT - Router and network management
10. Outsourcing of Project to External Information Security Auditors / Experts: No

11. Whether organization has any Foreign Tie-Ups? If yes, give details: No
12. Whether organization is a subsidiary of any foreign based organization?: No
13. Locations of Overseas Headquarters/Offices, if any: N.A
*Information as provided by Codec Networks Pvt Ltd on 01st July 2021
Back
M/s ITORIZIN TECHNOLOGY SOLUTIONS PVT LTD
ITORIZIN TECHNOLOGY SOLUTIONS PVT. LTD.

8/14, SHAHID NAGAR, GROUND FLOOR,
WING “A”, KOLKATA – 700078.
WEST BENGAL, INDIA

 Compliance audits (ISO 27001,IEC 62443, IEC 27019, PCI, etc.) (Y/N) : Yes
 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) (Y/N) : Yes
Govt. : 05
PSU : NIL
Private : 19

Wireless security audit : NIL
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : NIL
ICS/OT Audits : NIL
CISSPs : 0
BS7799 / ISO27001 LAs : 2
CISAs : 0
DISAs / ISAs : 0
Critical sector organizations
Duration with
ITORIZIN Experience in
Sl. Name of Qualifications related to
TECHNOLOGY Information
No. Employee Information security
SOLUTIONS PVT Security
LTD
Basudev - ISMS LA
1 4 Yrs 18.8 Yrs
Gangopadhyay - CEH
- ISMS LA
Debjyoti - CEH
2 2.4 Yrs 3.8 Yrs
Chowdhury - CHFI
- CyberArk Certified Trustee
- CEH
Sirsendu
3 3.2 Yrs 4.8 Yrs - CyberArk Certified Trustee
Bharati
- Vulnerability Mgmt. by Qualys
- CEH
4 Susanta Saha 2.4 Yrs 13.8 Yrs - CyberArk Certified Trustee
- CEH
- CHFI
- CyberArk Certified Trustee
5 Asmita Sarkar 2.4 Yrs 5.8Yrs
- NSE1 Network Security
associate
- CEH
- Google IT Support Professional
Certificate (Offered By -
Google through Coursera)
Tanmoy
6 2.2 Yrs 2.2 Yrs - Cyber Security Specialization
Samanta
(Offered By - University of
Maryland through Coursera),
- CyberArk Trustee
- Red Hat Certified System
7 Sourav Pal 1.7 Yrs 1.7 Yrs Admin
- CEH
- ICSI
8 Nishant Kumar 10 Months 10 Months
- CNSS
9 Arnab Giri 3 Months 3 Months - CEH
Web Application Security Assessment for a Corporate.

Project Volume: 133 nos of IPs, 24 Websites, 10 Web Apps, 11 Mobile Apps, 24 Internal
Apps.
Project cost: 14.94 Lacs
Commercial
- Burp Suite
Freeware
- Nessus
- Metasploit Tool
- Wire Shark
- NMap
- SQLmap
- Dirbuster
- OpenVas
- Genymotion+Santoku OS
- Postman
- Nipper
- Aircrack-Ng
- Airmon-Ng
- Airodump-Ng
- Gerrit
- RIPS
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes

( If yes, kindly provide oversight arrangement (MoU, contract etc.)

13. Locations of Overseas Headquarters/Offices, if any : None
*Information as provided by ITOrizin Technology Solutions Pvt Ltdon 01-07-2021
Back
M/s PRIME INFOSERV LLP
Name - PRIME INFOSERV LLP,

Address- 60, SIBACHAL ROAD, BIRATI, KOLKATA 700051
 Network security audit (Y/NYES) - YES

 Web-application security audit (Y/N) - YES
 Wireless security audit (Y/N) - YES
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) - YES
Govt. :<number of1>West Bengal Electronics Industry Development Corporation

Ltd. (WEBEL)
PSU :<number of1>POWER SYSTEM OPERATION CORPORATION LIMITED
(POSOCO), Eastern Regional Load Despatch Centre
Private :<number OF 20>GKB Rx Lens Pvt. Ltd, Grasim Industries Ltd (Jaya Shree
Textiles, Aditya Birla Group), Meghbela Broadband, Wooribank – Bangladesh,Essel
Mining, Mihup Communication, Khadim India Ltd.

Network security audit: <9>(Jayashree Textile, Essel Mining, Khadim, GKB Rx, Algo
Energy Tech, Lexplosion, Woori Bank, Waterbase (KaramchandThaper Group),
IKONET)
Web-application security audit: <6>AlgoEnerytech, Lexplosion, Woori Bank,
Intelligent Image Management Inc, Saratella, Aditya Birla Insulator
Wireless security audit:<number of 2>GKB Rx Lens Pvt. Ltd, Grasim Industries Ltd
(Jaya Shree Textiles, Aditya Birla Group),
Compliance audits (ISO 27001, PCI, etc.):<5>West Bengal Electronics Industry
Development Corporation Ltd. (WEBEL), GKB Rx Lens Pvt. Ltd, Intelligent Image
Management Inc, Meghbela Cable & Broadband Services Pvt Ltd, Matrix Media
Solutions Pvt Ltd
CISSPs : <2> - Kishore Vekaria, Sabyasachi Hazra

BS7799 / ISO27001 LAs : <5>Ajai Srivastava, Saurabh Sarkar, Sabyasachi Hazra,
Tapas Majumder, Sanjib Chowdhury
CISAs : <3>Sanjib Chowdhury, Tapas Majumdar, Sabyasachi Hazra
DISAs / ISAs : <number of>
Any other information security qualification:<number of>OSCP. CHFI, CEH, ECSA,
PMP, PCI-DSS, CISM
Experience in
No. organization Information security
Security
1 Kishore Vekaria 1st Feb 2017 30+ years CISSP, CCNA
st
2 Smith Gonsalves 1 Feb 2017 5+ years OSCP. CHFI, CEH. Certified
Advance Penetration Tester
3 Sudipta Biswas 1st May 2017 15+ years CEH, ISMS LA, STQC-CISP,
STQC-Certified Internal
Information Security Auditor
4 Soumadeep 12th April 2017 3+ years CEH
Chakraborty
5 Sanjib Chowdhury 4TH March 2019 3+ years CISA, PCI-DSS, ISO 27001
6 Subhamoy Guha 4th March 2019 2 years CEH, ECSA

th
7 Tapas Majumder 10 Oct 2019 5+ years CISA, ISO 27001 Lead Auditor
th
8 Saurabh Sarkar 29 Nov 2017 8+ years ISO 27001 Lead Auditor
th
9 Ajai Srivastava 16 Sept 2019 12+ years ISO 27001 Lead Auditor, Lead
Implementer 27001 & 9001
10 Sabyasachi Hazra 16th Sept 2019 12+ years CISSP, CISA, CISM, CRISC,
PMP, LA, CEH
 Project – Compliance Audit and VAPT

 Customer Name - GKB Rx Lens Pvt Ltd
 Total value – 1534000/-
 Location – Kolkata, West Bengal
 Complexity – Large infra across India with diverse platform and technologies. There
were global compliance norms for GDPR and ISO 27001 framework for their mother
organization Essilor
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary): Netcat
10. Netcat , NMAP, Metasploit Framework, Vega, W3af, OWASP Zed Attack Proxy Project, Firefox
addon, Kali Linux tools , Nessus, Burpsuit, NetSparker, Accunetix, F-Secure Radar.


*Information as provided by PRIIME INFOSERV LLP on 26-10-2020
Back
M/s QRC Assurance and Solutions Private Limited
 Name: QRC Assurance and Solutions Private Limited

 Location: Office No 508, Plot No 8, Ellora Fiesta, Sector -11,
Sanpada, Navi Mumbai, Maharashtra, India, 400705

 Vulnerability Assessment : Yes
 Penetration Testing : Yes
 Mobile Application Security Testing : Yes
 API Security Testing : Yes
 Govt. : One
(1)
 PSU : Zero
 Private : Sixty (60)
 Total Nos. of Information Security Audits done : Sixty (60)


 Vulnerability Assessment : 100
 Penetration Testing : 100
 Mobile Application Security Testing : 15
 API Security Testing : 25
 CISSPs : None
 BS7799 / ISO27001 LAs : Six(6)
 CISAs : Three (3)
 DISAs / ISAs : None
 Any other information security qualification:
 CISM: One (1)
 CDPSE: Two (2)
 CRISC: One (1)
 CEH: Five (5)
 CHFI:One (1)
 ECSA: One (1)
 OSCP: One (1)
 PCI-QSA: Five(5)
 PA-QSA: One (1)
 PCI-3DSA: One (1)
 Total Nos. of Technical Personnel : 20
Experience in Qualifications related

S. Name of Duration
Information to Information
No Employee with QRC
Security security
PCI-QSA, PA-QSA,
CDPSE, ISO 27001 Lead
Mr Vamsikrishna 04 years 10
1. 19 years Auditor, CISA, HIPPAA,
Maramganti months
COBIT 5, ITIL
Foundation
PCI-QSA, PCI-3DSA,
03 years 03
2. Mr Kalpesh Vyas 19 years CISA, CISM, CRISC,
months
CDPSE, ISO 27001 LA
Ms Akshata 04 years 10 CISA, 1SO27001:2013.

3. 6 Years
Bhaskar months LA, PCI-QSA
MS (Cyberlaw &
Mr Hare Krishna 04 years 06 Information Security),
4. 6 Years
Tiwari months IS0 27001:2013 LA, IS0
27001:2013 LI, PCI-QSA
02 years 11 BE (IT), CEH, CHFI,
5. Mr Vicky Fernandes 5.3 years
months ECSA, RHCSA
Mr Prashant 03 years 04 B. Tech (IT), CEH,
6. 3.4 years
Srivastava months OSCP
Mr Shashwat 03 years 02
7. 3.2 Years B. Tech (IT)
Verma months
03 years 02
8. Mr Saif Ahmad 3.2 Years B. Tech (IT)
months
1. One of the banks in India:

 Enterprise Vulnerability Assessment and Penetration Testing services including
Infrastructure VAPT audit of 350+ Servers
 Web and Mobile Application Security Assessments for 5+ applications
 PCIDSS Audit
 Information Security and Systems Audit
Project Value: Confidential
2. One of the Payment Gateways in India:

 Vulnerability Assessment and Penetration Testing covering about 50+ systems
 Web and Mobile Application Security Testing of 4+ critical Payment Gateway
Applications
 PCIDSS Audit
3. One of the BPOs in USA

 Vulnerability Assessment and Penetration Testing covering 200+ systems across 3
International Geographic Locations
 PCIDSS Audit for three (3) multiple locations across Globe
A. Commercial Tools
2. Netsparker Professional
4. QualysGuard
B. Open Source
1. Kali Linux
2. Nmap
3. Wireshark
4. OWASP ZAP
5. SSL Scan
6. HTTrack
7. Network Stumbler
8. Aircrack suite
9. Nikto
10. Cain and Abel
11. Mobile Security Framework
12. L0phtcrack: Password Cracker
13. OpenVas
14. W3af
15. Directory Buster
16. SQL Map
17. Android Tamer
18. Metasploit
C. Proprietary Tools (Inhouse developed)

1. QRC dataFinder
*Information as provided by QRC Assurance and Solutions Private Limited on 26-October-2020
Back
M/s RNR Consulting Private Limited
RNR Consulting Private Limited.

E-16/169, Sector-8, Rohini,
Delhi 110085
 Network security audit : Y

 Web-application security audit : Y
 Wireless security audit : Y
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : Y
 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : Y
 ICS/OT Audits : Y
 Cloud security Audits : Y
 Device Security Audits : Y
 RBI Audits : Y
Govt. : 14+
PSU : 5+
Private : 40+


Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : 20+
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : 30+
ICS/OT Audits : 4+
Cloud security Audits : 20+
Device Security Audits : 50+
RBI Audits : 10+
CISSPs : 3
BS7799 / ISO27001 LAs : 14
CISAs : 2
DISAs / ISAs : 2
Any other information security qualification :15(CEH etc..)

CISSP, CISA, CEH,
1 Nitish Goyal 6+ years 8+ years ISO27001 LA, PCI-
DSS
CEH, CHFI, ISO27001
2 Jagbir Singh 6+ years 12+ years LA, SANS certified,
Cyber Law
M.S (State Univ. New
York) MBA, Lead
Auditor for ISO 27001,
3 Arup Roy 6+ years 30+ years
ISO 20000, ISO
22301, ISO 9001, BS
10012
CISA, ISO27001, CEH,
MCSE, CCNA,
4 Vinay Singh 6+ years 14+ years
Penetration Tester,
Network +
5 Shyam Thakur 6+ years 9+ years ISO27001, CEH
6 Rakesh Kumar 1+ year 4 years CEH, CCNA, MCSE
7 Vibha Gupta 1+ year 2+ years CEH
8 Narendra 1+ year 2+ years CEH
9 Arun Goyal 6+ years 6+ years CISA, CCNA, CCNP
Mousumi
10 1+ years 2+ years ISO 27001
Pattnayak
11 Abhay Mathur 1+ years 23+ years ISO 27001
Nessus, BurpSuite, Metasploit, OpenVAS, NIPPER etc.
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes, Contact,
NDA and MoUs

13. Locations of Overseas Headquarters/Offices, if any: No
*Information as provided by RNR Consulting Private Limited on 22ND Feb 2022
Back
M/s Sattrix Information Security Pvt. Ltd.
Sattrix Information Security (P) Ltd

Govt. : 0
PSU : 0
Private : 3


CISSPs : 1
BS7799 / ISO27001 LAs : 2
CISAs : 1
DISAs / ISAs : 0
Any other information security qualification :CEH, MF Fortify

No. Sattrix Information Security Information security
1 Krunal Mendapara 5.5 years 5.5 years B.Tech, CeH
2 Yash Zalawadia 3.5 years 3.5 years B.E, CeH
3 Anurag Priyam 5 years 5 years B.E, CeH, AWS Cloud
Practitioner
4 Anil Kumar 2 years 3.5 years B.E, CeH
5 Ankit Shah 2.5 years 2.5 years B.E
6 Mahendra Patel 1 year 14 years B.E, MBA
7 Sudhanshu Singh 1.5 years 1.5 years BSc-IT
8 Ashutosh 3.5 years 3.5 years B.Tech, AWS Associate
Solution Architect
 Project 1
 Location – USA
 Project – infrastructure audit
 Activity – Vulnerability Assessment, Penetration Testing, Reporting and
remediation suggestion, Remediation of Vulnerability and patching activity
 Location – 3
 Volume – 5000 users
 Project Value - $80K+
 Commercial – MF Fortify SSC, MF Fortify SCA, Nessus, Rapid7

 Freeware – burp suit, Kali linux, Metasploit, SQL Map, NMAP, Wireshark, W3AF,
Aircrick


*Information as provided by Sattrix Information Security (P) Ltd. on 28-Oct-2020
Back
M/s Tata Advanced Systems Ltd.
1. Name & location of the empaneled Information Security Auditing Organization:
Organization Name: Tata Advanced Systems Ltd.

(Cyber & Physical Security Division)
Location: Office No. 15, 6th floor, Tower 1,Stellar IT Park,C-25, Sector-62
Noida, Uttar Pradesh, India. PIN - 201307
Network security audit (Y/N) : Y

Web-application security audit (Y/N) : Y
Wireless security audit (Y/N) : Y
Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Y
Android Security Audit(Y/N) : Y
IOS security Audit(Y/N) : Y
IOT Security Audit(Y/N) : Y
Govt. : 0
PSU : 0
Private : 6

Network security audit : 4 (500+ Servers &

250+ Network Devices)
Web-application security audit : 20+ Applications
Android Security Audit : 3
IOS security Audit : 1
Compliance audits (ISO 27001, PCI, etc.) : NIL
CISSPs : 1
BS7799 / ISO27001 LAs : N/A
CISAs : N/A
DISAs / ISAs : N/A
CEH : 4
ECSA : 1
CHFI : 2

No. Employee TATA Advanced Information to Information
Systems Ltd Security security
1 Arun Kumar 1 year 10 12 years M.S. (software
months systems), CISSP
2 Ankit Gupta 1 year 10 6 Years MCA, CHFI & ECSA
months
3 Kamaljeet Kumar 1 year 9 months 2 years 3 months M.Tech (Cyber
Security), CEH
(Practical) v10
4 Nitya Nand 9 months 2 years 5 months MCA, CEH-v10
5 Jesna Joy 9 months 3 years 6 months B.Tech (CSE),CEH-V10

6 Yash Kansal 2months 2months Post Graduate
Diploma in Cyber
Security and Law
8. pecify Largest Project handled in terms of scope (in terms of volume, complexity, locations
S. Organization Volume Complexity Locations Project

No. Type Value
1 Aviation Network On-prem and multi- Ahmedabad INR
Industry Devices150+ cloud Infra spread Bhubaneswar 2,900,000/-
across various Bangalore
Servers: 350+ availability zones. Mumbai
Delhi
The organization Dibrugarh
Web -
houses multi-vendor Guwahati
Applications:
SaaS products Goa
15+
including inhouse Gurgaon
application servicing Bagdogra
Mobile Lucknow
4000+ mobile
Application Mumbai
workforce across 34
(Android & IOS): Pune
locations
20 Raipur
Amritsar
Kolkata
Cochin
Hyderabad
Chandigarh
Jammu
Ranchi
Chennai
Srinagar
Varanasi
a. Commercial Tools:Nexpose, Burp suite, Netalytics

b. Freeware Tools:Kali Linux, MobSF, Wireshark, Nipper, Powershell Empire, Virus
Total, Drozer, Frida & Objection, Inspeckage, APKtools, Shodan, Nmap, Metasploit,
Nikto, ZAP, Responder, Impacket Crackmapexec, , onesixtyone, Searchsploit, Maltego,
LFIsuite, SQLMAP and etc.
c. Proprietary Tools: Netalytics


*Information as provided by TATA Advanced Systems Ltd. on 26th October 2020
Back
M/s Dr CBS Cyber Security Services LLP
Dr CBS Cyber Security Services LLP

113, Suraj Nagar East, Civil Lines, Jaipur, Rajasthan-302006
Network Security Audit : Yes

Web-application Security Audit : Yes
Wireless Security Audit : Yes
Compliance Audits (ISO 27001, PCI, etc.) : Yes
End Point/ Workstation Security Audit : Yes
Information Security Policies Formulation & Review as per Legal Yes
Mandates & International Standards(ISO/IEC 27001:2013, ISO
27002, Rule 4 & 8 of IT Reasonable Security Practice & Procedure
& Sensitive Personal Data Rules 2011 :
Communications Security Testing : Yes
Vulnerability Assessment & Penetration Testing : Yes
Exploitation of Vulnerabilities : Yes
Network Mapping : Yes
Application Security Assessment : Yes
Malware Backdoor Detection : Yes
Risk Assessment : Yes
Physical Security Review : Yes
Information Security Trainings (User awareness & counseling, Yes
cybercrime investigation, technical training, etc.) :
Enterprise Security Architecture Review : Yes

Data Leak Prevention (DLP) consulting : Yes
Mobile Application Security Audit : Yes
Compliance Audit (GDPR, RBI, SEBI, SEBI, NPCI, NABARD, Yes
IDRBT, IRDA etc.)
API Security Audit : Yes
Network Performance Testing : Yes
Cloud Security Audit : Yes
Source Code Review/Audit : Yes
Incident Response : Yes
IoT Security Assessment : Yes
Data Centre Audit/ Security Operation Centre (SOC) Audit : Yes
Authentication User Agency (AUA ) / KYC User Agency (KUA) - Yes

Audit :
Operational Technology (OT) Audit : Yes
Electronic Signature (e-Sign) Compliance audit : Yes
Red Team Assessment : Yes
AEPS & Aadhaar Pay Micro ATM Audit : Yes
Supervisory Control & Data Acquisition (SCADA) Security Audit : Yes
Cyber Forensics : Yes

Government 128
PSU 14
Private 27
Comprehensive IT Security Audit 32

Network Security Audit 32
Web-application & Mobile Application Security Audit 130
Source Code Review 40
Regulatory Compliance Audit (RBI, SEBI, NPCI, NABARD, IDRBT, IRDA, 11
AUA/ KUA, SWIFT, GDPR etc.)
Wireless Security Audit 25
Formulation of IT Security Policies 01
Operational Technology (OT) Audit 02
Functional Audit 02
ISO/IEC27001:2013 Lead Auditor 04

Certified Ethical Hacker (CEH) from EC Council 07
CISA 01
Certified Internal Information Security Auditor (STQC-CIISA) 03
Certified Internal Information Security Auditor (STQC-CISP) 01
DISA/ ISA 01
Any other Information Security Qualification:
Diploma in Cyber Law 06

Certificate in International Law on E-Commerce 01
Masters in Cyber Security (M.Tech) 01
PhD 02
Masters in Computer Science (M.Tech) 01
MSc (IT) 01
MSc (Cyber Security) 01
Masters in Computer Applications (MCA) 01
MSc (Micro Electronics) 01
Bachelor of Technology (B.Tech-CSE/ ECE) 05
Bachelor in Law 02
Master of Laws 01
Total Nos. of Technical Personnel 11
S. Name of Employee Duration Experience Qualifications related to

No. with in Information security
organizati Informatio
on n Security
1. Dr C B Sharma IPS (R) 05 Years 10+ Years  Certified Lead Auditor ISMS (ISO/
IEC 27001:2013) from Indian
Institute of Quality Management
(IIQM)
 Certified Internal Information
Security Auditor (STQC-CIISA)
 Diploma in Cyber Law
 MSc Physics (Microwave
Electronics)
 LL.B
 MA Philosophy
 PhD
2 Dr. Swati Vashisth 05 Years 06+ Years  B.Tech (CSE)

 Certified information Systems
Auditor (CISA) from ISACA
 Certified Lead Auditor ISMS
(ISO/IEC 27001:2013) from Indian
(IIQM)
 Certified Information Security
Professional (STQC-CISP)
 Diploma in Information System
Audit (DISA) from IIBF
 Certified Ethical Hacker (CEH) from
EC Council
 MBA(PGDRM) from IRMA
 PhD
3 Mr. Sachin Kumar 05 Years 10+ Years  B.Tech (CSE)

Sharma  M.Tech(CSE)
(ISO/IEC 27001:2013) from Indian
(IIQM)
 Certified Ethical Hacker (CEH) from
EC Council
 Certificate in International Law on
E-Commerce
4 Mr. Satyendra Singh 05 years 10+ Years  M.Sc (IT)

(ISO/IEC 27001:2013)
from Indian Institute of Quality
Management (IIQM)
 Certified Ethical Hacker (CEH)
from EC Council
5. Mr. Vishrant Ojha 03 Years 03+ Years  B.Tech (ECE)
 M.Tech (Cyber Security)
from Sardar Patel Police
University, Jodhpur
from EC Council
 Various Cyber Security
Certificates from Code Red-
EC Council
6. Mr. Balkrishan Sharma 03 Years 03+ Years  B.Tech (CSE)
 CCNA
 MCITP from Microsoft
from EC Council
7. Mr. Niladri Dalal 01 Year 01 Year  MSc (Cyber Security)
 BSc (Hardware & Networking)
from EC Council
8. Mr. Akansh Sharma 01 Year 02 Years  Batcher in Computer Application
(BCA)
 Master in Computer
Application (MCA)
Certified Ethical Hacker (CEH)
from EC Council
9. Mr. Vishal Soni 06 Months _____  B.Tech. (CSE)
10. Mrs. Manju Sharma 05 years 05+ Years  Diploma in Cyber Law
 BSc
 MA
 Diploma in Textile Designing
11. Ms. Alka Takhar 06 Months -------  B.A.
 LL.B
 LLM
 NET Qualified
S.No. Organization Scope Details of IT Location

Infrastructure
1. One of the leading 1.Gap Analysis and Review of Documented Audit Total 17
textile & garment Existing Policies Report as per Scope locations at
manufacturer 2. Risk Assessment and of work of : Mumbai,
company of India Vulnerability Assessment Computers:1103, Tarapur,
(End Point, Server, Network, Servers:12, Daman,
Firewall, Routers, Switches, E- Firewall:16, Silvassa,
mail, Website, Web Application, Switches:110, Amravati,
Mobile Application, Software, Wi-Fi: 22, Hyderabad
Back-up, CCTV etc.) DVR:28 &
3. Penetration Testing Cameras:295 Bhiwandi
4. Exploitation of Vulnerabilities
( In the System and Networks).
5. Detailed Documented IT Security
Audit Report and Actionable
Items etc.
6. Web Application Software
Security
7. Physical Control and Security
8.Conceptual Guidance
9. Operational Technology (OT)
Audit
9. Information Security Training
and Awareness.
2. One of the Indo-US 1.Gap Analysis and Review of Documented Audit Total 03
Organization in field Existing Policies Report as per Scope locations at
of Geosynthetic 2. Risk Assessment and of work of : Mumbai,
material Vulnerability Assessment (End Computers:121, Daheli,
Point, Server, Network, Firewall, Servers:3, Daman
Routers, Switches, E-mail, Firewall:01,
Website, Web Application, Mobile S/w application: 01
Application, Software, Back-up, Wi-Fi:07
CCTV etc.) DVR: 1,
3. Penetration Testing Cameras: 8
( In the System and Networks).
5. Detailed Documented IT Security
Audit Report and Actionable
Items etc.
6. Web Application Security
7. Physical Security
8. Conceptual Guidance
and Awareness
3. One of the growing 1.Formulation of IT Security Documented Audit Total 2
tyre firm in India Policies Report as per Scope Locations at
2. Vulnerability Assessment of work of : Mumbai &
Penetration Testing Computers:128, Panoli
3. Exploitation of Vulnerabilities Servers:4,
In the System and Networks). Firewall:02,
4. Web Application Security application: 01
and Awareness
4. One of IT General security Control / Documented Audit Total 5

Nationalize Bank Process audit of: Report as per Scope Locations at
in India 1. Data Center / Near Disaster Recovery of work of : Chennai,
Site / Disaster Recovery Site 3 Data Centers, 1 Mumbai,
2. Information Technology Department corporate office, 1 Delhi, Jaipur,
/ Network Operations /in-house Head office, 28 CBS Sikar
Development Branches & various
3. Digital Banking Department and all e- departments
banking channels (web based and
mobile based)
4. Payment Gateway
5. CTS grids
6. ATM Switch /ATM Service Centre /
Card lssue
7. Credit Card Department
8. Call Center
9. NEFT / RTGS Cell
10. International Division / SWIFT
11. Treasury Branch
12. Registration authority (RA)
13. CPPC/CDPC/FI/MIS/AML/eAudit/HR
M Department
5. One of Scalability and Resiliency audit of Scalability and Chennai

Nationalize Bank UPI Infrastructure as Per NPCI Resiliency of IT
in India Requirements infrastructure of the
UPI (Data Centers,
Redundancies of the
IT infrastructure,
Incident
Management, Drills,
Root cause analysis)
6. Indian Ordnance Comprehensive IT Security Audit Network Architecture Located at

Factories (8) Review, Vulnerability Jabalpur,
assessment of IT Nagpur,
Infrastructure Dehradun,
Penetration Testing Itarasi,
of servers, Review of Chennai,
Cyber Security Policy Kanpur,
and SOP, Mock drill Ambarnath &
analysis as per cyber Mumbai
security policy
7. Aeronautics firm Vulnerability Assessment & Firewall Rule Audit Bengaluru

in India Penetration Testing of firewall and Log Analysis,
devices located at different 25 External & Internal
locations, End Point Computers, Vulnerability
Servers, Web & Mail Applications Assessment for Web
Server and Mail
Server in Internet
domain, VAPT of
Endpoint computers
& Network Devices
8. Thermal Power Comprehensive IT Security Audit IT Security Audit of Suratgarh

Station in End Point Rajasthan
Rajasthan Computers, Servers,
WI-FI & Network
Devices
9. Rapid Transport Formulation of IT Security Policies Formulation of Jaipur
Organization in following IT Security
Jaipur Policies:
under Govt. of 1. Identification,
Rajasthan Asset
Management
& Disposal
,Acceptable
Use (including
Software)
Policy
2. E-Mail,
Information
Transfer &
Social Media
Policy
3. HR Policy
4. Business
Continuity and
Backup Policy
5. Clear Screen &
Clear Desk
Policy
6. Network,
Internet, Wi-Fi,
LAN, Access
Control, Server
Room & Log
Policy
7. Data Security
and
Cryptography
Policy
(including Data
Centers)
8. Privacy Policy
(Non
Disclosure
with third
parties)
9. CCTV Policy
10. Password
Policy
11. Mobile device
and
Teleworking
10. An Indian govt. Comprehensive IT Security Audit IT Security Audit of Jaipur

owned oil and End Point
gas explorer and Computers, Servers,
producer under WI-FI & Network
the ownership of Devices
Ministry of
Petroleum and
Natural Gas,
Government of
India
11. AUA/KUA Audit UIDAI’s Compliance Audit of KYC Compliance Audit as Gujarat
as per User Agency (KUA) and Aadhaar per guidelines
requirement of Authentication Services (AUA). mentioned in
Unique Aadhaar
Identification (Authentication)
Authority of Regulations, 2016
India (UIDAI)
for Dept. of IT
Gujarat
12. A Public Web Application Security Audit Web Application Chandigarh

transport Security Audit as per
undertaking guidelines of Open
organization Web Application
Security Project
(OWASP) Top 10
Web Risks, SANS Top
25 Software Errors,
Common Weakness
Enumeration(CWE),
Common
Vulnerabilities and
Exposures (CVE) etc.
The Web Application
Security Consortium
(W3C) and Web
Content Accessibility
Guidelines (WCAG).
13. One of Central Web Application Security Audit Web Application Punjab
University Security Audit as per
guidelines of Open
Web Application
Security Project
(OWASP) Top 10
Web Risks, SANS Top
25 Software Errors,
Common Weakness
Enumeration(CWE),
Common
Vulnerabilities and
The Web Application
Security Consortium
(W3C) and Web
Guidelines (WCAG).
14. An apex national Web Application Security Audit Web Application Delhi
sports body of Security Audit as per
India guidelines of Open
Web Application
Security Project
(OWASP) Top 10
Web Risks, SANS Top
25 Software Errors,
Common Weakness
Enumeration(CWE),
Common
Vulnerabilities and
The Web Application
Security Consortium
(W3C) and Web
Guidelines (WCAG).
15. Online Citizen Web Application Security Audit Web Application Andaman
Services Portal Security Audit as per & Nikobar
of a union guidelines of Open
territory of India Web Application
Security Project
(OWASP) Top 10
Web Risks, SANS Top
25 Software Errors,
Common Weakness
Enumeration(CWE),
Common
Vulnerabilities and
The Web Application
Security Consortium
(W3C) and Web
Guidelines (WCAG).
16. A State Information Security Audit Information Security Jaipur
Cooperative Audit as per
Bank of guidelines issues by
Rajasthan NABARD, RBI and
ISMS Standards ISO
27001:2013
17. An Autonomous Web Application Security Audit Web Application Delhi
Scientific Society Security Audit as per
under the guidelines of Open
administrative Web Application
control of Security Project
Ministry of (OWASP) Top 10
Electronics & Web Risks, SANS Top
Information 25 Software Errors,
Technology, Common Weakness
Government of Enumeration(CWE),
India Common
Vulnerabilities and
The Web Application
Security Consortium
(W3C) and Web
Guidelines (WCAG).
18. An autonomous Comprehensive IT Security Audit IT Security Audit of Jaipur
body in housing End Point
of Government Computers, Servers,
of Rajasthan WI-FI & Network
Devices
19. Hydroelectric Comprehensive IT Security Audit IT Security Audit of Bhopal,
Power Stations End Point Narmada
in Computers, Servers, Nagar,
Madhya Pradesh WI-FI & Network Omkareshwar,
(PSU) Devices Khandva
20. Department of Web Application & Mobile Web Application Gujarat
IT, Gujarat Applications Audit Security Audit as per
guidelines of Open
Web Application
Security Project
(OWASP) Top 10
Web Risks, SANS Top
25 Software Errors,
Common Weakness
Enumeration(CWE),
Common
Vulnerabilities and
The Web Application
Security Consortium
(W3C) and Web
Guidelines (WCAG).
21. Department of Web Application & Mobile Web Application Telangana
IT, Telangana Applications Audit Security Audit as per
guidelines of Open
Web Application
Security Project
(OWASP) Top 10
Web Risks, SANS Top
25 Software Errors,
Common Weakness
Enumeration(CWE),
Common
Vulnerabilities and
The Web Application
Security Consortium
(W3C) and Web
Guidelines(WCAG)
22. A Central Web Application Audit Web Application Churu
Cooperative Security Audit for Rajasthan
Bank safe to host
certificate
23. India’s largest Comprehensive IT Security Audit IT Security Audit of Ranchi
power utility End Point
under Ministry of Computers, Servers,
Power, Govt. of WI-FI & Network
India (PSU) Devices
24. A smart City Functional Audit of Public Audit of Public Prayagraj
Project under Addressing System, Addressing System
Govt. of Uttar Body Worn Camera System and at 206 Locations,
Pradesh Mobile Surveillance System Mobile Surveillance
System of 43
Vehicles, 300 Body
Worn Camera System
& 2 Control Centers
25. An Education, Web Application & Portal Audit Web Application New Delhi
Training, and Security Audit as per
Research in guidelines of Open
Aviation under Web Application
Govt. of India Security Project
(OWASP) Top 10
Web Risks, SANS Top
25 Software Errors,
Common Weakness
Enumeration(CWE),
Common
Vulnerabilities and
The Web Application
Security Consortium
(W3C) and Web
Guidelines (WCAG).
26. Internet Banking Web Application & Mobile Web Application & Chennai
& Mobile Application Audit Mobile Application
Banking Security Audit as per
platform Audit of guidelines of Open
one of Web Application
Nationalized Security Project
Bank in India (OWASP) Top 10
Web Risks, SANS Top
25 Software Errors,
Common Weakness
Enumeration(CWE),
Common
Vulnerabilities and
The Web Application
Security Consortium
(W3C) and Web
Guidelines (WCAG).
27. Asia’s largest tier-4 IT Security Audit of Data Center Audit of Physical Hyderabad
data center in India 1. Logical Security Security controls
2. Physical Security & logical security.
Audit of the
procedures and
technology are in
place to avoid
downtime, disasters,
unauthorized access,
DR Drills and
breaches.
28. Tier-4 data center in IT Security Audit of Data Center Audit of Physical Mumbai
India 1. Logical Security Security controls
2. Physical Security & logical security.
Audit of the
procedures and
technology are in
place to avoid
downtime, disasters,
unauthorized access,
DR Drills and
breaches.
29. Online Examination 1. Physical / Logical Security of the Documented Audit Jaipur
Security Audit online examination system Report as per Scope
2. Vulnerability Assessment and of work of :
Penetration Testing End Point, Total no. of End
Server, Network, Firewall, Routers, Point Computers :
Switches, E-mail, Website, Web 5270
Application, Mobile Application,
Software, Back-up, CCTV etc.)
In the System and Networks.
30. Online Examination & Cyber Security Audit of Evaluation Documented Audit Jaipur
Evalution Cyber Centers Report as per Scope
Security Audit of of work of :
Public Service Total no. of End
Commission Point Computers :
120
Servers: 04
S.No Name of Tool Purpose of Tool

Nessus
1. A remote security scanning tool
Professional
Burp Suite
2. Web Vulnerability Scanner
Professional
3. Acunetix Web application security Tool
1.
Free PC Audit System, hardware and software information tool.
A debian based Linux distribution designed for digital forensics and
penetration testing. It Contains tools for information gathering,
Vulnerability Analysis: Network, Web applications etc. , Exploitation
5. Kali Linux
tools, Wireless attack , Forensics, Web application analysis, Sniffing &
Spoofing, Password Attack, Maintaining Access, Hardware Hacking,
Reverse Engineering etc.
6. Backtrack 5 R3 Old Distribution of Kali Linux
Ubuntu based Operating Systems developed for penetration testing and
7. Backbox Linux
security assessment
8. DEFT Linux Light weighted Linux Operating System for Digital Evidence & Forensics
9. Nmap Network Security Scanner, Port Scanner & Network Exploration Tool
Network Packet Analyzer used for network troubleshooting, packet
10. Wireshark
capturing and analysis
Microsoft
Used to verify necessary security checks patch compliance for Windows
11. Security Baseline
operating system, Internet Information System (IIS) and SQL Server
Analyzer (MBSA)
12. Super Scan Network Port Scanning Tool
13. OWASP- ZAP Web application security scanner
OWASP Mantra
14. Security a collection of hacking tools, add-ons and scripts based on Firefox
Framework
15. Metasploit Penetration testing tool to find, exploit, and validate vulnerabilities
16. Aircrack-ng A complete suite of tools to assess Wi-Fi network security
17. Ettercap Tool for man in the middle attacks
Cisco OCS Mass
18. scanning, fingerprinting and exploitation tool
Scanner
19. W3af web application security scanner
20. Wikto web server scanner
21. Airmagnet Wireless Network Monitoring and WiFi Troubleshooting
22. Paros web proxy to web application vulnerability
Audits the security of network devices such as switches, routers, and
23. Nipper
firewalls
A computer networking utility for reading from and writing to network
24. Netcat
connections using TCP or UDP
25. Cain & Abel A password recovery tool
26. Mobisec Mobile Application Security framework
27. SQLMAP SQL injection Vulnerability exploiting tool
28. DNSenum DNS enumeration tool
29. Knockpy Subdomain enumeration tool
Web technologies including content management systems (CMS)
30. whatweb
identification tool
A DNS meta-query spider that enumerates DNS records, and sub
31. Subbrute
domains
32. Recon-ng Web Reconnaissance framework
33. enum4linux Enumerating information from Windows and Samba systems.
Bowser Add-ons
34. Mozilla Firefox and Google chrome browser based add-on
/ extensions
Social
35. Engineering Tool Tools for Social-Engineering attacks
Kit
36. WinHEX Universal hex editor for forensics & data recovery applications
37. Android Emulator Android devices Simulation
38. Java De-compiler Decompiler for the Java programming language
39. APK Inspector Android applications analysis tool
40. APK Analyzer Android applications analysis tool
41. Cydia impactor iOS applications analysis tool
42. Brutus Password Cracking tool
43. Fiddler HTTP debugging proxy server application
44. Skipfish web application security reconnaissance tool
45. Cmsexplorer Web Security Testing
46. Joomscan Joomla Vulnerability Scanner
Software library for the Transport Layer Security (TLS) and Secure
47. Openssl
Sockets Layer (SSL) protocol
multi threaded java application to brute force directories and files names
48. Dirbuster
on web/application servers
a command line tool to transfer data to or from a server, using any of
49. Curl the supported protocols (HTTP, FTP, IMAP, POP3, SCP, SFTP, SMTP,
TFTP, TELNET, LDAP or FILE)
50. Tcpdump command-line packet analyzer
51. Fimap Local file inclusion (LFI) and Remote file inclusion (RFI) exploitation tool
52. SwfScan Vulnerability scanner for flash file based application
54. Ssltest SSL/TLS and PKI testing tool
55. Hping a command-line oriented TCP/IP packet assembler/analyzer
56. Scapy a packet manipulation tool for computer networks
57. Loki digital forensics, intrusion detection or security monitoring tool
a fuzzing penetration testing tool for HTTP SOAP(Simple Object Access
58. Wsfuzzer
Protocol ) based web services
59. App Scan web security testing and monitoring tool
60. Pwdump Password cracking tool
Network intrusion detection system (NIDS) software for Linux and
61. Snort
Windows
62. WebScarab Web application security testing tool
63. Whisker CGI scanner
64. Helix (Forensics) Digital forensics tool
Browser extension for Mozilla Firefox that facilitated the live debugging,
65. FireBug editing, and monitoring of any website's CSS, HTML, DOM, XHR, and
JavaScript
66. NStalker Web Application Security Scanner
67. Snmp Walk A command-line tool to collect SNMP data
68. Santoku Linux based Mobile Forensics tool
69. IronWASP Web application vulnerability testing tool
70. Bile-Suite Bi-directional Link Extractor
71. Maltego Information gathering tool
72. SEAT Search Engine Assessment Tool
73. Achilles web application security testing tool
74. Sandcat Penetration Testing Browser
75. Pixy Vulnerability Scanner for PHP Applications
76. OWASP CLASP Principle or a set of principles for application level security project
77. Firecat A network penetration testing tool fo reverse TCP tunnels
78. SAINT Penetration Testing tools
79. Inguma Penetration Testing & vulnerability discovery toolkit
80. SARA Microsoft Support and Recovery Assistant (SaRA)
81. SQL Ninja A SQL Server Injection & takeover tool
a newer version of the pwdump tool for extracting NTLM and LM
82. Fgdump
password hashes from Windows.
83. Medusa Password cracking tool
84. Wapiti Web Vulnerability Scanner
85. Havij SQL Injection Vulnerability tool
Password Cracking Tool, a parallelized login cracker which supports
86. Hydra
numerous protocols
87. Httprint Web server fingerprinting tool
88. GrendeIscan web application security testing tool
a command-line network packet crafting and injection utility for UNIX-
89. Nemesis
like and Windows systems
90. Crowbar Password Cracking (Brute force) tool
OpenVAS
(Open
91. Vulnerability A full-featured vulnerability scanner
Assessment
System)
a graphical cyber attack management tool for the Metasploit Project
92. Armitage
that visualizes targets and recommends exploit
93. Dirb For directory listing
Temper Data
94. Browser Extension for temper data
Extension
95. Wafwoof For firewall detection
96. Vega Web vulnerability scanner
DR CBS In-house
97. Tools & scripts for vulnerability assessment and penetration testing
tools & Scripts
98. LanSweeper IT Asset Management Software

Information as provided by Dr CBS Cyber Security Services LLP on 27 June 2022
Back
M/s FIS Global Business Solutions India Pvt. Ltd.
FIS Global Business Solutions India Pvt. Ltd.

402, I Park, Plot No. 15,
Phase IV, Gurugram,
Haryana 122016
 Network security audit YES

 Web-application security audit YES
 Wireless security audit YES
 Compliance audits (ISO 27001, PCI, etc.) NO
 Red Teaming YES
 Mobile application security YES
 Cloud security YES
 Penetration Testing and Vulnerability Assessment YES
Govt. : - Nil -
PSU : - Nil -
Private : 100+


Mobile Security Testing : 10+
Wireless security audit : -Nil-
Compliance audits (ISO 27001, PCI, etc.) : -Nil-
CISSPs : 0
BS7799 / ISO27001 LAs : 5
CISAs : 0
DISAs / ISAs : 0
OSCP 2
ECSA 1
OSWP 1
CPTE 1
CEH 9
CHFI 1
GPEN 1
Fortify SCA 1
CPISI 1
eCPPT 7
eWAPTX 2
eMAPT 1
eWPT 13
eJPT 5
RHCE 1
RHSA 1
S. Name of Duration with Experience in Qualifications related to Information

No. Employee FIS Information security
Security
M.C.A, B.C.A, A Level,OSCP, CPTE, OSWP,
Jatin Jain 7.5 Years 9.5 Years
1 CEH, CPISI, ISO 27001
B.Tech- CSE (Computer science
5 Year, 9
Ravinder Kumar 9 Year, 3 Months Engineering),CEH, ECSA-v9, OSCP, ISO
Months
2 27001 LA, eWPT
3 Jay Shah 8 Year 10+ Year B.Tech, ISO 27001 LA, eCPPTv2
B.E. - EEE (Electrical and Electronics
EngineerM.Tech - CSIR (Cyber Security
Komal Nayi 3Year, 4 Year, 6 Months
and Incident Response) ISO 27001, CEH,
4 eMAPT, eJPT
1Year, 9 B.Tech Computer Science & Engineering,
Sumit Gupta 4Year, Months
5 Months eWPTXv1
2 Year, 4
Manish Gupta 3 Year 6 Month B.C.A, eWPT, eCPPTv2
6 Month
2 Year, 4 B.Tech- Electrical and Electronics, CEH,
Ruchika Berry 4 Year, 5 Months
7 Months eWAPT.
1 Year, 7
Rahul Sambiyal 3 Year, 5 Months BCA, MCA, eCPPTv2
8 Months
2 year, 11
Saurav Bhatt 6 Year BCA
9 months
5 Year, 6
Arpit Arora 5 Year, 6 Months B-Tech (EC), eWPT
10 Months
Karthick
7 Year 10 Year B.E CSE, CEH, GPEN, ISO 270001,eCPPTv2
11 Perumal
2 Year, 5 5 Year, 11
Shipra Verma B-Tech CSE, eWPT
12 Months Months
13 Priyanka Gupta 3 year 5 Year, 3 Months Bachelor of Engineering (B.E), eJPT, eWPT
2 Year, 5
Jayaraman M 5 Year, 6 Months B-Tech/ECE
14 Months
2 Year,
Rishi Sharma 3 Year, 10 Month M.Tech CSE
15 Months10
H R Vishwas 1 Year, 2
3Year,1 Months B.E in CSE: CEH, CHFI, ISO 27001:2013
16 Rao Months
1 year, 7
Hari Prasad 5 Year, 7 Months B-Tech
17 Months
1 Year, 5
Litty Antony 3 Years CEH v10, eWPT
18 Months
1 Year, 5
Akash Teotia 1 Year, 5 Months BCA, eWPT
19 Months
Mayank 1 Year, 5
1 Year, 5 months BSC, eWPTXv1
20 Chandelkar Months
2 Year, 9
Ankit Rawat 5 Year, 4 Months eCPPTv2
21 Months
Due to non-disclosure agreement with Client / Customer / Business sharing

partial/full information is/are restricted to disclosure.
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary): Burp Suite
• Nmap Scan
• SQL Map
• Mass scanner
• Superscan
• Kali Linux
• Wireshark – Packet Analyser
• Tamper Data
• Nikto
• Ettercap
• Paros Proxy
• Webscarab
• Brutus
• Custom Scripts and tools
• OWASP Xenotix
• Browser Addons
• Echo Mirage
• Paros Proxy
• Fiddler Proxy
• Angry IP Scanner
• Aircrack
• Kismet
• WinHex
• Proccess Monitor
• WP-Scanner
• IBM App Scan
• Fridump
• ProxyDroid
• APKTool
• ClassDump and 100+ others

FIS has its presence in more than 200 geographical locations spread across globally.
The company is headquartered in Jacksonville, Florida in the USA and multiple products
and services are being offered from outside India to meet the client requirements.
The services are being offered from the USA, UK, Australasia, European region,
Philippines to name a few.

Fidelity National Information Services, Inc
The company is headquartered in 601 Riverside Ave Jacksonville, Florida in the USA
*Information as provided by FIS Global Business Solutions India Pvt. Ltd. on January 4,
2021
Back
M/s GRM Technologies Private Limited.
1. Name & location of the empanelled Information Security Auditing Organisation:
GRM Technologies Private Limited.
Registered address: 2/127 Mani Sethupattu, Sriperumbudur Taluk, Kancheepuram District,

Tamil Nadu, 601 301 India
Corporate address: No-9, 2nd floor, Shoba Homes, West Tambaram, Chennai, Tamil Nadu-
600045.India
 Network security audit (Y/N) - Yes

 Web-application security audit (Y/N) - Yes
 Wireless security audit (Y/N) - Yes
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) - Yes
 Web server security audit(Y/N) - Yes
 Mobile application security audit(Y/N) - Yes
 Secure code review(Y/N) - Yes
 Secure SDLC review(Y/N) - Yes
 ERP Audit(Y/N) - Yes
 Payment Gateway audit (Y/N) - Yes
 Cloud Security Assessment(Y/N) - Yes
 Technical risk assessment(Y/N) - Yes
 Privacy assessment(Y/N) - Yes
 Physical Access Controls & Security testing - Yes
 Business Continuity Planning / Disaster Recovery Audit (Y/N) - Yes
Govt. : NIL
PSU : 2
Private : 20


Mobile-application Security audit : 24+
Application Threat Modeling : 2
Compliance audits (ISO 27001, PCI, SOC 2 etc.) : 8+
CISSPs : 1
BS7799 / ISO27001 LAs : 8
CISAs : 5
MTech (Information Security) : 1
M.Sc. (Information Security) : 2
CEH’s : 4
OSCP : 2
CISM : 1
CDPSE : 1
CRISC : 1
CHFI : 2
ECSA : 2
PCIDSS : 1
GDPR : 4
CSA : 3
S. No. Name of Duration with GRM Experience in Qualifications related to

Employee Technologies Information Information security
Security
1 Babu G 3 Years 15 Years CISA, CDPSE, ISO 27001:2013 LA,
BS 10012:2017(GDPR),OSCP,ISO
22301,COBIT,ITIL v3, CEH,
ECSA,CHFI,MCSE,CCNA,PCI-DSS
Implementation,.
2 Ramesh G 8 Years 11 Years M.Sc. in Information Security, ITIL
v3, CEH, CHFI, SANS Advanced
Network Forensics and Analysis,
SANS Advanced Security
Essentials Enterprise Defender,
GIAC Certified Pen tester, GCIH.
3 Ilanko S 3 Years 12 Years M.Tech in Information
Security, CISA,CISM, OSCP,
ECSA,ITIL v3,CCCSP from CDAC
4 Poobitha R 6 Years 12 Years CEH, ISO 27001:2013 LA.
5 Sujatha K 1 Year 20 Years CISA, CISSP, ISO 27001:2013 LA
6 Indira G 2.5 Years 2.5 Years CISA, CRISC, ISO 27001 LI and
ISO 27001 LI,Risk Management,
PCIDSS, BS 10012:2017(GDPR),
7 Ashok 3 Years 3 Years ISO 27001:2013 LA, CEH, BS
Kumar 10012:2017(GDPR), CSA, NSE-1,
NSE-2, NSE-3, CSCU.
8 Shanmukh 2.5 Years 2.5 Years ISO 27001:2013 LA, BS
Reddy 10012:2017(GDPR), CSA, NSE-1,
NSE-2, NSE-3, Advanced
Penetration testing with Linux,
CSCU.
9 Prasana 1.5 Years 1.5 Years ISO 27001:2013 LA, NSE-1, NSE-
Devi 2, NSE-3, CSCU.
10 Shahana 1.5 Years 1 Year M. Sc Information Security and
Shaji Digital Forensics, CSA, ISO
27001:2013 LA,NSE-1, NSE-2,
NSE-3, CSCU
11 Vinothini P 2 months 2 months NSE-1, NSE-2, NSE-3, Advanced
Penetration testing with Linux.
12 Umesh B 1 months 1 month -
13 AmbikaG 2 months 2 months -
14 Deebika S 2 months 2 months M.Sc. Software Systems
1. Leading Supply GRM Technologies have examined client’s
Chain Management Information Security Controls and Client services
Service Provider controls related system as of date and throughout
the period and the suitability of the design and
2. Leading Mobility operating effectiveness of client’s controls to
Project Value <80
Platform to support achieve the related control objectives.
Lakhs
retail execution,
direct store delivery Control areas covered are
and distribution
management in a 1. Design, Implementation and Operating
unified system Effectiveness ofISO 27001, PCI-DSS,
SSAE 18 SOC 2, GDPR
3. A world leader in 2. Quarterly Internal Audit
Conversational AI 3. Internal Vulnerability Assessment and
Penetration Testing
4. External Vulnerability Assessment and
Penetration Testing
5. Web Application Security Assessments
6. Mobile Application Security Assessments.
7. Secure code review.
8. Application Threat Modelling
9. Secure SDLC
10. Technical risk assessment
11. Configuration Review
12. Access Control Review
13. Firewall Rule Review
14. Secure Architecture Review Application and
Network
15. Information Security Awareness
16. Database and server configuration audit.
17. Periodic Publications of Security Emailers
18. Training Department heads on Information
security
19. Review of Information Security Policies and
Procedures
20. BCP / DR Simulation Exercise
21. Review of Secure Software Development
Life Cycle process
22. Data Privacy (GDPR)
23. External Audits
Freeware Commercial
1. Arachni 18. Tcpdump 1. Acunetix
2. OWASP ZAP 19. Fimap 2. Burpsuite Professional
3. Nmap 20. SwfScan 3. Nessus
4. Nikto 21. Hydra 4. Netsparker
5. Netcat 22. John the Ripper 5. Splunk
6. W3af 23. Ssltest 6. Nipper
7. Wapiti 24. Sslstrip 7. FortiSIEM
8. Sqlmap 25. Cain and Abel 8. SOAR D3
9. Zapproxy 26. Brutus 9. Cynet
10. Skipfish 27. Airmon -ng 10. Veracode
11. Backtrack , Kali 28. Hping
12. Openssl 29. Scapy
13. Dirbuster 30. wsfuzzer
14. Wireshark 31. Firefox Extensions
15. Loki 32. Cookie editor
16. Httprint 33. Winhex
17. Curl 34. Paros Proxy
10. Outsourcing of Project to External Information Security Auditors / Experts : -No

11. Whether organization has any Foreign Tie-Ups? If yes, give details : -No
12. Whether organization is a subsidiary of any foreign based organisation? : - No

13. Locations of Overseas Headquarters/Offices, if any: Yes/No -No
*Information as provided by GRM Technologies Private Limited on 29th December 2020.
Back
M/s ANB Solutions Private Limited
ANB Solutions Pvt. Ltd.

901, Kamla Executive Park, Off Andheri-Kurla Road,
J. B. Nagar, Andheri East, Mumbai 400 059
 Network security audit :Yes

 Web-application security audit :Yes
 Wireless security audit :Yes
 Compliance audits (ISO 27001, PCI, etc.) :Yes
 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) :Yes
 ICS/OT Audits :Yes
 Software Asset Management :Yes
 Vulnerability Assessment and Penetration Testing :Yes
 Application Audit Review :Yes
 Regulatory System Audits :Yes
 Cyber Security Review :Yes
 Cloud Security Audit :Yes
 Robotic Process Automation :Yes
 Forensic Audits :Yes
 Data Privacy Audits :Yes
 Data Migration Reviews :Yes
Govt. : 5
PSU : 1
Private : 130+


Compliance audits (ISO 27001, PCI, IT Act, UIDAI etc.) : 8+
Cyber Security Audit : 30
Information Security Audit : 68+
ICS/OT Audits:NIL
Cloud security Audits :1
CISSPs : 1
BS7799 / ISO27001 Las : 20
CISAs : 17
DISAs / ISAs :2
CEH :9
ISO22301 IA :9
Total Nos. of Technical Personnel : more than
30
7. Details of technical manpower deployed for information security audaits in Government and
Refer Annexure
Sr. Name of Employee Duration Experience in Qualifications

No. with ANB Information related to
1 NirmaVarma 16 years Yes • CISA
• CDPSE
• BS7799LA
2 PreetiRaut 11 years Yes • CISA
• CDPSE
• ISO 27001 LA
• ISO 22301 IA
• CISA
3 VasudhaSawant 13.7 years Yes • CDPSE
• ISO 22301 IA
• CISA
4 RashmiMaydeo 14.8 years Yes • CDPSE
• CISSP
• ISO 27001 LA
• ISO 22301 IA
5 Pradeep Patil 5 years Yes • CISA
• ISO 27001 LA
6 Vinit Shah 6 years Yes • CISA (Associate)
• DISA
• CISM
• CDPSE
• ISO 27001 LA
• CRISC
• ITIL v4_2212
• CISA (Associate)
7 Pranay Shah 6 years Yes • ISO 22301 IA
• ISO 27001 LA
8 Vaibhav Gandhi 2.5 Years Yes • CISA
• DISA
• ISO 27001 LA
· CEH
• CISA
9 Kunal Mehta 3 Years Yes • ISO 27001 LA
• CDPSE
10 Kapil Shah 2.2 Years Yes · CEH
• CDPSE
• ISO 27001
11 NehaChandak 2 Years Yes • ISO27001:2013
LA
12 Aditeekarnik 2 Years Yes • CISA
• ISO 22301:2012
• ISO 27001:2013
13 Amit Mittal 2.3 Years Yes • CISA
• ISO27001:2013
LA
• ISO22301:2012
LA
• CDPSE
14 PriyankaPurecha 2.5 Years Yes • CISA
• ISO 27001 LA
• CCNA
15 RemellaSuman 9 years Yes • ISO 27001:2013
LA
• ISO 22301 :
2012
16 SafinaShaikh 1.11 Years Yes • CISA
17 SampoornaNagamalli 15 years Yes • ISO27001:2013

LA
18 HarshadMahajan 9.1 years Yes • ISO 27001 LA
19 GauravPandey 6 years Yes • ISO27001:2013
LA
20 Rutulbagadia 6 Months Yes • CISA
· CEH
21 TusharMuralidharKajale 2 Years Yes
22 Halashankara k 1.3 Years Yes · CEH
· CEH
23 Sivarama Krishna Pampana 1.3 Years Yes
24 Nikita Parmar 10 Months Yes · CEH
25 PradeepPatil 5 Years Yes • CISA
• ISO/IEC
26 Swastika R. Dalvi 6 Years Yes 27001:2005
• ISO 22301:2012
BCMS
27 Pooja Vijay Goshimath 2 years Yes · ISO 27001:2013
· ISO 22301:2012
28 SwapnilBhide Yes · CEH
29 RiteshChandraprakashAsthana Yes · CEH
· ISO 27001 LA
30 Ashish Gupta 3.4 Years Yes
• CDPSE
· CISA
· CISA
31 Dunger Singh Rajpurohit 3.4 Years Yes · ECSA v10
32 TejasNimavat 2 year Yes

33 SreekanthAbburi 1.5 Years Yes · CEH
· ECSA
• CCNA
1. For one of the largest private banks in India conducted:

 Vulnerability assessments for more than 1000 system (operating systems,
databases, network devices)
 Internal assessment for more than 20 web banking applications
 Hardening review of more than 5000 systems (operating systems, databases,
network devices)
 PROJECT VALUE: RS. 1 CRORE
2. For one of the government owned information technology company in India
conducted:
 NMS (Network Management System) Audit
 Inventory Audit
 SLA Monitoring Audit
 Security Audit of various networks.
 Vulnerability assessment & penetration testing on the identified components
 Reviewing configuration of network components such as router, firewall, IDS,
proxy server, NMS, HDMS etc.
 Physical and Environmental verification.
 Operations and Management Process and Control Audit
3. For a department of government of South Africa performed:

 Establishing IS Policy & Procedures
 Review and Establishing Cyber Security Framework
 Vulnerability Assessment and Penetration Testing
 Detailed Security Configuration Review of entire IT Infrastructure
4. For one of the renowned commodity exchange in India performed:

 Application Security Audit for 5 applications
 IT General Control and Datacenter operations Audit
 Vulnerability assessment of 200+ system and Penetration Testing for 12 websites
 Business Continuity and Disaster Recovery Review
5. For some of the largest telecom companies in India conducted:

 Core Telecom Network and IT security for datacenter and applications
 Compliance to IT Act
SN Type of Tool Tool Name
1 Freeware  Nmap
 Snmp Walk
 Metasploit
 Cookie Editor
 Echo Mirage
 Winhex
 Kali Linux Framework
 Wireshark
 APK Analyser
 SQLMAP
 Dirbuster
 OWASPZAP
 W3AF
 MobSF
2 Commercial  Nessus Professional
 ARSIM
 Lansweeper - License Compliance Auditing Software
3 Proprietary  Scripts for Oracle, Linux, AIX, Solaris, Windows

*Information as provided by ANB Solutions Pvt. Ltd. on 28th June 2021
Back
M/s BDO India LLP
BDO India LLP

Mumbai, National Capital Region (NCR),
Bengaluru, Chennai, Hyderabad, Kolkata, Pune

 Cyber Forensics : Yes
 Mobile security audit : Yes
 Secure SDLC review : Yes
 Secure Code review : Yes
 Vulnerability Assessment and Penetration Testing (VAPT) : Yes
 Business Continuity Planning / Disaster Recovery Audit : Yes
 Cloud security and application audits : Yes
 Social Engineering Assessment / Phishing Simulation : Yes
 Operational Technology (OT) [SCADA] Audits : Yes
 IT General controls and Application controls audit : Yes
 Govt. : 15+
 PSU : 10+
 Private : 50+
 Total Nos. of Information Security Audits done : 75+


 IT General controls and Application controls audit : 14
 Mobile security audit : 15
 Secure SDLC review : 03
 Secure Code review : 05
 Vulnerability Assessment and Penetration Testing (VAPT) : 30
 Business Continuity Planning / Disaster Recovery Audit : 04
 Cloud security and application audits : 08
 Red Teaming : 05
 Social Engineering Assessment / Phishing Simulation : 04
 Operational Technology (OT) [SCADA] Audits : 02
 Cyber Forensics : 07
 CISSPs : 2
 BS7799 / ISO27001 LAs : 22
 CISAs : 4
 DISAs / ISAs : 3
 Any other information security qualification:
o OSCP : 5
o CEH : 12
o CBCP : 1
o CHFI : 1
o CISEH : 4
o CPTE : 3
o CIPT : 1
o CCNA : 4
o CCNP : 2
o CCIE : 1
o CISC : 1
o ITIL : 2
o OSWP : 1
o ECES : 1
o SLAE : 1
o ECSA : 2
 Total Nos. of Technical Personnel : 32
Experience
Duration
S. in Qualifications related to
Name of Employee with BDO
No. Information Information security
India LLP
Security
1. Mubin Shaikh 1 year 20 years CISA, CISSP, CBCP, ITIL
2. Saumil Shah 2 year 20 years CA, CISA
ISO 27001: 2019 LA, ISO

3. Virendra Singhi 1 year 5 years
31000:2018
OSCP, OSWP, CEH, ECES,

4. Nipun Jaswal 1 year 10 years
ITIL, SLAE
ISO 27001:2013 LA, ISO
9001:2015 LA, ISO
5. Saurabh Mehendale 2 years 9 years
27701:2019, CISA, CEH,
CHFI,
6. Nivesh Singh 1year 4 years ISO 27001:2013 LA, OSCP
7. Vibhav Dudeja 7 months 3.5 years OSCP
8. Nikhil Joshi 1 year 8 years CCNA, CCNP
ISO 27001:2013 LA, CEH,

9. Abhijeet Barve 2 years 7 Years
CCNA
10. Rohit Date 9 months 2 years OSCP
11. Salman Syed 1 year 1 year OSCP, CEH

Experience
Duration
Name of Employee with BDO
No. Information Information security
India LLP
Security
12. Prashant Kate 1 year 16 years CEH, ECSA, CHFI & ITIL
CCNA, CCNP, MCSA, ISO

13. Surajit Pal 3 months 14 years
27001, AWS Cloud Architect
14. KarthikeyanChandrasekar 1.5 Years 7 Years ISO 27001:2013 LA, C-Star
ITIL, ISO 20000 & ISO 27001

15. Kalpesh Mehta 2 Years 11 Years
LA
16. Anurag Kumar 9 months 5 Years ISO 27001 LA
1. Engagement Details - Cyber Security Advisory services for the IT Software&

Services Multi-national Company. Our engagement covered following various
activities:
1. Gap Assessment
2. IT Governance Audit
3. ISO 27001: 2013 Implementation
4. External IPs Penetration Testing
5. Web Application Security Testing
6. Source Code Review
7. Configuration assessment
8. Architecture Review
9. Firewall Ruleset review
10. Deep Web & Dark Web Scanning
11. Red Teaming Exercise
12. SDLC Process & Procedure
13. Incident Management Table-Top Exercise
2. Engagement Value: Confidential
NessusProfessional Airmon-ng CainandAbel Havij Zapproxy JohntheRipper

BurpSuite Arachni CSRFTester HOIC Paros KaliLinux
Splunk Backtrack Curl Hping W3af Loki
Metasploit Brutus Dirbuster Httprint Wapiti ProxyTool
Netcat OpenVas Fimap Hydra Sslstrip THCSSL
Wireshark Nikto Scapy SwfScan Ssltest Sqlmap
wsfuzzer Nmap Skipfish Tcpdump OWASPZAP Openssl


*Information as provided by BDO INDIA LLPon 8th April 2021.
Back
M/s Ernst & Young LLP
Ernst & Young LLP

Address: Golf View Corporate Tower B,
Sector 42, Sector Road Gurgaon, Haryana, India

 Compliance audits (ISO 27001, PCI, etc.) : Y
 Mobile Application Security audit : Y
 Secure configuration audit (Server, Firewall, etc.) : Y
 Source Code Review : Y
 ICS/SCADA Assessment : Y
 OT Assessment : Y
 Assessments against Cyber Security Audit Baseline Requirements : Y
 Internet Technology Security Testing : Y
 Physical Access Controls & Security Testing : Y
 Communications Security Testing : Y
 Security Operations Centre (SOC) Implementation : Y
 Managed Security Services : Y
 Assistance with Cyber Crime Advisory : Y
 Cloud Security : Y
 Security Architecture Consulting : Y
 Managed End Point Detection and Response (EDR) : Y
 Security Orchestration and Automation Response (SOAR) : Y
Govt. : 30+
PSU : 20+
Private : 100+

Ernst & Young LLP is a Limited Liability Partnership with LLP identity No. AAB-4343
A member firm of Ernst & Young Global Limited Regd Office: 22 Camac Street, 3rd
Floor, Block 'C', Kolkata - 700 016, India
 Network security audit : 50+
 Web-application security audit : 50+
 Wireless security audit : 20+
 Compliance audits (ISO 27001, PCI, etc.) : 20+
 Mobile Application Security audit : 20+
 Secure configuration audit (Server, Firewall, etc.) : 10+
 Source Code Review : 10+
 ICS/SCADA Assessment : 10+
 Assessments against Cyber Security Audit Baseline Requirements : 10+
 Internet Technology Security Testing : 5+
 Physical Access Controls & Security Testing : 5+
CISSPs : 5+
BS7799 / ISO27001 LAs : 50+
CISAs : 10+
DISAs / ISAs : NA
(OSCP, CEH, CISM, DCPP,SANS, OSWP etc.)

Ernst &Young Information
LLP Security
1 Burgess S Cooper 5+ 20+ CISA, CISM, CGEIT, CIPP,
CISSP
2 Vidur Gupta 6+ 19+ CRISC, CISM, CISA,
Certificate of Business
Continuity Institute (CBCI),
DSCI Certified Privacy Lead
Assessor (DCPLA)
3 Kartik Shinde 10+ 20+ CEH,CISSP, GCFW- SANS
Institute
4 Rajesh Kumar D 14+ 20+ CRTP (Pentester Academy)
5 10+ 14+ CISA, ISO 27001 LA,
Navin Kaul
BS25999, CEH, SABSA,
TOGAF 9.0
6 6+ 10+ CISA, ISO 27001 LA,
Dhairya Giri
ISO2000O LI, CIPR, ISO
9000
7 2+ 15+ CPenT, LPT Masters,
Vadivelan Sankar CEH Masters, CHFI,
ECSA, CTIA, ECIH,
CASE, CND,
Rapid7 Certified Nexpose
Administrator,
Certified Secure
Programmer (.net &
Java) , ISO
27001:2013
Lead Auditor,
8 6+ 10+ OSCP, OSWP ,CEH
RHCE (Red Hat
Girish Nemade Certified Engineer ),
OCA (Oracle Certified
Associate)
ISO 27001 Certified
9 2+ 7+ CEH, CCSE, Security

and Privacy by Design
Arvind Singh Practitioner,
Enterprise Design
Thinking Practitioner,
IBM QRadar SIEM
Foundations
10 Rahul Singh 3+ 6+ CISE, ECSA, ISO
27001 Lead
Auditor
11 Raghav Bisht 3+ 7+ CEH, ECSA, ITIL,

CASP+, COBIT5,
CPTE, CPTC
12 GIAC – Global
Industrial Cyber
Sidharth Sharma 6+ 10+ (GICSP)
ISA/IEC 62443
–
Cybersecurity
Fundamentals
Specialist (CFS)
ISA/IEC 62443
–
Cybersecurity Risk
Assessment Specialist
(CRS)
13 GIAC – Global
Industrial Cyber
Aditya Dev Sharma 5+ 5+ (GICSP)
ISA/IEC 62443
–
Cybersecurity
Fundamentals
Specialist (CFS)
ISA/IEC 62443
–
Cybersecurity Risk
Assessment Specialist
(CRS)
14 GIAC – Global
Ayush Gupta 1 10+ Industrial Cyber
Security
Professional (GICSP)
15 Nalayini G 5+ 5+ GIAC – Global
Industrial Cyber
(GICSP)
16 King Prakatheesh 5+ 5+ GIAC – Global
Industrial Cyber
(GICSP)
17 ISA/IEC 62443
Nikhil Joshi 5+ 5+ –
Cybersecurity
Fundamentals
Specialist (CFS)
The client is managing the indirect taxation platform for GST to help taxpayers in India. EY
is service provider for Business/ IT controls Assessment and Governance, Risk, Compliance
(GRC) for the IT Ecosystem.
Project Value : INR10 Cr+
Commercial
 Acunetix,
 Burp,
 Nessus
 AppScan
 IP 360
 Checkmarks
Open source/Freeware tools
 BackTrack,
 Kali Linux,
 SQLMap,
 nmap
 Wireshark

11. Whether organization has any Foreign Tie-Ups? If yes, give details : NA
Ernst & Young LLP is separate entity registered in India with Registrar of Companies under
Ministry of CorporateAffairs. EY’s Global Headquarter is in London.
Address
25 Churchill Place
Canary Wharf
E14 5EY London
Address
25 Churchill Place
Canary Wharf
E14 5EY London
*Information as provided by Ernst & Young LLP on 24th Dec 2021

Back
M/s Kochar Consultants Private Limited
Kochar Consultants Private Limited - Mumbai

 IT General Controls Review (Y/N) : Yes
 Cyber Security Audit (Y/N) : Yes
 Vulnerability Assessment/Penetration Testing (Y/N) : Yes
Govt. : Nil
PSU : 1
Private : 40+


IT General Controls Review : 40+
Process Reviews : 1
Regulatory Compliance Audits - Exchange Members : 25+
(Annual Compliance System Audit, etc. )
Cyber Security Audits : 15+
Audit of Wallet Companies as per RBI guidelines : 2
EKYC Audits as per UIDAI Guidelines : 2
CISSPs : Nil
BS7799 / ISO27001 LAs : 5
CISAs : 10
DISAs / ISAs : 2
S. Name of Employee Duration with Experience Qualifications related

No. Kochar in to Information
Consultants Information security
Security
1. Pranay Kochar Jul-06 10 CISA, DISA
2. Sona Shah Jul-06 8 DISA
3. Mithun Lomate Mar-10 6 CISA, COBIT Assessor
4. Vidya Kamath Feb-16 12 CISA, ISO 27001 LA
5. Pankaj Dhiman May-16 4 CISA
6. CISA, CISM, ISO 27001
Kamlesh Kale Jul-16 6
LA
7. Arvind Vira CISA, CISM, ITIL V3F,
Dec-17 6
ISO 27001 LA, CCNA
8. Sumil Bavad Feb-19 1 CISA
9. Latika Shetty Mar-19 2 CISA
10. Kishore Gaikwad Nov-19 1 ISO 27001 LA
11. Fernando de Navarro
Nov-19 8 CISA, ISO 27001 LA
Menezes
12. Prachi Jadhav June-20 3 CEH
13. Tanmay Surepally Nov-20 1 CISA
14. Dhaval Ashar Jan-21 2 CISA, CIA
Client: Leading Commodity Exchange
Scope of Work:
Sr. Activities
Reviewing and carry out necessary changes of Standard Operating Procedure (SOP) for all the
1.
departments of the organization as per latest ISO 27001:2013 standards for its improvement.
Review and carry out necessary changes of Information Security Policies / procedures / Plans /
2.
Risk Management report / Guidelines etc. and its implementation.
Carry out Internal audit for each department and effectiveness of controls implemented based
3.
on scope defined on ISO 27001:2013 standards
4. Review implementation of Cyber security policy and implementation of SEBI guidelines
5. Vulnerability Assessment and Penetration Testing (VA & PT).
Reviewing and updating BCP, DRP for new changes, if any and Provide BCM training to all
6.
employees.
Meeting each department for review of BIA and carry out changes in BIA as per the
7.
requirement.
Carry out Internal audit for each department and effectiveness of controls implemented as per
8. TOR of SEBI circular CIR/CDMRD/DEICE/01/2015 dated November 16, 2015, excluding VA &
PT.
Review of observations reported during audit reports (ISO 27001:2013 and Annual System
9.
Audit), and actions taken for the recommendation, if any and submit closure report.
Presentation of audit findings with recommendations to the Management along with its
10.
compliance status.
Locations: Mumbai, Project Value: 15 lakhs.
 Commercial Tools
o Nessus – Vulnerability Scanner
o Burp Suite, Acunetix - Web application auditing
o Passware: Password Cracking
 Freeware Tools
o Nmap, Superscan and Fport - Port Scanners
o Metasploit framework, Netcat, BeEF , Cain & able, Hydra, John the ripper - Penetration
o Process explorer, Sigcheck - Windows Kernel & malware detection
o Netstumbler , Aircrack-ng suite & Kismet – WLAN Auditing
o OpenVas, W3af, Nikto - Vulnerability scanner
o Wireshark – Packet Analyser
o SQL Map
o Kali Linux and all tools inbuilt into it.


*Information as provided by < Kochar Consultants Private Limited - Mumbai> on

<06/04/2021>
Back
M/s Suma Soft Private Limited
Suma Soft Private Limited

Suma Center, 2nd Floor,
OppositeHimali Society, Erandawane,
Pune, Maharashtra – 411 004.
Tel: +91.20.40130700, +91.20.40130400
Fax: +91.20.25438108
Email: infosec@sumasoft.net
 Cyber Security Audits : Yes

 Information Security Assessments : Yes
 Web Application Security Testing : Yes
 API Security Testing : Yes
 Vulnerability Assessment/Penetration Testing of IT Infrastructure : Yes
 Network Security Audits : Yes
 Wireless Security Testing : Yes
 Compliance Audits (ISO 27001, PCI, BCMS etc) : Yes
 Software License Compliance Audits : Yes
 Compliance - IT Audits
(Based on guidelines issued by RBI, IRDA, SEBI, Stock Exchanges) : Yes
 Digital Forensic Investigations : Yes
 Secure Source Code Analysis as a Service : Yes
 Security Monitoring as a Service : Yes
 Third Party Security Assessments / Information Security Due Diligence : Yes
 Cloud Security &Compliance Assessment : Yes
 Digital Risk / Dark Web Assessment : Yes
 Breach & Attack Simulation as a Service : Yes
Govt. : 0
PSU : 0
Private : 24

Network Security Audit : 04

Web Application Security Testing : 17
Android Mobile Application Security Testing : 11
iOS Mobile Application Security Testing : 06
Digital Forensic Investigation : 01
IRDA Compliance audits : 01
Cloud Security Compliance Assessments : 09
Secure Source Code Reviews : 01
CISSPs :-
BS7799 / ISO27001 Las : 3
CISAs : 4
DISAs / ISAs : 1
CEH : 9
CEH, ECSA : 2
OSCP : 2
OSWP : 1
CCSE, CCI, ACE, ITIL, RHCE, CCNP, CCNA,MCP

No. Suma Soft (in Information Security to Information
yrs) security
01 Surendra Brahme 21 21 FCA, CISA, DISA
02 C. Manivannan 21 21 CISA
CISA, ISO27001 LA,
Milind
03 8.5 19 CDPSE, ACE, CCNA,
Dharmadhikari
CSQP
CISA, ISO27001 LA,
04 Anil Waychal 21 17 ITIL, RHCE, Sun
Solaris
05 Narendra Bhati 7 8.6 OSCP, OSWP, CEH
OSCP, CEH, ECSA,
IBM Certified
06 SumitIngole 7 8
Specialist - Rational
AppScan
CEH, ECSA, CCNA,
07 Suraj Waghmare 1.10 5
ISO27001 LA
08 AmeyNaniwadekar 4.2 5 CEH, MCP
Rajnikant CEH, CCNA, CCNP,
09 3.6 4.5
Bhandare ACSE
Omprakash
10 2.3 2.3 CEH
Deshmukh
11 SanketKaware 0.6 1.8 -
12 Kapil Gurav 1 2 -
13 Nakul Ronghe 0.3 1.5 CEH
14 Tushar Shinde 0.6 3.6 CEH
15 SaeelRelekar 0.1 1.2 CEH
16 Yogesh Date 2.6 0.6 -
 Client: PSU organization from Financial Services industry involved in Primary

market
Type of Audit: Network Security Audit

Scope of Work: The scope of our audit included review of following areas –
 DC Infrastructure & Network Audit,

 LAN Infrastructure
 Vulnerability Assessment of 280+ internal IP addresses including
routers, switches, firewalls, servers etc.
 Penetration Testing of 55+ public facing IP addresses
 Conduct Vulnerability Assessment and Penetration Testing
 Finalization of report and submission of the same to the client
management.
IT Environment: 350+ IP address
 Client: Co-operative Bank
Type of Audit: Security Audit of Network, Web application, Mobile Application

and NPCI Agent Audit
 DC Infrastructure & Network Audit
 DR Site Audit
 Intranet Applications Audit
 Banking Agent Audit
 Vulnerability Assessment / Penetration Test and Desktop Security
Scanning
 Android Mobile Application Security Audit
 Client Location Site Security Audit (LAN)
 Client: Provider ofEnterprise Human Capital Management (HCM) SaaS

platform
Type of Audit: Security Audit of Network, Web application, Mobile Application, Secure
Source Code Review, Cloud Security Testing
 Conduct Vulnerability Assessment and Penetration Testing on Web
Application
 Conduct Vulnerability Assessment and Penetration Testing on Android
Mobile Application
 Conduct Vulnerability Assessment and Penetration Testing on Network
Infrastructure.
 Test vulnerabilities in web sites and applications to ensure that all the false
positives and inaccuracies are removed.
 Analyze and execute advanced testing techniques against all verified
vulnerabilities to penetrate through the web-based application.
 Perform re-testing after receiving confirmation from the developers on
fixing of issues
management
 Conduct Vulnerability Assessment on Azure Cloud VM’s
 Conduct Secure Source Code Review and Remove false positive from
results
fixing of issues
IT Environment: 1 Web Application (40+ Modules), Android & iOS Applications,300+ IT

assets, 150+ Cloud Assets in Microsoft Azure
 Client: Private Organization in end-to-end Logistic Solution
Type of Audit: Security Audit of Web & Mobile Applications, APIs and AWS hosted IT
Infrastructure
 Conduct Vulnerability Assessment and Penetration Testing on Web
Application
 Conduct Vulnerability Assessment and Penetration Testing on Android
Mobile Application
 Conduct Vulnerability Assessment and Penetration Testing on Network
Infrastructure.
 Tests vulnerabilities in web sites and applications to ensure that all the
false positives and inaccuracies are removed.
 Analyze and execute advanced testing techniques against all verified
vulnerabilities in order to penetrate through the web-based application.
fixing of issues
management
IT Environment: 5 Web Applications, 3 Mobile Apps, 150+ APIs, 100+ virtual hosts in AWS

Commercial

 Nessus
 Qualys
 NamicSoft
 Checkmarx
Freeware
 Kali Linux
 Metasploit
 Sqlmap
No. We do not outsource our engagements to external consultants. However, we engage

known external consultants / experts in the field of information Security to work alongside our
team based on specific skills required for the engagement. Project Management and delivery
of the engagement is done by Suma Soft.
For this purpose, we use Confidentiality and Non-Disclosure Agreements before engaging the
consultants for assignments with defined scope of work and with clear knowledge of the client.
Also, the consultants need to adhere to IT Security and other Policies of Suma Soft and also of
the client during the course of the engagement.
Suma Soft has partnered with some niche cyber security companies from the USA and Israel
to become their channel partner India.

*Information as provided by Suma Soft Pvt. Ltd on 7th April 2021
Back
M/s AGC Networks Limited
Name: AGC Networks Limited

Location: Essar House, 11, K. K. Marg, Mahalaxmi,
Mumbai-400034, Maharashtra, India

<2017>
 Network Security Audit : (Y)

 Web-Application Security Audit : (Y)
 Wireless Security Audit : (Y)
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : (Y)
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : (Y)
 ICS/OT Audits : (Y)
 Cloud security Audits : (Y)
 Secure Code Audit : (Y)
 Network Architecture Review : (Y)
 Secure Design Audit : (Y)
 IOT Security Audit : (Y)
 Red Team Audit : (Y)
 Mobile Application Security Audit : (Y)
 Real time Security Assessment : (Y)
Govt. : 1
PSU : NA
Private : 10

Network Security Audit : 5

Network Infrastructure Audit : 2
CISSPs : 1
BS7799 / ISO27001 LAs : 4
CISAs : 3,
DISAs / ISAs : NA
Any other information security
qualification:CEH(8),ECIH(3),CHFI(1),CISM(2)
Sr. Name of Duration with Experience in Qualifications related

No. Employee <AGC Information Security to Information security
Networks
Ltd>
1 Anant Bhat 3.3 Years 10.3 years (Total CISSP, CISA, CISM,
Exp 18+) CEH v10, IBM
QRADAR SIEM, Azure
Cloud Certified
Foundation (AZ-900),
CCNA.
2 Sachin Ratnakar 11.6 Years 16.4 Years (Total CISA,ISO Lead Auditor
Exp 25+)
3 Kris Coutinho 9.7 Years 11.7 years(Total Exp CISA,CISM,ISO Lead
12+) Auditor
4 Darshan 1.1 Years 4 Years CEH
Sagwekar
5 Satya Narayan 5.10 Years 11 Years CEH, ECIH,CCNA,AZ-
Yadav 900,IBM QRadar
certified,McAfee SIEM
certified,TrendMicro
XDR Certified, Sophos
edr certified, Splunk
fundamentals certified
6 Deepak Joshi 3.7 Years 3.7 Years CEH, ECIH, McAfee
SIEM Certified, Sophos
EDR Certified, Splunk
Fundamentals
Certified
7 Akash Shinde 1.7 year 2.10 years CEH
8 Saim Tanki 1.7 year 1.7 years IBM-Cyber Threat
intelligence, IBM-
Penetration Testing,
Incident Response and
Forensics, Cisco Cyber
Security Essential.
9 Anuj Worlikar 1.7 year 1.7 year CEH
10 Rohan Chache 8 months 8 months CEH, CCNA
11 Appasaheb Patil 2 months 2 months CEH
12 Chandrasekhar 2.7 years 2.7 years Splunk fundamentals
Kommu certified,Trend Micro
Apex Central for
Administrators,Azure
Az-900,Palo alto
Cortex XSOAR IT
Admin
13 Gayatri Jadhav 2.3 Years 4.3 Years ISO Lead Auditor
14 Nishigandha 2 Months 4 ISO Lead Auditor
Jagtap
Company: One of the largest Manufacturing Company in India.
Scope/ Volume/ Locations/ Complexity
 Infrastructure security review (LAN/WAN) of 4+major locations

 Entire Security Architecture and Posture Review.
 Server Security review. (Physical & Virtual)
 Configuration audit (Core Network devices and Security Device)
 Vulnerability Assessment of Network devices
 Suggestions for improvement and future roadmap.
 Real Time Analysis and Audit
 Penetration testing of key applications
9. List of Information Security Audit Tools used (Commercial/ freeware/proprietary): QUALYS,

NESSUS, WIRESHARK, IBM APP SCAN, KALI LINUX, OWASP ZAP, SANTOKU OS, BURP SUITE
Pro etc.


A. AUSTRALIA: -
1. MELBOURNE (Suite 2, Level 3 West Tower,608 St Kilda Rd,Melbourne, Victoria, 3004)

2. SYDNEY (Level 8, Avaya House,123 Epping Rd,North Ryde, NSW, 2113)
B. PHILIPPINES: -
1. AGC Networks Philippines, Inc., An Essar Enterprise 4th Floor, Jaka Building, 6780 Ayala
Avenue, Makati City – 1226)
C.SAUDI ARABIA: -
1. Building no.113, Al Narjes Complex, Abu Bakr Road, Riyadh, KSA
D. KENYA: -
1. The Oval, 2nd Floor, Westlands | Nairobi | Kenya
E. NEW ZEALAND: -
1. Floor 17, 120 Albert Street, Auckland Central, Auckland 1010, New Zealand
F.UAE: -
1. DUBAI (Emaar Business Park, Building No. 4, Office # 508, PO Box 58569, Sheikh Zayed
Road, Dubai, United Arab Emirates)
2. ABU DHABI (AGC Networks L.L.C. Al Nayadi Building 115, Office No. 701 Sheikh Rashid
Bin Saeed Street (Airport Road) Abu Dhabi, United Arab Emirates)
G.USA: -
1. DALLAS (222 W Las Colinas Blvd, Suite 200 North Tower, Irving, Texas, 75039, Texas,
USA)
2. FLORIDA (7970 Bayberry Rd, Suite 5, Jacksonville, Florida 32256)
3. MINNESOTA (10050 Crosstown Circle, Suite 600 Eden Prairie, MN 55344)
4. MINNESOTA (9155 Cottonwood Lane N Maple Grove, MN 55369)
H. SINGAPORE
1. AGC Networks Pte Limited 50 Raffles Place, # 32-01 Singapore Land Tower Singapore
048623.
*Information as provided by <AGC Networks Limited> on July 1,2021
Back
M/s Cyber Security Works Pvt. Ltd.
Registered Office: Cyber Security Works Pvt. Ltd

No.3, III – Floor, E- Block, 599, Anna Salai ,Chennai – 600 006.
Corporate Office: Cyber Security Works Pvt. Ltd

No.6, 3rdFloor, A- Block, IITM Research Park
Taramani , Chennai – 600 113
Network Vulnerability Assessment / Audit Yes

Web-application security Assessment / Audit (Y/N) Yes
Wireless security audit (Y/N) Yes
Compliance audits (ISO 27001, PCI, etc.) (Y/N) Yes
SDLC Review and Code Security Review Yes
Application Penetration Testing Yes
Network Penetration Testing Yes
Information Security policy review, development and assessment Yes
Mobile Application Security Assessment and Penetration Testing Yes
Data Mining for Vulnerable Patterns from Complex and Large-Scale Networks Yes
Ransomware Assessments Yes
Red Team Assessments Yes
IoT Security Assessments Yes
SCADA and Critical Infrastructure Assessments Yes
Social Engineering Assessments Yes
Cloud and Virtual Security Assessment Yes
Electronic Discovery and Digital Forensics Yes
Malware Synthesis and Analytics Yes
Incident Response Yes
AUA/KUA Compliance audit Yes
e-Sign Compliance audit Yes
Govt.: 11
PSU : 5
Private : 344


Web-application& Mobile Applications security audit: 287
CISSPs : 1
BS7799 / ISO27001 LAs : 4
CISAs : 2
DISAs / ISAs : 0
Any other information security qualification: 15
Total Nos. of Technical Personnel :

No. CSW Information Security Information security
1 Ravi Pandey 9.7 Years 10.8 Years ISO 27K LA, ISO 27K
LI PCI-QSA, PCI-ASV
Certified
2 Sridhar 11.11 Years 29.10 Years CISA, CISSP, ISO 27K
Krishnamurthi LA
3 Gunnam Ramesh 8.10 Years 8.10 Years ISO 27K LA, PCI-ASV
Certified
4 Arjun Basnet 7.3 Years 7.3 Years PCI-ASV Certified
5 Ravichandran R 2.6 Years 18.8 Years CISA, CFE, CEH,
CCISO, CPISI, ECSA,
ISO LA
6 Sathish Kumar 7 Years 7 Years
7 Bonthala Satya 5.8Years 5.8 Years CompTIA Pentest+
Suvarna
8 DereddyMaheswari 5.8Years 5.8Years
9 Rakesh Kumar M 3.11 Years 3.11 Years
10 Dilip Raja Peddu 2.3 Years 2.3 Years
11 Raj Kumar Shah 2.8 Years 3.4 Years
12 Lourdhu Raj 2.8 Years 2.8 Years
Periyanayagam
13 Raj Kumar T M 2.8 Years 2.8 Years
14 Vasantha Kumar T 2.1 Year 3.4 Years CHFI, CIE, ECSA
15 Mohamed Yasir 1.9 Year 1.9 Year
Hashim
16 Shiva Rohit 1.6 years 1.6 years
Guntuku
17 Maria Daniel Raj I 0.11 year 0.11 years
 Vulnerability assessment and Penetration testing of network infrastructure and web

applications for a large Financial Services Company with offices across 68 Locations in
India. (We cannot declare the name of organization as we have NDA singed with
them)
 Complexity: Project involved of Network Security Assessment, Internal and External

Vulnerability Assessment and Penetration Testing, Security Configuration Review,
Application Penetration Testing, Mobile Application Security Assessment.
Commercial Tools
 Acunetix
 Nessus
 Nexpose
 Burp Suite Pro
 Qualys
Proprietary
 Securin ASM- SaaS based attack surface management platform.
 VapSploit - Data mining tool for network infrastructure security assessment.
 WebSploit - Data mining tool for web infrastructure security assessment.
Freeware Tools:
 Nmap
 Netcat
 Snmp Walk
 Metasploit
 Kali Linux
 Paros
 Burp Suite
 Brutus
 Nikto
 Firewalk
 Dsniff
 SQL Map
 John the ripper
 Paros
 Wikto
 Ethereal
 Netcat
 Openvas
 W3af
 OWASP Mantra
 Wireshark
 Ettercap
 Aircrack – Ng
 Cain & Abel
 Ironwasp
 OWASP Xenotix
 Fiddler
 Tamperdata
 Social Engineering Toolkit
10. Outsourcing of Project to External Information Security Auditors / Experts : No ( If yes,

Yes, we have partners for providing information security services in the respective
countries.
I. Partner with ICE Information Technology to provide Information Security Services in UAE
ICE Information Technology
P.O. Box: 120661, Dubai, UAE
P.O Box: 31078, Abu Dhabi, UAE
II. Partner with RiskSense Inc. to provide Information Security Services in USA
RiskSense Inc
4200 Osuna Road NE, Suite 3-300
Albuquerque, NM 87109, USA


*Information as provided by Cyber Security Works Pvt Ltd on 16th April 2021
Back
M/s Deccan Infotech (P) Ltd.
Name- Deccan Infotech (P) ltd

Address-13J, Jakkasandra Block 7TH Cross,
Koramangala, Bangalore-560034
2. Carrying out Information Security Audits since : < 1996>
 Network security audit (Y/N) < YES>

 Web-application security audit (Y/N) < YES>
 Wireless security audit (Y/N) < YES>
 Compliance audits (ISO 27001, PCI, etc.) (Y/N) < YES>
 Mobile Security Audits < YES>
 Regulatory Audits < YES>
Govt. : <number of> 15

PSU : <number of> 00
Private : <number of> 60

Network security audit: <number of> 19

Web-application security audit: <number of> 50
Wireless security audit:<number of> 02
Compliance audits (ISO 27001, PCI, etc.):<number of> 04
CISSPs : <number of> 01

BS7799 / ISO27001 LAs : <number of> 06
CISAs : <number of> 02
DISAs / ISAs : <number of> 00
Any other information security qualification:<number of> 03

No. Employee <Deccan Information Security to Information security
Infotech (P)
ltd>
1. Mr. Dilip 06/05/1996 24 yrs C|CISO, CRISC, CISM,
Hariharan CISA, CEH, CHFI, CFE,
CCNA, ISO 27001
Lead Auditor &
Implementer, ISO
9001:2008 LEAD
AUDITOR, BS 15000
IMPLEMENTER, SANS
certified in hacker
techniques, exploits &
incident handling
2. Arjun Bhaskaran 08/11/2017 18 yrs ISO 27001:2013
Management System
3. Mr. Amit Gupta 01/09/2017 25 yrs ISO 27001:2013
Management System
4. Mr. Rajesh Kumar 02/02/2018 3.2 yrs ISO 27001:2013
M Information Security
Management System
5. Mr. Gautam D. 07/02/2019 2 Yr ISO 27001:2013
Hariharan Information Security
Management System
 Web applications Security audit for more than 100 sites of A government organisation with
different databases and web development technologies amounting to approximately 30 Lakhs.
1. Burp Suite
2. NMAP
3. Netsparker
4. John The Ripper
5. NetCat
6. PW DUMP
7. Wireshark
8. OWASP ZAP
9. KALI Linux
10. Nessus
11. TCP Dump
12. Nexpose – Commercial tool
13. Brutus
14. Metasploit - Commercial
15. Mozilla Tools for web app audits
16. Fiddler
17. Dir buster
18. Nipper
19. Nikto
20. W3AF
21. Android tamer / Drozer / Geny motion
22. Immuniweb Mobile scanner
23. Mobile Security framework



*Information as provided by <Deccan Infotech (P) ltd > on <15-April-2021>
Back
M/s SISA Information Security Private Limited
SISA INFORMATION SECURITY PRIVATE LIMITED

No. 79, Road Number 9, KIADB IT PARK,
Arebinnamangala Village, JalaHobli Bengaluru, Karnataka India - 562149
 Network security audit : (Y)

 Web-application security audit : (Y)
 Wireless security audit : (Y)
 Compliance audits (ISO 27001, PCI, etc.) : (Y)
 Forensics Investigation & Analysis : (Y)
 Red Team Assessment : (Y)
 Web Application Penetration Testing : (Y)
 Mobile Application Penetration Testing : (Y)
 Network Penetration Testing : (Y)
 Network Vulnerability Assessment : (Y)
 Web Application Automated Vulnerability Assessment : (Y)
 WAP Application Penetration Testing : (Y)
 Thick Client Penetration Testing : (Y)
 Firewall Configuration Review : (Y)
 Wireless Penetration Testing : (Y)
 Server Configuration Review : (Y)
 Database Configuration Review : (Y)
 Source Code Review : (Y)
 Email Configuration Review : (Y)
 Network Architecture Review : (Y)
 Process and Policy Review : (Y)
 Incident Response : (Y)
 Spear Phishing Activity : (Y)
 Data Leakage Gap Analysis : (Y)
 Application Malware Scan : (Y)
 Network Malware Scan : (Y)
 Information Security Awareness Training : (Y)
Govt. : None
PSU : 10+
Private : 350+


Forensics Audit : 25+

CISSPs : 4
BS7799 / ISO27001 LAs : 21
CISAs : 3
DISAs / ISAs : 1
S. Name of Duration Experience Qualifications related to

No. Employee with in Information security
SISA Information
Security
1 Dharshan 20 Years 18 Years CISA, CISSP, PCI QSA, Core PFI,
Shanthamurthy SANS GWAPT, OCTAVE Authorized
Advisor/Assessor
2 Renju Varghese 14.6 Years 14.6 Years CISA, PCI QSA, ISO 27001 LA, ISO
Jolly 27001 LI, CPISI, PCI SSF, PA - QSA,
P2PE QSA, OCTAVE IMPLEMENTER,
SANS GCFA, VISA/MASTERCARD
APPROVED COREFORENSIC
INVESTIGATOR
3 Kaushik Pandey 7 years 7 years CISA, PCI-QSA, IS027001 LA, CPISI
AUTHORIZED TRAINER
4 Yogesh Patel 6.4 Years 7 Years CORE PFI, VISA SECURITY
ASSESSOR, PCI QSA, PCI QPA, P2PE
QSA, GCFA – GIAC CERTIFIED
FORENSIC ANALYST, ISO 270001 LA
& LI
5 Vivek Singh 5.4 Years 5.4 Years CEH V8, CERFITIFIED PROFESSIONAL
Chauhan HACKER - IIS, CERFITIFIED
PROFESSIONAL FORENSICS ANALYST
- IIS, CERFITIFIED INFORMATION
SECURITY CONSULTANT- IIS,
DEGITAL FORENSIC INVESTIGATOR –
ASCL
6 Saravana S 1.2 Years 11 years CISSP,CEH V10, AWS SOLUTION
ARCHITECT, GDPR DATA PROTECTION
OFFICER, CPISI, PCI ASV, ISO 27001
LA
7 Nelson Yaragal 1.6 Years 11 years CISA, ISO 27001 LA, ISO 27001 LI,
CPISI
8 Sudeep Devashya 1.6 Years 12 Years ISO 27001 LA, ISO 27001 LI, CPISI
9 Aman Srivastava 1.9 years 6 years CISSP, PCI QSA, ISO 27001 LA, ISO
27001 LI, CEHV7, ITIC3,CCNP
SECURITY, JNCIS SECURITY
10 Prajwal Gowda 6 Years 6 Years PCI QSA, ISO 27001 LA, ISO 27001
LI, CPISI - S LEAD TRAINER
Client Project Value in

Compliance INR
BPO/Services PCI DSS, Information Security Audit 1.01 Cr
Medical devices and PCI DSS, Information Security Audit ,

Health care Network and Web Security Testing 1.12 Cr
PCI DSS, Information Security Audit , -

Network and Web Security Testing,
Payment Solution
Provider 1.02 CR
PCI DSS, Information Security Audit ,
Network and Web Security Testing,
Financial Sector
Organization 0.80 Cr
Commercial Tools Port Scanning Network & System Social Engineering

Vulnerability
Assessment
 Nessus - Nmap - Metasploit - Social-Engineering

Commercial Toolkit (SET)
 Burp Suite -Hping3 - Nessus
Professional
 Microfocus Fortify
- Nipper
 Quays Guard
Privilege Exploitation Application Threat Profiling &

Escalation Security Risk Identification
Assessment
- Cain & Abel - SQL Map  Burp Suite -Risk Assessment

Professional (RA)
- Nipper - Metasploit  OWASP ZAP
 Nikto
 SQLMap
 SSL Scan
 MobSF
 Drozer
 Frida
 Objection
 Echo Mirage
 Fiddler
 TCP Relay
 Microsoft
Sysinternal Tools
 Wireshark
 Hopper
 Microsoft Devskim
 Brakeman
 Graudit
 GoSec
 DevAudit
 Bandit
 Application
Inspector
Data Discovery MDR Red Team Wireless
Penetration
Testing
- SISA Radar - ProACT - OSINT Tools - Wapiti
- Harvester
-DNSrecon - Aircrack-ng


AMERICAS SISA Information Security Inc.

Las Colinas The Urban Towers,
222 West Las Colinas Boulevard,
Suite 1650, Irving, Texas 75039, USA
Tel: +1 (214) 308-2146
MIDDLE EAST and AFRICA SISA Information Security WLL

Gulf Business Center, Suite #1119,
Al Salam Tower, 11th Floor, Building 722,
Road 1708, Block 317, Kingdom of Bahrain.
Tel: +973 32 333 856
SISA Information Security

Novotel Business Park, Tower 2,
1st Floor, Unit No. 43,
Dammam – 32232-6140, Saudi Arabia.
Tel: +973 32 333 856
SISA Information Security FZE

P.O.Box 37495, Ras Al Khaimah,
United Arab Emirates.
Tel: +973 32 333 856
Mobile: +91 98458 54094
EUROPE SISA Information Security Ltd.

81 Bellegrove Road, Welling,
Kent – DA16 3PG,
United Kingdom.
Tel: +44 20 3874 1591
ASIA PACIFIC SISA Information Security Pte. Ltd.

101 Cecil Street, #17-09,
Tong Eng Building,
Singapore – 069533.
Tel: +65 3163 1024
SISA Information Security Pty. Ltd.

‘9A’, 139 Minjungbal Drive,
Tweed Heads South,
NSW – 2486, Australia.
Tel: +61 (2) 9161 2963
*Information as provided by SISA Information Security Private Limited on 16/04/2021
Back
M/s TUV-SUD south Asia Pvt. ltd
TUV-SUD south Asia Pvt. ltd

 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) Yes
 ICS/OT Audits:Yes
 Cloud security Audits: Yes
Govt. :Nil
PSU : Nil
Private : 10


Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.): 1
CISSPs : Nil
BS7799 / ISO27001 LAs : 3
CISAs : 1
DISAs / ISAs : Nil
Any other information security qualification:CCSP (1) , PCI QSA (2)
Total Nos. of Technical Personnel :

1 Mr. Amit Kadam 2 22 CISA / ISMS
LA/CCSSP/PCI DSS
2 Mr. Atul 3 12 MCSA, CCNA, IVTL v3,
Srivastava COBIT 5, ISO27001
Lead Auditor,
ISO27001 Lead
Implementer, PCI QSA
3 Mr. Kaushal 3 4.5 CEH, ISO27001 Lead
Meher Auditor
4 Ms. Archana Agre 1 2 CNSS Certified
5 Mr. Prajwal 1 3.5 ECSA (EC Council
Shetty Certified Security
Analyst)
Category Organizations Location
Insurance Sector 5 PAN-India
Payment Corporation 10 Mumbai, Chennai, Hyderabad
1. Nessus
2. NMAP
3. SQL map
4. Burp suite
5. NIPPER


If yes, give details : We are a subsidiary of TÜV SÜD group head Office in Germany
All locations are on the web sites. Locations | TÜV SÜD in India (tuvsud.com)
*Information as provided by TÜV SÜD south Asia Pvt. Limited on28 June 2021
Back
M/s ControlCase International Pvt. Ltd.
ControlCase International Pvt. Ltd.,

Corporate Center, Wing A, 4th floor, unit no. 407, J
. B. Nagar, Andheri-Kurla Road, Andheri (East),
Mumbai 400059, Maharashtra.
 Network security audit: Y

 Web-application security audit: Y
 Wireless security audit: Y
 Compliance audits (ISO 27001, 27017, 27018, 22301, 27701, PCI DSS, PA DSS, PCI
SSA, PCI SLC, P2PE, PIN, TSP, 3DS, ASV, HITRUST, HIPAA, SOC, NIST 800-53, 800-
171, CSA STAR, GDPR, CCPA etc.) : Y
 Finance Sector Audits (SWIFT, ATMs, API, Payment Gateway, Banks, Insurance
companies etc.) : Y
 Web Application Source Code Review: Y
 Advanced Penetration Testing Training: Y
 Virtualization Security Assessment: Y
 Mobile Application Security Audit: Y
 IoT Security Audit: Y
 Segmentation Penetration Test: Y
 Social Engineering: Y
Govt. : 3
PSU : 3
Private : 500+


Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : 100+
ICS/OT Audits : 2
CISSPs : 5
BS7799 / ISO27001 LAs : 37
CISAs : 15
DISAs / ISAs : 0
CISM: 16
CEH: 7
CHFI: 1
PCI QSA: 33
PCI PA QSA: 5
PCI SSA: 5
PCI SLCA: 9
PCI ASV: 5
PCI 3DS: 2
PCI P2PE QSA: 3
PCI CPSA-Physical: 4
PCI CSPA-Logical: 4
PMP: 2
CBCP: 1
CCSFP: 1
CCSK (CSA Star): 2
CCSP: 1
CDPSE: 9
CCNA: 5
ITIL: 2
S. Name of Duration with Experience in Qualifications related to Information

No. Employee ControlCase Information security
Security
1. Satyashil Rane 12+ Years 20+ Years PCI QSA, PA QSA, PCI SSA, PCI SLCA,
P2PE, CISSP, CEH, ASV, ISO 27001 LA
2. Rajkumar 8+ Years 9+ Years MS Cyber Law and Info Sec, CISSP, ASV,
Yadav ISO LA
3. Shashank 10+ Years 10+ Years CISSP, PCI-AQSA, PCI-ASV, ISO 270001
Vaidya LA, ISO 270001 LI
4. Vaibhav 10+ Years 10+ Years CEH, ECSA, ASV, PCI AQSA, ISO 27001 LA,
Mahadik ISO 270001 LI
5. Chaitany 11+ Years 13+ Years ISO 27001 LA, ISO 270001 LI, PCI QSA
Kamble
6. Sushant 7+Years 7+Years OSCP
Kamble
Sr.No Client Description of services ( Project Value

Relevant to Scope of Work in
this RFP, give reference
number only)
1. One of the largest Continuous Compliance Which Confidential
Financial Service includes
Provider in India PCI certification,
Fire wall rule set review,
Configuration scanning of IT
Assets,
Application Security scanning,
Log Monitoring and automated
alerting,
Internal vulnerability scan,
External vulnerability scan,
Internal and external penetration
testing,
Review and updating of policies,
Annual security awareness
trainings,
Risk assessment
2. One of the largest PCI DSS Certification Confidential

bank in Vietnam Application Penetration Test
Internal and external
penetration testing
3. One of the largest Application Security Review Confidential
bank in Brunei Code review
4. One of the largest Compliance as a Services – CAAS Confidential
payment transaction Which includes
service provider in PCI certification,
Mauritius Fire wall rule set review,
Configuration scanning of IT
Assets,
Application Security scanning,
Log Monitoring and automated
alerting,
Internal and external penetration
testing,
Review and updating of policies,
Annual security awareness
trainings,
Risk assessment
Commercial:
 Rapid 7 Nexpose
 QualysGuard External Scanner
 Tenable Nessus Security Scanner
 Netsparker Professional
 Rapid7 Nexpose Enterprise edition
 Nmap
 Nipper
Freeware / Open Source (Includes but not limited to below):

 Kali Linux Framework – Nmap, Netcat, cryptcat, Hping, Sqlmap, JTR, OpenVAS, SET, MSF,
Aircrack suite, Dirbuster, Cain
 Fiddler
 Charlse Proxy
 Metaspolit
 Mobile Security Framework
 L0phtcrack Password Cracker
 OpenVas
 W3af
Proprietary:
ControlCase SkyCAM - ControlCase SKYCAM is a consolidated framework that quickly and cost-
effectively enables IT governance, risk management and compliance (GRC) with one or several
government or industry regulations simultaneously. It allows IT organizations to proactively
address issues related to GRC and implement a foundation that is consistent and repeatable.
ControlCase Compliance Manager (CCM) - Built upon the ControlCase GRC (CC-GRC) platform
and provides an integrated solution to managing all aspects related to compliance. CCM allows
organizations to implement the processes, integrate technologies and provide a unified repository
for all information related to Compliance.
Card Data Discover (CDD) - ControlCase Data Discovery (CDD) addresses key need of Credit
Card Data Discovery and is one of the first comprehensive scanners that not only searches for
credit and debit card data on file systems, but also in most commercial and open source
databases, and all this searching is done WITHOUT installing any agents on any scanned system.
It scans the whole enterprise from one location.
ControlCase Compliance Scanner - ControlCase Compliance Scanner allows QSAs/Auditors and
consultants to streamline and automate the process of evaluating PCI compliance during onsite
engagements. Results from leading vulnerability scanners and application scanners, along with
cardholder data search features are processed by the Compliance Scanner to pre-populate
approximately half the controls of PCI DSS.
ControlCase ACE - ControlCase Automated Compliance Engine allows assessors and customers to
collect compliance evidence automatically from cloud and non-cloud environments to satisfy
various Certification/compliance related requirements. It is capable not only automatically
collecting the evidence but also determining compliance status and providing pinpointed
recommendations to remove non-compliances.


If yes, give details - , ControlCase International Pvt. Ltd is subsidiary of ControlCase Holdings
13. Locations of Overseas Headquarters/Offices, if any : Yes,

ControlCase LLC, 12015 Lee Jackson Memorial Hwy, Suite 520, Fairfax, VA 22033
*Information as provided by ControlCase International Pvt. Ltd. on July 23, 2021
Back
M/s Netrika Consulting India Pvt. Ltd.
M/s Netrika Consulting India Pvt. Ltd.
Global HQ: Plot no.2, Industrial Estate, Udyog Vihar, Phase-IV, Gurugram,
Haryana, India. PIN: 122015
Registered Office Address: 2nd Floor, 25, BLK-BK 25, Mandir, Shalimar
Bagh, New Delhi (110088).
Regional Offices:
Mumbai: Accord Classic 510, above Anupam Stationery, Arey Road, Goregaon
East, Mumbai - 400063 (Ph: +91-22-49035900)
Bengaluru: Unit No 205 A, Carlton Towers, 01 Old Airport Road, Bangalore -

560008 (Ph: +91-80-43728750)
 Network security audit (Y/N): Y

 Web-application security audit (Y/N): Y
 Wireless security audit (Y/N): Y
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N): Y
 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) (Y/N): Y
 ICS/OT Audits (Y/N): Y
 Cloud security Audits (Y/N): Y
 Application Security Testing: Y
 Mobile & API Security Testing: Y
 Secure Configuration Reviews: Y
 Cyber Forensics and Investigations: Y
Govt.:15
PSU:incl. Above
Private:15

Network security audit :7

Wireless security audit :3
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) :4
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) :2
ICS/OT Audits :0
Cloud security Audits :1
CISSPs : 1
BS7799 / ISO27001 LAs : 5
CISAs : 1
DISAs /ISAs : 0
Any other information security qualification:CEH/CISC/CPFA/eWPTX/OSCP: 5

1 Rajesh Kumar ~2 Years 20+ Years CISSP, CISA, CEH,
CFE, CDPSE etc.
2. Nikit Jain 3 Years 4 Years CEH, CISC, CPFA
3. Mukesh Kumar 0.5 Years 7 Years CEH, EWPTX, OSCP
3. H. S. Rawat 2.5 years 10 years CEH, ISO27001LA
5. Rahul Khattar 1 Years 10+ Years ISO27001LA
A leading Logistics Company in India, covering comprehensive Cyber Security Posture

Assessment, Internal/External Network, Application VAPT, Business Continuity Assessment,
End-point configuration review etc. Project Scope covered corporate office and sample regional
offices with project value around 8L.
Nmap/Nessus/Wireshark/OpenVAS/SQLMap/Metasploit/Burpsuite/Brutus/Hydra/MobSF/Drozr/
KaliLinux/Manual Scripts etc. and many more inducted as needed for project scope.


13. Locations of Overseas Headquarters/Offices, if any: Yes
a. UAE: SAIF Zone, Q1-06-141/C, PO Box 124932, Sharjah Airport Free Zone
b. SINGAPORE: Regus Vision Exchange, 2 Venture Drive Level. # 24-01- #24-32, Singapore
(608526)
*Information as provided by Netrika Consulting India Pvt Ltd on 25-July-2021.
Back
M/s NG TECHASSURANCE PRIVATE LIMITE
Name: NG TECHASSURANCE PRIVATE LIMITED

Address: Shop No. S-06 and S-07 (206 & 207), 2nd Floor,
Atlanta Shopping Mall, Althan Bhimrad Road, Surat, Gujarat - 395017

 Mobile application security audit (Y/N) : Yes
 IT general controls review (Y/N) : Yes
 Secure Configuration audit (Y/N) : Yes
 Vulnerability Assessment & Penetration Testing (Y/N) : Yes
 Policy review against best security practices and regulatory requirement (Y/N) : Yes
 IT GAP assessment(Y/N) : Yes
 Information security risk assessment. (Y/N) : Yes
 Compliance audits (RBI, NABARD) (Y/N) : Yes
 Information security awareness&training (Y/N) : Yes
 Data Migration Audit (Y/N) : Yes
Govt. : Nil
PSU : Nil
Private : 36


Mobile application security audit : 07
IT general controls review : 07
Secure Configuration audit : 12
Vulnerability Assessment & Penetration Testing : 24
Policy review against best security practices and regulatory requirement : 09
IT GAP Assessment(Y/N) : 07
Information security risk assessment. (Y/N) : 01
Compliance audits (RBI, NABARD) : 34
Information security awareness & training : 25
CISSPs : Nil
BS7799 / ISO27001 LAs : 02
CISAs/ DISAs / ISAs : 02
Any other information security qualification (CEH/ M. Tech etc) :10
S.No. Name of Duration with NG Experience in Qualifications related to

Employee TechAssurance Pvt. Information Security Information security
Ltd
1 Niraj Goyal >5 years >7 years CEH, ISA
2 Diti Patel > 1.5 year >1.5 years M Tech (CS)
Gaurav
3 >2 years >3 years ISMS LA
Goyal
4 Neha Goyal >5 years >5 years CEH
Adarsh
5 >1.5 year >1.5 years M Tech (CS)
Desai
For one of the reputed Financial Institution of the country, we have conducted Vulnerability
Assessment & Penetration Testing, Web and Mobile Application Testing, Compliance Audits
with live on all the delivery channels, having owned Data Centre and having 400+ IPs.
Commercial Tools
Nessus Professional
Open-Source/Freeware Tools
Kali Linux
Wireshark
OWASP ZAP
Vega
Nmap
Web Scarab
Aircrack suite
Nikto
MBSA
JhonTheRipper
Hydra
DirBuster
SQLMap
Metasploit
Nox Emulators
TestSSL
Nipper-NG
Proprietary
Custom Developed Shell & Python Scripts
12. Whether organization is a subsidiary of any foreign based organization?
: No
*Information as provided by M/s NG TechAssurance Private Limited on 26/July/2021
Back
M/s OXYGEN CONSULTING SERVICES PRIVATE LIMITED
OXYGEN CONSULTING SERVICES PRIVATE LIMITED

COSMOS, E/701, Magarpatta City, Hadapsar, Pune 411028
 ICS/OT Security Review: Y

 UIDAI AUA/KUA Audit: Y
 Systems Migration Audit: Y
 IT/Cybersecurity Roadmap: Y
 Data Privacy/Protection Audit: Y
 IT/Systems/Cybersecurity Audits: Y
 Internal Audit/Risk based Audit: Y
 Network/System/Application VAPT: Y
 IT General controls (ITGC) Audit: Y
 IT Governance/ COBIT/ IT-GRC Audit: Y
 3rd Party/ Outsourcing/Vendor audit: Y
 Secure SDLC and Secure code review: Y
 Storage of Payment System Data Audit: Y
 Cybersecurity/Infosec Awareness Review: Y
 Cloud security,Outsourced DC and DR site audits: Y
 Server/Firewall/Database/Email Configuration Review: Y
 RBI/SEBI/IRDA/NBFC/Stock Brokers/DP Compliance audit: Y
 CSOC/DLP/FW/IPS/WAF/PIM/SIEM/Security Products Audit: Y
 Cyber Resilience/Business Continuity/Disaster Recovery Audits: Y
 Functional Audits (CBS/Treasury/BBPS/CTS/In-House Software) Audits: Y
 Compliance audits (ISO/IEC 27001, ISO 22301, ISO 27701, PCI, GDPR etc.): Y
 Finance Sector Audits (Swift,ATMs, API, Payment Gateway,SEBI,NBFCetc): Y
Govt.:Nil
PSU:Nil
Private:87
Total Nos. of Information Security Audits done:87


Network security/ VAPT/Config audit: 30
Systems &Cybersecurity audit: 64
Compliance audits (ISO 27001/22301, PCI, GDPRetc.): 4
Finance Sector Audits (Swift,ATMs, API, Payment Gateway, SEBIetc.):46
CISSPs: 1
ISO27001 LAs: 3
CISAs: 4
CISMs: 2
CEH/CDPSE/CGEIT/FBCI/Prince2/ITILv3: 1
S. Name of Employee Duration Experience in Qualifications related to Information security

No. with Information
OCSPL Security
1 Sanjiv Kumar ~ 14 Years 24+ years CISSP,CISA,CGEIT,CISM,FBCI,CDPSE,ISO27001LA,
Agarwala ISO22301LA, ITIL, ISO9001LA
2 Sachin Prakash 5+ Years 14+ Years CISA, CEH
Jadhav
3 Chandrashekhar ~ 1 Year 24+ Years CISA, ISO27001 LA, PRINCE2, ITIL v3, ISO9001LA
Pulekar
4 Sumukh Bhagwat ~ 1 Year 10+ Years ISO27001 LA
5 Aparna Joglekar < 1 Year 15+ Years CISA,CISM
6 Shradha Agarwala ~14 Years 5+ Years ISO27001 IA
Largest Project / Client Project Scope/details
ISMS/ISO27001 consulting for an engineering services Security Policies, SOP, ISMS Mandatory
MNC having offices in APAC, Europe and North America documentation, risk assessment facilitation,
consulting support for control implementation,
VAPT, Customer specific requirements, ISMS
internal audits, ISMS awareness training,
external audit support. Project duration: 12
months with total project value around 20
Lakhs. Excludes logistics costs
Systems audit for a leading Small Private Bank Audit scope included CBS, ATM, Internet
Banking, Mobile Banking, SWIFT, FOREX,
TREASURY, Dealing, DEMAT, AML, ALM, NPA,
CTS, RBI and NPCI requirement, PSS, IT Act
2000 and amendments, Privacy policy, Risk
Management, IT infrastructure, DC, DR, HRMS,
Reconciliation, In-house applications, Policy
review, IT Governance, IT Strategy, OS,
Database security, BCP/DR, Payment systems,
Mobile App, Risk Assessment, SOC/SIEM,
PIM,WAF, DLP, Audit as per RBI Cybersecurity
framework, VAPT of Network, Critical desktops,
Public IP address, Applications, ISO27001
controls, Physical security. Project duration (end
to end): around 6 months with total project
value < 20 Lakhs
Tools used Usage

Nessus Infrastructure Scanning
Burpsuite Web Application VAPT
Wireshark Infrastructure Scanning/Sniffing
WHOIS & DOM Tools DNS Foot-printing tools
Qualys SSL Web Application SSL security
WINDOWS OS TOOLS/UTILITIES In-built Windows tools/Utilities
Uniscan Web Application VAPT
Zaproxy Web Application VAPT
John the Ripper Password cracking
Hping Multi-purpose tool
Nexpose, Vulnerability Assessment
Ethereal Network Sniffing
Nmap/Zenmap Portscanning
Immuniweb Mobile App security testing
Sqlmap Penetration testing/ DB Scanner
DirBuster Directory Buster
Skipfish Web Application VAPT
Netcat Multi-purpose tool
Acunetix Web Application VAPT
N-Stalker Web Application VAPT
Customized scripts/commands/OS tools Multi-purpose


*Information as provided by OXYGEN CONSUTING SERVICES PRIVATE LIMITED on 26 July2021
Back
M/s Peneto Labs Private Limited
Peneto Labs Private Limited

Registered Office: NO.S2, GREENVILE APARTMENTS MURUGESA, NAICKEN STREET
SENTHIL NAGAR EXTN, CHROMPET, Chennai, 600044
Operation Address: Level 8 & 9, Olympia Teknos , No - 28, SIDCO Industrial Estate,
Guindy, Chennai 600032,TAMILNADU.
 Network security audit (yes)

 Web-application security(yes)
 Wireless security audit (yes)
 Vulnerability Assessment and Management (yes)
 Penetration Testing (Infra/App) (yes)
 Mobile Application security assessment (yes)
 Phishing Simulation Exercise (yes)
 Red Team Assessment(yes)
 Source Code Review(yes)
 Firewall Rule Base review(yes)
 Purple Teaming Assessment (yes)
 Adversary Simulation (yes)
 Cloud security Audits(yes)
Govt. : 0
PSU : 0
Private : 17+
Total Nos. of Information Security Audits done :17+


Mobile Application security assessment : 5+
CISSPs : 1
BS7799 / ISO27001 LAs : 2
CISAs : 0
DISAs / ISAs : 0
CEH: 5
SANS GPEN: 1
SANS GCIH: 1
SANS GWAPT: 1
SANS GRID: 1
OSCP: 2
OSCE: 2
OSWP: 1
CREST CRT: 1
S. Name of Employee Duration Experience in Qualifications related to

No. with Peneto Information Information security
Labs Pvt Security
Ltd
1 Parthiban Jegatheesan 3 Years 4 12 Years OSCP,OSCE,GCIH,GWAPT,
Months ISO 27001 Lead
Auditor(ISMS LA)
2 Shankar 3 Years 4 Years ISO 27001 Lead
Ramakrishnan Auditor(ISMS LA),IBM
QRadar
3 ShanmugaPriya 2 Years 2 Years CEH
4 Selvamchristober 3 Years 3 Years CEH
5 Mohamed saqib 2 Years 2 Years CEH
6 Bala Kumar 3 Years 8 Years OSCP,OSCE,CREST CRT,
OSWP
7 KarthikeyanMurugesan 1 Year 8 Years CEH,CISSP
8 MeenakshiSundaram 7 Months 1 Years CEH
Peneto Labs signs a non-disclosure agreement with its customers. Hence we are in
no position to share this information. Kindly contact us in this regard for customer
feedback/reference or contract requirements.

Tool Name Description/Notes URL
Network port scanner capable of

nmap detecting open TCP and UDP ports https://nmap.org/
exposed by a system.
Linux distribution providing hacking

Kali Linux www.kali.org
tools.
Automated network vulnerability

Tenable https://www.tenable.com/products/nessus-
scanner for the fast detection of
Nessus vulnerability-scanne
security issues.
Testing suite adopted for detecting

Burp Suite
issues affecting web application and https://portswigger.net/burp/
Professional
web services.
Micro Focus
Fortiy for code review projects https://www.microfocus.com/
Fortify
Achilles, Hydra, OWASP, Mantra
IronWASP, Paros Proxy
, John the Ripper, Pwdump, Cain and

Able, Maltego, w3af , Metasploit
Community Edition
Other Tools Webinspect, Dsniff, MobSFWebScarab Available in Kali Linux
Firewalk ,NetCat ,Whisker
Hping , Wikto
HTTPrint, Nikto, Wireshark
HTTrack
Private tools, internally developed,

that are used to bypass some of the
Private Tools common security controls, and that N/A
will aid in achieving the objectives set
for the engagement.
10. utsourcing of Project to External Information Security Auditors / Experts : No


*Information as provided by Peneto Labs Pvt Ltdon August 2021
Back
M/s Security Spoc LLP
Security Spoc LLP, Level 18 Tower A,

Building No. 5 DLF Cyber City Phase III, Gurgaon, Haryana, 122002 India

 Compliance audits (ISO 27001,RBI, PCI, etc.) : Yes
 OT & IoT Security Assessment : Yes
 Payment Gateway audit : Yes
 Privacy Impact Assessment : Yes
 Secure SDLC Review : Yes
 Source Code Review : Yes
 Cloud Security Assessment : Yes
 Data Centre and Physical Security Assessment : Yes
 Open Source Threat Intelligence : Yes
 Information Security Audit : Yes
 Cyber Security Audit : Yes
Govt. : 0
PSU : 1
Private : 15

Network security audit :

8
Web-application security audit :
6
Mobile-application security audit :
4
Wireless security audit :
2
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) :
2
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) :
2
ICS/OT Audits : NA
Cloud security Audits :
2
CISSPs : NA
BS7799 / ISO27001 LAs : 3
CISAs : 1
DISAs / ISAs :NA
CISM: 1
CEH: 6
ECIH: 1
Crest CPSA: 1
OT Security: 2
Any other information security qualification:ECSA, OSCP, AWS Security, Azure,
Crest CPSA

No. Security Spoc Information Security Information security
LLP
1 Shivani Mehta 1.6 Years 3 Years ISO 27001 LI
2 Ishvaku Shukla 1.2 Year 3 Years CEH
3 Sumit Sharma 1.7 Year 8.9 Years CISM, OSCP, ISO
27001
4 Meshach 1 Year 6 Years CEH, CREST CPSA,
Marimuthu ECSA
5 Sarfuddin 1.3 Year 2 Years CEH
6 Dhruv Gupta 0.7 Year 8.5 Years ISO 27001, CEH, ECIH
7 Sachin Chauhan 0.2 5 Years CEH
AWS Cloud Security Assessment for online Storage Provider:
 18 Servers
 1 Firewall
Number of Hosts
 4 VPCs
Configurations
 2 Bastion/Jump Host
 1 VPN Server
 EC2
 S3 Bucket
 Key Management Solution
 Active Directory
Cloud Services Audited  AWS Single Sign-On
 O365 and Email Security
 NACLs and Security Groups
 AWS Cognito
 Identity and Access Management
Cloud Architecture Review  Current Architecture of Organization was audited for

Security lapses
 Commercial Tools:Nessus, Burp Suite

 Freeware Tools:Kali Linux, MobSF, Wireshark, Nipper, Powershell Empire, Virus
Total, Drozer, Frida & Objection, Inspeckage, APKtools, Shodan, Nmap, Metasploit,
Nikto, ZAP, Responder, ImpacketSearchsploit, Maltego, LFIsuite, SQLMAP and etc.
 Proprietary Tools:AutoPentest, ProminentX

*Information as provided by Security Spoc LLP on 17-Aug-2021
Back
M/s Software Technology Parks Of India
Software Technology Parks Of India,

1st Floor, Plate B, Office Block-1,
East Kidwai Nagar, New Delhi-110023
Website URL: http://www.stpi.in
Ph:+91-11-24628081
Fax:+91-11-20815076
3. Capability to audit , category wise (add more if required):

Network security audit (Y/N) Yes
Web-application security audit (Y/N) Yes
Compliance audits (ISO 27001, PCI, etc.) (Y/N) ISO
27001-
Yes
Web-server security audit (Y/N) Yes
Source Code Reviews (Y/N) Yes
IT Application / ERP Audits (Y/N) Yes
IT Security & Infrastructure Audits (Y/N) Yes
Vulnerability Assessments & Pen Testing (Mobile/WebApps) (Y/N) Yes
Mobile Security Audit (Y/N) Yes
The following are in detailed list of different security services provided by STPI.
IT Audit & Compliance Services Assessment Services

 OWASP compliance Security  Web Apps Security Assessment &
audit of web applications and Vulnerability Assessment
web services
 Penetration Testing
 Infrastructure audit in  Perimeter Security Testing
compliance to Center for
 System hardening
Internet Security (CIS),
National Institute of Standards  Wireless Network Assessment
and Technology (NIST), ISMS  Host configuration review
etc. (Window, Linux, Cisco,
Juniper...)
 OWASP compliance security
audit of mobile applications  Network Product (Routers,
Switches, Firewall etc.)Security
Audit
 Malware Analysis
 Policy Gap Analysis
Govt. :4
PSU :0
Private :3


Desktop Configuration Audit : 1
Network Product Security Audit : 1
CISSPs : 0
BS7799 / ISO27001 LAs : 31
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : Refer Below Table
S.No. Name of Employee Associated with Experience Qualifications related to Information

STPI Since in security
Information
Security
1 Ms. Kavitha C April 2000 21+  ISMS –LA
 ISMS-CISP
 Certified Network Security Manager
2 Mr. Jaya Prakash May,2001 20+  ISMS –LA
 ISMS-CISP
3 Mr. N S Siddaiah January, 2000 21+  ISMS Auditor/ Lead Auditor,
 ISO/IEC 27001 Certified ISMS
Professional (STQC-CISP),
(CNSM)
 Certified ISO 20000-1:2018
Awareness & Implementation
4 Ms.Komala.C.N September,200 16+  Trained on Network Security and
5 VAPT by Internet Society of India
Bangalore Chapter
 Certified Software Team Lead
Program
 Trained on the following
o IMS-ISO 27001 (ISMS)
Implementation.
o IMS-ISO 27001 (ISMS)
Internal Auditor.
o Integrated Management
System Implementation ISO
9001:2008, ISO
27001:2005, ISO
20000:2011
5 Mr.Jogender Singh September,200 15+  ISMS –LA
6  ISMS-CISP
 CEH
 CCNA Security
 Participation Certificate for
o SANOG 26 –
Security/DNSSEC Workshop.
o Network Security VAPT
Workshop – CSI Bangalore
Chapter 2014.
o IPv6 Deployment Workshop
by APNIC 2011
o SANOG 30 – Network
security workshop 2017
o Network Security Workshop
by INNOG – 2018.
o CDAC- Vulnerability
Assessment and Prevention
Training 2021.
6 Mr. Dipak Kumar August,2008 12+  ISMS –LA
 ISMS-CISP
7 Mr.Sudhakar.T September,200 16+  ISMS –LA
5  ISMS-CISP
 Certified Network Security Manager.
8 Mr.Jimnesh P July,2006 15+  ISMS –LA
 ISMS-CISP
 MCP
 LAN Implementation and
Administration from NITC-IBM ACE
Centre
9 Mr.Jayateerth R November,2007 14+  CCNA
Joshi  Participation Certificate for the
following.
o Red Hat Enterprise
Virtualization.
o IPV6 Deployment workshop.
10 Mr.Suresh Kumar J March,2008 13+  Participation Certificate for the
following.
o Red Hat Enterprise
Virtualization.
o IPV6 Deployment workshop.
o BigData and Cyber Security
o Domain Name System (DNS)
Security
11 Mr. Achyut Dutta December,2005 20+  ISMS –LA
 ISMS-CISP
12 Mr. Ajay S Bhosle October,2000 21+  ISMS –LA
 ISMS-CISP
13 Mr. Ashish May, 1998 23+  ISMS –LA
 ISMS-CISP
14 Mr.Umanath.G.B October, 2006 18+  ISMS –LA
 ISMS-CISP
15 Mr. G Senthil August,2006 15+  ISMS-CISP
16 Mr. Jitendra Kumar March,2001 21+  ISMS –LA
 ISMS-CISP
17 Mr. K Kuppuraj July,2000 21+  ISMS –LA
 ISMS-CISP
18 Mr. KalidindiVenkata December,2005 16+  ISMS-CISP
Chandra Varma  Certified Network Security Manager
19 Mr. M Madhan September,200 19+  ISMS –LA
5  ISMS-CISP
20 Mr.Mahesh M May, 2001 20+  ISMS –LA
 ISMS-CISP
21 Mr. Maneesh Kumar July,2008 13+  ISMS –LA
 ISMS-CISP
22 Mr. April,2006 17+  ISMS –LA
MayankShrivastava  ISMS-CISP
23 Mr. Nikhil Kumar Rai October,2008 17+  ISMS –LA
 ISMS-CISP
24 Mr. Nitin Kumar Rai May,2011 10+  ISMS-CISP
25 Mr.Pramodsa.MM November,2011 10+  ISMS –LA
 ISMS-CISP
26 Mr. Prafull D Patinge August,2008 13+  ISMS –LA

 ISMS-CISP
27 Mr. Praveen Kumar August,2008 12+  ISMS –LA
Dwivedi  ISMS-CISP
28 Mr. R Pattabiraman November,2005 16+  ISMS –LA
 ISMS-CISP
29 Mr. Rahul Singh March,2011 12+  ISMS –LA
 ISMS-CISP
30 Mr. Rajeeva Kumar September,200 15+  ISMS-CISP
6  Certified Network Security Manager
31 Mr. Rajesh Behl April,1998 25+  ISMS –LA
 ISMS-CISP
32 Mr. Rajib Kr. Das September,200 15+  ISMS-CISP
33 Mr. Rakesh Dubey October,2008 21+  ISMS –LA
 ISMS-CISP
34 Mr. Rakesh Kumar September,200 15+  ISMS –LA
Verma 6  ISMS-CISP
35 Mr. Ramesh Yerukula November,2006 19+  ISMS –LA
 ISMS-CISP
36 Mr. S Govindarajan February,1999 22+  ISMS-CISP
37 Mr. November,2006 18+  ISMS –LA
SachinVishwanathPur  ISMS-CISP
nale  Certified Network Security Manager
38 Ms. Sangeeta October,2006 14+  ISMS –LA
Hemrajani  ISMS-CISP
39 Mr. December,2008 15+  ISMS –LA
SoumyaRanjanMoha  ISMS-CISP
nty  Certified Network Security Manager
40 Mr. Tapas July,2005 16+  ISMS-CISP
RanjanBarik  Certified Network Security Manager
41 Mr. V May,2008 20+  ISMS-CISP
Ganapathieswaran  Certified Network Security Manager
42 Mr. V Viswa Sai July,2006 16+  ISMS –LA
 ISMS-CISP
43 Mr. Veerabhadra September,200 16+  ISMS-CISP
44 Mr. VIRENDRA March, 1998 23  ISMS-CISP
SINGH  Certified Network Security Manager
Network Infrastructure Audit: Network Infrastructure Security Audit and Assessment was
carried out for M/s All India Council for Technical Education (AICTE), New Delhi which includes
the following.
 Server Audit /OS Audit: More than 120 Servers/Desktops.

 Network Audit: w.r.t Switch, Router, Firewall, UTM/IDS/IPS/WAF/LLB/SAN, and
ADC etc.
 Configuration & Policy Audit: User Management Policy, Offline, Backup policy,
Network Policy documentation audit etc.
 Client Audit: Anti-Virus, Desktop (i.e.Service Packs and Security Updates,,
Auditing and Account Policies, Security settings, Available services, File system
and permissions, Administrative templates, Network configuration, Windows
components and Standard Software check etc.), Group Policy etc.
Web Application Security Audit:Web application Security Testing against OWASP Top 10
standards was carried out for the following Customers.
 Central Institute of Temperate Horticulture (CITH)
 Office of the Accountant General (A & E) Karnataka.
 Bangalore Metro Rail Corporation Ltd(BMRCL), Bengaluru
Desktop Configuration Audit:Desktop configuration audit for M/s Technacle IT Services Pvt.
Ltd, Bengaluru which are hosted on AWS cloud.
Network Product Security Audit:Security audit along with malware analysis has been
carried out for Metro Ethernet Ring (MER) Switch of the customer M/s. Tejas Networks,
Bengaluru.
Freeware Commercial
1. Zapproxy  Burpsuite Professional
2. Nmap  Acunetix
3. Nikto  HCL AppScan
4. Sqlmap
5. Kali Linux
6. Sslscan
7. Arachni
8. Dirbuster
9. Fimap
10. Cain and Abel
11. Hydra
12. Httprint
13. Wapiti
14. Curl
15. Airmon-ng
16. Greenbone Security
Manager(GSM)
17. Openvas
18. Nipper
19. Lynis
20. MBSA
21. Vega
22. Paros
23. John the Ripper
24. Shcheck
25. nmapAutomator, etc.
10. Outsourcing of Project to External Information Security Auditors / Experts : NA(If yes,
11. Whether organization has any Foreign Tie-Ups? If yes, give details : NA
12. Whether organization is a subsidiary of any foreign based organization? :NA

13. Locations of Overseas Headquarters/Offices, if any :No
Lead centre for all other STPI centers and Security Audit Certificate Issuance
Centre
Software Technology Parks of India (STPI)

No.76 & 77, 6th Floor, Cyber Park, Electronic City,
Hosur Road, Bengaluru - 560100 Karnataka
STPI Jurisdictional Directors Registered Offices Locations in India with complete address
Name of Address for Communication Contact Number

Jurisdiction
Noida Ganga Shopping Complex, 91-120-2470502,

Sector-29, Noida - 201303 Uttar 2470403
Pradesh
Bengaluru No.76 & 77, 6th Floor, Cyber 080-66186000-6007
Park, Electronic City, Hosur Road, 91-80-28521161 (Fax)
Bengaluru - 560100 Karnataka
Hyderabad 6Q3, 6th Floor, Cyber Towers, 91-40-23100502
Hitech City, Madhapur,
Hyderabad - 500081Telengana
Pune Plot No.P-1, Rajiv Gandhi Infotech 91-20-22981000
Park, MIDC, Hinjawadi, Pune -
411057 Maharashtra
Guwahati Near L.G.B.I Airport, Borjhar, 91-361-2841269,
Guwahati - 781015 Assam 2841374
Bhubaneswar STPI ELITE Building, IDCO Plot 0674-2623000
No.2/A, Industrial Area,
Gothapatna, Post-Malipada,
District-Khurda, Bhubaneswar-
751003
Chennai No. 5, III Floor, Rajiv Gandhi 91-44-39103525
Salai, Taramani, Chennai -
600113 Tamilnadu
Gandhinagar 9th floor, GIFT One Tower, Block- 91-79-66748531,
5C, Zone-5, GIFT City, 66748532
Gandhinagar-382355 (Gujrat)
Thiruvananthapuram C-21, Thejaswini Building, 91-471-2700707
Technopark Campus, Karyavttom,
Thiruvananthapuram – 695581
Kerala
*Information as provided by Software Technology Parks of India on 28.07.2021
Back
M/s Sumeru Software Solutions Private Limited
M/s Sumeru Software Solutions Private Limited

1st Floor "Samvit",
Near The Art of Living International Center,
21st KM Kanakapura Main Road,
Udayapura, Bangalore – 560082
Karnataka, India
 Network security audit- Y

 Web-application security audit- Y
 Wireless security audit- Y
 Secure Code Review- Y
 Mobile Application Security Audit- Y
 Cloud Security Assessment- Y
 Configuration Reviews- Y
 Red Team Assessment- Y
 Compliance audits (ISO 27001, ISO 9001, ISO 22301, GDPR, PIMS, RBI Audit,
NHB, NBFC Audits etc. )- Y
Govt. : 15
PSU : 29
Private : 140


Source Code Review- 26
Cloud Security Assessment: 20
CISSPs : 1
BS7799 / ISO27001 LAs : 1
CISAs : 1
DISAs / ISAs : NA
CEH- 2
OSCP- 1
GPEN-1
GREM-1
GMOB-1
CIPR-1
Duration Qualifications
Experience in
S. Name of with Sumeru related to
Information
No. Employee Software Information
Security
Solutions security
1 Sandeep Erat 18.3 Years 18.3 Years CISA, CRISC

2 Rajeev 16.3 Years 16.3 Years ISO 27001 LA
3 Shashank Dixit 13 Years 13 Years OSCP, CISSP
Sengoda Krishna GPEN, GREM, GMOB,
4 13 Years 13 Years
Kumar eCPPT, eWPT
ISO 27001 LI, BS
10012 LI, HP ArcSight
5 Ajan Kancharla 5.3 Years 8.4 Years
Administration, CIPR,
CEH, PIMS GDPR
6 Siva T 5.10 Years 9.2 Years -
7 Snehan 3 Years 3 Years -
Dhwani R.
8 3 Years 3 Years CEH
Girwalkar
9 Madhavan M 2.4 Years 2.4 Years -
10 Kavinkumar R 2 Years 2 Years -
11 Prasath R 2 Years 2 Years -
12 Muthuselvan B 2.4 years 2.4 Years -
13 Amritha S 2 Years 2 Years -
14 Nandakumaran 2.4 Years 2.4 Years -
15 Thilakesh M 2.4 Years 2.4 Years -
16 Swetha 2.4 Years 2.4 Years -
Sumeru Software Solutions Private Limited is providing Cyber Security services for the last
20+ years for various clients including large public sector organizations, and State
government departments in India. As part of our services we perform end to end design
implementation, review and operations services across various aspects of Cyber security.
Project Value (s): Confidential
Project Details
S. No Project Scope of Work Location
Web Application Assessment

Mobile Application
1 Private Sector bank Assessment, Secure Code Bangalore
Review, Network Assessment
and ISMS implementation.
Web Application Assessment

Mobile Application
2 Fintech Company Assessment, Secure Code Hyderabad
Review, Network Assessment
and ISMS implementation.
Nonbank Financial Companies Red Team Assessment, VAPT

3 Mumbai
(NBFCs) Threat Hunting
Freeware Commercial
Freeware Commercial
 Nmap  Nessus
 Nikto  Burpsuite
 Netcat
 Metasploit
 Sqlmap
 Kali Linux
 Dirbuster
 Wireshark
 John the Ripper
 Visualcodegrepper
 Bandit
 Apktool
 dex2jar


Subsidiary Company Address:

Sumeru Solutions Inc.
4000 Legato Road Suite 1100
Fairfax, VA 22033 US
* Information as provided by Sumeru Software Solutions Private Limited on 15/12/2022
Back
M/s AURISEG CONSULTING PRIVATE LIMITED
AURISEG CONSULTING PRIVATE LIMITED
Registered Office Address : No 81, Maveeran Duraiswamy Street, Poonga Nagar,

Thiruvallur 602001, Tamilnadu
Postal Address : A4 Tower, Door No 8A, Olympia Grande, GST Road, Pallavaram,
Chennai 600043
2. Carrying out Information Security Audits since : <2014>
 Network security audit Yes

 Web-application security audit Yes
 Wireless security audit Yes
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) Yes
 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) Yes
 ICS/OT Audits Yes
 Cloud security Audits Yes
 Social Engineering Assessment / Phishing Simulation : Yes
 Mobile and API Security Audit ; Yes
 Forensics/Incident response/Compromise Assessment : Yes
Govt. : Nil
PSU : 4
Private : 30


ICS/OT Audits : 2+
Secure Source Code Review : 10+
CISSPs : 2
BS7799 / ISO27001 LAs : 2
CISAs : 2
Any other information security qualification: CEH, PenTest+, CISC and
CISM,CREST-CPSA,OSCP and ECSA.
S. No. Name of Duration with Experience in Qualifications related

Employee <organization> Information Security to Information security
1 Srinivasan M.S 6.5 Years 15 Years CISSP,CISA,CISM, OSCP,
CREST-CPSA and CDPSE
2 Giri V.V 2 Years 15 Years CISSP,CISM,OSCP & ISO
27001 LA
3 Sudhakar 3.5 Years 4 Years CEH
Rajendran
4 Jeyarajan 5 Years 12 Years MCSE
5 Umashankar 2 Years 7 years CEH
6 Prasanna 01 Years 12 Years AWS Security Certified –
Gurumurthi Specialty
7 CIBI Soorya 01 Years 02 Years CEH
8 Stephan 01 Year O1 Years
9 Gurpreet kaur 01 Year 01 Year CISC
10 Swetha lakshmi 06 months 01 Year CEH
11 Sunil Modhave 6 Months 20+ Year CISA,ISO 27001 Lead
Auditor
12 Hari Boopathi 2 Years 4 Years CEH
etc.) along with project value. It is covered following various activities
1. ISO 27001: 2013 Implementation

2. External Penetration Testing
3. Web Application Security Testing
4. Source Code Review
5. Security Configuration Review
6. Deep Web /Dark Web Scanning
7. Red Teaming Exercise
8. SDLC Process and Procedure
9. Incident Management Table -Top Exercise
10. Threat Hunting/Incident Response/ Compromise Assessment
11. Network Devices Configuration Review / Architecture Review
Project Assessment Value

Life Sciences group Vulnerability Assessment and Project Value <40 lakhs
Penetration Testing
Automotive Group Application Security Audit
IT Industry Application Security Audit
Embedded Systems Internal Vulnerability
Industry Assessment and Penetration
Testing
Financial Services OS hardening and Policy
Compliance check
S. No Tools List Commercial/Open

Source/Freeware
1 Burp Suite Commercial Version
2 Tenable Nessus Professional Commercial Version
3 Kali Linux Open Source
4 MobSF Open Source
5 FRIDA Open Source
6 Objection Open Source
7 OWASP ZAP Open Source
8 Wireshark Open Source
9 Cain & Able Open Source
10 SQL Map Open Source
11 Prowler – AWS Security Audit tool Open Source
12 Metasploit Open Source
13 Vooki DAST Open Source
14 Exploit DB
15 Customized Scripts
16 Nikto Open Source


*Information as provided by <AuriSEG Consulting Private Limited on 24/07/2021.
Back
M/s Nangia & Co LLP
Nangia & Co LLP,

A-109, Sector 136, Noida 201301, India.

Govt. : 2+
PSU : 3
Private : 25+


ICS/OT Audits : 2
CISSPs : 1
BS7799 / ISO27001 LAs : 5
CISAs : 8
DISAs / ISAs : 2

1 Shrikrishna 1.10 Years 18 years CISA, CISM, CDPSE,
Dikshit CBCP, CEH, BS7799
LA
2 Pushpendra 1.9 Years 16 Years ISO 27001 LA
Bharambe
3 Asif Balasinor 1.10 Years 9 Years CISSP, OSCP, CEH,
AWS Certified
Solutions Architect -
Associate
4 Aditya Thontakudi 1.8 Years 6 Years CISA
5 Karan Pandya 1.8 Years 6 Years CISA
6 Sahil Khan 1.7 Years 2 Years CEH
7 Nitin Bhojankar 1.10 Years 6 years CISM, CCNA, CCNP,
ISO 27001 LA,
8 Rachit Shukla 0.2 Years 10 Years CISM, ISO 27001 LA
 Systems Audit for a leading company & it’s subsidiaries in India rendering
guaranteed clearing and settlement functions concerning transactions in G-Secs, money,
derivative markets, and foreign exchange.
Project Value < INR 15 Lakhs
 Business Continuity & Disaster Recovery Review for a leading Media & Entertainment
company in India
 Application Security Assessment, Vulnerability Assessment & Penetration Testing for a

leading Media & Entertainment company in India
Commercial Tools:
 Nessus
 Acunetix
 Burp-Suite
 Netsparker
The above list of tools is indicative.
Freeware Tools:
 Xprobe
 Dnssecwalker
 Tcpdump/tcpshow
 Dsniff
 Ettercap
 Ethereal
 Fping/ Hping
 Queso
 Nmap
 SuperScan
 Netwag
 Firewalk
 Q-Tip
 SQLMap
 Jack the Ripper
 NGS SQLCrack
 HydraCain and Abel
 Metasploit
The above list of tools is indicative.

( If yes, kindly provide oversight arrangement (MoU, contract etc.)) NO
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No NO
12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No NO
13. Locations of Overseas Headquarters/Offices, if any : Yes/No NOT APPLICABLE
*Information as provided by Nangia & Co LLP on 26thJuly 2021
Back
M/s Panacea InfoSec Pvt. Ltd.
Panacea InfoSec Pvt. Ltd.,

226, Pocket A2, Sector 17, Dwarka, New Delhi - 110075

: YES
AEPS security audit
API Security audit : YES
Application and Network Security architecture audit : YES
Black Box PT : YES
Finance Sector Audits (Swift, ATMs, API, Payment Gateway
: YES
etc.)
Cloud Security Architecture audit : YES
Cloud security Audits : YES
ICS/OT Audits : YES
Scada Security Testing : YES
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI,
: YES
etc.)
Cyber Forensics : YES
Docker VAPT : YES
HIPAA audit : YES
Information Security Policy Formulation & Assessment : YES
Kiosks system security testing and audit : YES
Microservices security testing : YES
Mobile Application Security Audit : YES
Network security audit : YES
Payment Switch security testing and audit : YES
POS application security testing and audit : YES
POS Device Security testing and audit : YES
RBIPSS audit : YES
Red Team Test : YES
Secure Code Review : YES
Segmentation PT : YES
Server/Device Configuration Review : YES
Server/Device Hardening Review : YES
Thick Client Application security testing & audit : YES
Web-application security audit : YES
Wireless security audit : YES
SIEM/SOC Implementation : YES

Govt. : 12
PSU : 5
Private : 400+

AEPS security audit : 15+

API Security audit : 105+
Application and Network Security architecture audit : 5+
Black Box PT : 20+
Finance Sector Audits (Swift, ATMs, API, Payment
: 25+
Gateway etc.)
Cloud Security Architecture audit : 7+
ICS/OT Audits : 3+
Scada Security Testing : 2+
Compliance audits (ISO 27001, IEC 62443, IEC 27019,
: 340+
PCI, etc.)
Cyber Forensics : 2+
Docker VAPT : 140+
HIPAA Audit : 9+
Information Security Policy Formulation & Assessment : 125+
Kiosks system security testing and audit : 16+
Microservices security testing : 25+
Payment Switch security testing and audit : 18+
POS Device & Application Security Testing : 30+
RBIPSS audit : 20+
Red Team Test : 6+
Secure Code Review : 170+
Security Architecture : 6+
Segmentation PT : 350+
Server/Device Configuration Review : 650+
Server/Device Hardening Review : 550+
Thick Client Application security testing & audit : 145+
SIEM/SOC Implementation : 15+
CISSPs : 1
BS7799 / ISO27001 LAs : 9
CISAs/CISM : 4
DISAs / ISAs : 0
CEH/OSCP/ECSA/CCNA : 20
Below are some of resources details.
S. List of Duration Experience in Qualifications related to Information

NO. Employees with Panacea Information Security security
CISSP, PCI QSA, PCI 3DS, PCI ASV,
1 Ajay Kaushik 9 Years 17+ years
CISM (2010-2016)
2 Jitender Khanna 7+ Years 17+ years PCI QSA, ISO 27001-LA
3 Chandani Mishra 4+ Years 10+ years B.Tech, MSCLIS, CEH, OSCP, PCI ASV
B.Tech, MSCLIS, PCI QSA, PCI QPA,
4 Himanshu Mishra 3+ Years 10+ years
ISO 27001-LA, ISO 27001-LI
PCI QSA, PCI QPA, PCI SSLCA, SWIFT
5 Akshay Ahuja 5+ year 5+ years
CSCF, ISO 27001 LA & LI
B.Tech, MSCLIS, AWS Security
Manmohan
6 5+ year 9+ years Specialist, Certified In defend (DLP),
Swarup
Juniper Network Security SPIRING
CISM, CISA, CCNA, CCNA(S), PCI
7 Sammy Njeru 4+ Years 12+ years
QSA
PCI QSA, LA 27K:2013, LA 25999,
Syed Faiyaz
8 4 years 16+ years MCSE+I, MCA, M.Sc. in computer
Hussain
science
9 Vipul Arya 3+ Years 8+ years LA-ISO27001
10 Ankita Singh 3+ Years 3+ Years B.Tech, M.Tech, eWPTX, ECSA
Bikash K
11 3+ Years 3+ Years B.Tech, OSCP, CEH
Rouniyar
12 Devendra Bhatla 3+ Years 3+ Years B.Tech, OSCP, CEH
B.Tech, CEH, PGDA in Wireless,
13 Jatin Kumar 3+ Years 7+ years
CompTIA CySA+
14 Kriti Vaid 3+ Years 3+ years B.Tech
Kailash D
15 4+ Years 4+ years B.Tech, MSCLIS, PCI QSA
Agrawal
Nehanshu S
16
Chauhan 5+ year 5+ years PCI QSA, ISO 27001 LI
17 Prabhat Hudda 1.5 Years 1.5 Years B.Tech, CEH, Pentest+
Sanat Kumar
18 4+ Years 4+ years B.Tech, PCI QSA
Dwivedi
Raghvendra
19 3+ Years 3+ years B.Tech
Shukla
20 Pariskhit Prasad 1 Year 5+ Years B.Tech, MSCLIS, CEH OCA ,OCP
21 Rajat Shirish 1 Year 3 Years B.Tech, ISO 27001 LA
Shubham
22 3+ Years 3+ Years B.Tech, eCPTX, ECSA
Vashisht
1. One of overseas Leading Public/Private-Sector Banks - PCIDSS Compliance,

Managed Services (Quarterly, Annual), Secure Code Review, Application Security
Assessment
2. One of Largest BPO (Global) - PCIDSS Compliance, Managed Services (Quarterly,
Annual)
3. One of India’s Leading Aviation Companies – PCIDSS Compliance, Application
Security Assessment, Infrastructure Security Assessment
4. One of India’s Leading FMCG Companies – PCIDSS Compliance, Application
Security Assessment, Infrastructure Security Assessment, Consulting for ISO 27001
Implementation
5. One of Leading Telecom Service Provider – PCIDSS Compliance, Application
Security Assessment, Infrastructure Security Assessment, Consulting for ISO 27001
Implementation
6. One of India’s Leading Payment-Switch Companies – PCIDSS Compliance,
RBIPSS Audit, Application Security Assessment, Infrastructure Security Assessment
7. One of India’s Leading Public/Private-Sector Banks - PCIDSS Compliance,
RBIPSS Audit, Managed Services (Quarterly, Annual), SIEM Service, Secure Code
Review, Application Security Assessment, Consulting for ISO 27001 Implementation
8. One of India’s Leading e-commerce platform - PCIDSS Compliance, Managed
Services (Quarterly, Annual), SIEM Service, Secure Code Review, Application Security
Assessment

Maximum Count handled under Single project:
No. of Systems (Server, Desktops, Network Devices) Scanned: 87,000
No. of Applications: 80
Tool License Type Purpose

Burp Suite Pro Licensed Application Security Testing
Nessus 5 Pro Licensed Vulnerability Assessment
Qualys Guard Licensed Network and Application VA
Qualys Container Security Licensed Container/Docker Vulnerability Assessment
Rapid7 Insight VM Licensed Vulnerability Assessment
AppUse 4.3 Open source Mobile Application Pen Test
MobSF Open source Mobile Application Pen Test
Echo Mirage Open source Network Proxy
Kali Linux Rolling Edition Open Source VAPT
Nipper Open Source Network Configuration File
Nmap Freeware Port Scanner
SoapUI Freeware Web Services
Helix3 Freeware Computer Forensics
Oxygen Forensic Suit Commercial Mobile forensic
ProDiscover Forensic Commercial Computer Forensics
Rapid 7 Metasploit Community N/W and Application Pen Test
11. Whether organization has any Foreign Tie-Ups? If yes, give details: Yes
Multiple Partners in multiple countries. We can only share information if Cert-IN

assures that this would not be published publicly.

Panacea InfoSec Kenya Limited

PO.BOX 10608 00400 NBI,
Nation Center Kimathi ST,
Nairobi, Kenya
*Information as provided by Panacea InfoSec Pvt. Ltd. on 01-September-2021.
Back
M/s Varutra Consulting Private Limited
Varutra Consulting Private Limited

II floor, West Wing, Marigold Premises, Marisoft III,
Kalyaninagar Pune 411014, Maharashtra, India
 Network Vulnerability Assessment and Penetration Testing -(Y/N) : Yes

 Network and Application Security Architecture Review-(Y/N) : Yes
 Red Team Assessment-(Y/N) : Yes
 Deep and Dark Web Assessment- (Y/N) : Yes
 Wireless Penetration Testing -(Y/N) : Yes
 AWS, Firewall, Network Devices and Server Configuration Audit- (Y/N) : Yes
 Application (Web + Mobile) Security Assessment and Penetration Testing-(Y/N) : Yes
 Application (Web + Mobile) Source Code Review-(Y/N) : Yes
 Application Threat Modeling-(Y/N) : Yes
 API Penetration Testing- (Y/N) : Yes
 Secure Development Lifecycle Consultancy -(Y/N) : Yes
 Cloud Security Testing(Application & Network, Cloud platforms
-AWS, Oracle, Google, Azure) -(Y/N) : Yes
 Software Product Reverse Engineering-(Y/N) : Yes
 IoT Security Testing -(Y/N) : Yes
 Social Engineering and Phishing Diagnostic-(Y/N) : Yes
 Process Consulting (ISO 27001, , Virtual CISO) –(Y/N)
RBI SAR, Regulatory audit as per guidelines by RBI, IRDA, SEBI, UIDAI etc Audits : Yes
 Virtual CISO Consulting (Y/N) : Yes
 Compliance Audits( SOC 1 & SOC 2 Audits, PCI-DSS Audits, IT Security Audits) : Yes
 Managed Security and SOC Services, C-SOC - (Y/N) : Yes
Govt. : <number of> 20+

PSU : <number of> NA
Private : <number of> 460+


Source Code Review : 20+
Network Devices/Firewall Secure Configuration Audit : 40+
Mobile Application Penetration Testing : 40+
API PenTesting : 20+
Compliance audits (ISO 27001, RBI SAR Audits, etc.) : 7+
Other(Server Technical Audits, Application & Network Security
Architecture Review, Secure SSDLC Consulting) : 20+
Red Team Assessment : 2
Skill Staff Augmentation : 6+
CISSPs : 0
BS7799 / ISO27001 LAs : 6
CISAs : 3
DISAs / ISAs : NA

No. Varutra Information Security Information security
1 Consultant 1 7 years 7 years Masters in IT, Certified
Ethical Hacker, ISO
27001 – Lead Auditor
2 Consultant 2 1.9 years 2 .9 years ISO 27001 – Lead
Auditor
3 Consultant 3 1 years 5 years CEH, ISO 27001, NSE 1,
NSE 2, AWS security
fundamentals and
CNSS,CISA
4 Consultant 4 3.9 years 3.9 years BE (Computer Science),
Certified Ethical Hacker
5 Consultant 5 3.4 years 3.4 years CEH v9, AWS Security
Fundamentals
6 Consultant 6 1.6 years 1.6 years BE (Computer Science),
7 Consultant 7 1.9 years 2.9 years CEH
8 Consultant 8 3 years 1.3 years BSc Computer Science)
CISC, CPH, CPFA
9 Consultant 9 7 months 8.5 years BE, CEH
10 Consultant 10 1 year 5.4 years CEH and Security+
Certifications
1. Application and Network Security Testing: Conducted Security Assessment for

17+ applications and 560+ IP addresses for one of the leading global provider of
software engineering and IT consulting services headquartered United States.
Complexity: The complexity was high for testing the large number of applications and
IP addresses having various types of platforms, services, application hosted in the
infrastructure of the client globally. Discovered several High to Low severity
vulnerabilities along with the detailed reports.
Cost: Confidential
Category: Private
2. Application and Network Security Testing: Activity involved Network Penetration

Testing for 270 IP addresses, Application Penetration Testing for 28+ applications, IPS
and IDS diagnostic review, conducting DOS attack for Multinational Corporation that
provides business consulting, information technology and outsourcing services
globally. Reported several High to Low severity vulnerabilities along with the detailed
reports.
Complexity: The complexity was high for testing the large number of applications and
IP addresses having various types of platforms, services, application hosted in the
infrastructure of the client globally. Discovered several High to Low severity
vulnerabilities along with the detailed reports.
Cost: Confidential
Category: Private
3. External Network Penetration Testing: Conducted External Network Pentest on

the Cloud and on premise devices, servers for one of the leading software company.
Complexity: Scope of IP address addresses 500+, found High to Low severity
vulnerabilities and provided guidance to client to get the remediation done in time.
Cost: Confidential
Category: Private
4. Managed ISMS Consulting: Performing ISMS Consulting, management,

improvisation and for one of the largest manufacturer organization in India for all
locations, plants & offices across India and assist client in being secure and compliant
to CIA triad.
Complexity: Scope of work for all plants, locations and vast infrastructure in scope.
Duration of project 1 year.
Cost: Confidential
Category: Private
Commercial Tools
Vulnerability Assessment & Penetration Testing – Rapid 7 Nexpose, Nessus

Professional, Firesec etc.
Application Security Assessment - Burpsuite, Acunetix WVS etc.
Freeware Tools
Vulnerability Assessment & Penetration Testing – Nessus, Nmap, OpenVAS, MBSA,

Nipper, KaliLinux, AirCrack, Helix (Forensics) etc.
Application Security Assessment – W3af, Nikto, BurpSuite, FireBug, SQLMap, N-

Stalker, WebScarab, Powerfuzzer, AppSpider, IBM Appscan, HP WebInspect etc.
Proprietary Tools
MASTS - Mobile Application Security Testing Suite: Security Testing Suite for android
mobile applications.
MVD - Mobile Vulnerability Database, provides mobile operating system level

vulnerabilities for Android, iOS, Blackberry and Windows platforms.

We have partnered with various international security solutions which we are reselling:
1. HP Fortify
2. IBM Qradar
3. Burp Suite
4. Rapid7
Varutra Consulting P. L. is a part of Infoshare Systems Inc, since October 2018. Varutra
operates the business as single entity as Private Limited company and is a subsidiary entity of
Infoshare Systems Inc.
1. California:- Head Office- Infoshare Systems Inc, 26040 Acero, Suite 111, Mission Viejo,
CA, USA – 92691 Contact Number: (714) 606 0005
2. Branch Office in US : - 9505 East 59th Street Suite # B, Indianapolis In 46216, Telephone :
317-986-4928
*Information as provided by Varutra Consulting Private Limited on 26-07-2021
Back
M/s Information Security Management Office (ISMO)
Information Security Management Office (ISMO),

Department of Information Technology Electronics & Communication, Haryana,
SCO No. 109-110, First Floor, Sector-17-B, Chandigarh – 160017
https://haryanaismo.gov.in, email: support.desk@haryanaismo.gov.in

 Penetration Testing : Yes
 Vulnerability Assessment : Yes
 Information security policy review and assessment
against best security practices : Yes
Govt. : 72
(Application under Security Audit at present : 34+
PSU : 5
Private : 0


CISSPs : 0
BS7799 / ISO27001 LAs : 3
CISAs : 0
DISAs / ISAs : 0
(CEH)
S. Name of Duration Experience in Qualifications related to

No. Employee with ISMO Information Security Information security
(DITECH)
1 Amit Kumar 7 years 3 7 years 3 months ISO 27001 (ISMS) LA, CHFI,
Beniwal months (17+ years of total CEH v10, STQC (CISP),
IT experience) MCITP, MCTS, Cyber Law
2 Pardeep Singh 7 years 7 years ISO 27001 (ISMS) LA, CEH
(12+ years of total v10, STQC (CISP), CCNA,
IT experience) CCNA (Security), MCP
3 Vinay Kinger 2 years 2 years CEH v10, RHCSA, B.Tech
(8+ years of total IT
experience)
4 Parveen Kumar 2 years 2 years CEH v10, B.Tech
(7+ years of total IT
experience)
5 Amit Kumar 2 years 2 years CEH v10, Fortinet NSE 1 & 2,
Chawla (7+ years of total IT JNCIA, B.Tech
experience)
6 Sudipta 2 years 2 years10 months B.E. (Electronics), PGDM (IIM
Choudhury (22 + years of total Bangalore), PMP, ITIL V3,
IT experience) CEH v10,
7 Sanjay Singh 9 months 6 years3 months ISO 27001 (ISMS) LA,Six
Kuntal (12 + years of total Sigma White Belt
IT experience) Certification, CCNA, B.E.
(Electronics&Communication),
Fortinet NSE 1 & 2
Information Security Audit of Hospital Management Information System (HMIS)

called ‘e-Upchaar’ of State Health System Resource Centre, Health Department
Haryana.
Number of User Roles : 58
Number of Modules : 24
Application Pages : 4216
Complexity : Medium
Location : Panchkula, Haryana
Project Value : Not Available
Commercial Tools:
 Netsparker Consultant Edition
 Core Impact
Freeware/Open Source Tool:
 Nikto  NMAP
 OWASP ZAP  Sqlmap
 DIRB  Nipper-ng
 Wireshark  Test SSL
 Metasploit  Aircrack-ng
 Toolsavailable with Kali Linux
10. Outsourcing of Project to External Information Security Auditors / Experts : No (If yes,
11. Whether organization has any Foreign Tie-Ups? : No

12. Whether organization is a subsidiary of any foreign based organization? : No If yes, give
details
Note: Information provided by Information Security Management Office (ISMO), DITECHason

27 July 2021.
Back
M/s Risk Quotient Consultancy Private Limited
1. Name & location of the empanelled Information Security Auditing Organization ::
Risk Quotient Consultancy Private Limited,

Unit 9, Building No:2, Sector 3, Plot No: 1,
Millennium Business Park, Mahape, Navi Mumbai, 400701

 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) (Y/N) Y
 ICS/OT Audits (Y/N) Y
 Cloud security Audits (Y/N) Y
Govt. : 0
PSU : 0
Private : 16
Total Nos. of Information Security Audits done : approx. : 100+


Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.): 1
ICS/OT Audits: 0
CISSPs : 2
BS7799 / ISO27001 LAs : 8
CISAs : 3
DISAs / ISAs : 0
Any other information security qualification:CEH, CISM, CSOC, CCSK, ISO 22301

1 Chaitanya Kunthe 10 years 16 Years CISSP,CISA,(CBCP),
Diploma in Cyber
Laws, Digital Evidence
Analyst, ISO 27001 -
2013 LA,ISO 22301 LA
2 Deepanjali 6 Years 10 Years ISO 27001:2013 LA

Chaitanya Kunthe Certified,ISO 22301 LA
Certified
3 Trupti Desai 8 Years 13 Years ISO 27001 LA,ISO
22301 LA,BCP/DR,
PCIDSS
4 Jerin Jose 5 years 5 years CEHv8,ISO 27001 LA,
ISO 22301 LA, CCSK
5 Atique Ur Rahman 3 Years 4 Years CEHv9,ISO
Shaikh 27001:2013 LA,
Trained on Red Hat
6 Shoba 2 months 16 Years ISO 27001:2013 LA,
Govindarajan ISO 22301 LA , CISA,
CISSP
7 Nandini 6 months 6 Months ISO 27001:2013 LA,
Srivastava Master of Cyber Law
and Information
Security
8 Shweta Kumari 6 months 2 Years Master in Cyber Law
and Information
Security
9 Shakti Mohanty 1 Year 30 Years CISA,CISM,PMP
10 Apoorv Dubey 2 Years 7 Years ISO 27001:2013 LA

11 Srikanth Appala 1 year 1 year BSc. – Forensic
Science, CEH
Large Capital Market broker – Ensuring that information security, cyber security and business
continuity controls are implemented, monitored and maintained for 7 locations across India.
Managing the audit calendar and auditing of 700+ IT general controls through the year.
Project value – INR 60 Lakhs
Technical assessment tools-

Nessus, Burp suite, Kali Linux, Proprietary scripts, SonarQube, Fortify etc.
Audit and assessment tools -
Raven (proprietary audit tool), 4Phish (proprietary ethical phishing tool developed internally),
4CEE (proprietary risk management tool), 4Sure (proprietary risk scoring tool for cyber
insurance companies)
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes - Contract
( If yes, kindly provide oversight arrangement (MoU, contract etc.)) – The contracts are
agreed upon on per project basis as and when required

If yes, give details - Risk Quotient Private Ltd, 205 Balestier Road, 02-06, The Mezzo,
Singapore 329682

Risk Quotient Private Ltd, 205 Balestier Road, 02-06, The Mezzo, Singapore 32968
*Information as provided by Risk Quotient Consultancy Private Limited on 27 July 2021.
Back
M/s CyberSRC® Consultancy LLP
CyberSRC® Consultancy LLP,

Address: Unit 605, 6th floor, World Trade Tower Sector 16, Noida, Uttar Pradesh-
201301 .
Contact Person: Vikram Taneja, CEO and Managing Director
Email id: Vikram@cybersrcc.com

onwards

 Cloud Security Audit - Yes
 Mobile Application Security Audit - Yes
 Compliance audits (ISO 27001,IEC 27019 PCI, etc.) - Yes
 System& IT Audits - Yes
 SOX & ITGC Testing - Yes
 Data Protection Audit (GDPR and others) - Yes
 Data Localization Audit - Yes
 Social Engineering Test - Yes
 Secure Code Review - Yes
 Data Center Security Audit & Assessment - Yes
 External Threat Intelligence - Yes
 Database Security Audit & Assessment - Yes
 Risk Assessments - Yes
 SCADA VAPT - Yes
 IOT Security Testing - Yes
 Honeypot Security As Service - Yes
Govt. : 0
PSU : 0
Private : 100+


Compliance audits (ISO 27001, PCI,
GDPR, ISO 27701, HIPPA etc.) : 25+
Cloud Security Audit : 5+
Mobile Application Security : 20+
SOX & ITGC Testing : 5+
System Audits : 5+
External Threat Intelligence : 1

BS7799 / ISO27001 LAs : 4
CISAs : 1
CEH/ CCNA/App Security/CNSS : 6
Python Scripting& Tool development : 1
Cloud Security : 1

No. CybeSRC Information Security Information security
1 Vikram Taneja 3.7 Years 11.7 Years CISA, CEH, CIPM,
COBIT, ISO 27001 LA,
ISO 27701
Implementer, certified
GDPR practitioner, ITIL
V3(f) certified, 6 Sigma
(Green belt) certified.
Trained on GRC
Platform RSA Archer.
2 Anshul Ghildiyal 1.7 yrs 2.5+ yrs ISO270001 LA, B.tech
LLB (Specialization
Cyber Law)
Trained in AWS
Security Fundamentals
and Compliances
3 Barun Agarwal 1.2 yrs 2.0+ yrs ISO270001 LA, CEH,
B.tech LLB
(Specialization Cyber
Law),
Trained in AWS
and Compliances,
Fortinet’s NSE 1 & NSE
2 Network Security
Associate
4 Rishabh Bhowmick 8+ Months 3.0 +yrs CEH V10, B.tech
Computer Science,
ICSI Network Security
Specialist
API academy security
architect
Trained in AWS
and Compliances,
2 Network Security
Associate,
5 Abhimanyu 1+ Years 1+Years ISO270001 LA, CEH
Agrawal B.Tech,LLB
(Specialization Cyber
Law)
6 Suyash Bajpai 1+Year 1.5+ Years CEH V10, BCA,
2 Network Security
Associate
We have supported and provided our services to clients with complex environment upto size of
20,000 employees company and, in various sectors including BFSI, Insurance, Healthcare,
Digital Payment companies, Fintech, SAAS companies, Manufacturing and other business
sectors.
Sno. Client Description Project Description Project Value
1) One of the largest Complex System Audit against INR 6,50,000/-

rural Fintech company stringentcyber & information security
in India (listed requirements from RBI for Pre
company) Payment Instrument and Bharat Bill
Payment System and, GST-GSP
Application Audit.The scope of work
spannedtomultiple locations,
departments and complex IT
environment including cloud and
hybrid servers, e-wallet and payment
applications.
2) Company located in - Complex VAPT Testing Non disclosure

50+ countriesin environment for the following
domains of CRM and scope of work in multiple
sales automation. geographical locations:
1) Servers – 25+
2) Laptops/Desktops- 500+
3) Applications- 4+
(including ERP System)
4) Network devices –
Firewalls/Switches/Router
s – 15
- ISO 9001 consultancy and

support for multiple location.
3) South-East Asia’s The following was scope of project: Non disclosure

largest cloud
telephony company - VAPT & Security Assessment
of IT Infrastructure and
applications
1) Web and Mobile
Applications – 3
2) Cloud Security
Assessment (servers)-
100
3) Server Hardening check-
100+
- General Data Protection Act (
GDPR) consultancy and
implementation support for
600+ employees spanned in
multiple geographical
locations.
- ISO 27001 Consultancy and
advisory services with
certification support for
multiple year support deal
4) One of the US listed The scope of work included Non disclosure
company in domain RCM/control design and revamp,
On-Demand software ,management testing of Application
solutions & E- & IT General controls for Test of
commerce services design and effectiveness, supporting
based company with SOX compliances & audit with scope
multiple offices in included in the testing is as following:
India.
- Applications – 19
- Servers – 100+
- Controls- 54
- Test cases (Work papers) –
700+
5) One of largest Grey and Black box testing of the Non disclosure
Automobile complex IT environment & production
Components site with scope of work included:
manufacturing
company in India - VAPT & Security Assessment
(listed company) of IT Infrastructure and
applications
1) Server- 25+
2) Web Applications- 10+
3) Firewalls- 40+
6) International The overall contract period is 3 years INR 12,00,000

organization with with the following scope of work:
SAAS based products
1) Applications (Grey box
testing) – 8 Applications
(annually)
2) Servers – 50+ (annually)
3) Mobile Application (IOS &
Android) – multiple
applicatiosn
Freeware/Open Source Commercial Proprietary tool

tools tools
Web: Nikto, dirbuster. dirsearch Web: Brupsuite Threat Intelligence tool

, OWASP ZAP, firefox professional and (Cybersrc-TI®)
browser extensions, others,
SQLMAP, burp suite Vulnerability management
extensions, Shodan, Network: Nessus system tool(Cybersrc-
Archini, Wfuzz, Wafw00f VMS®)
and many GitHub scripts
And other tools as per
like HTTProbe and lazy s3
client environment. Python based Scripts
developed for auditing
Mobile: Mobsf, Drozer, Android purposes.
Debug Bridge. apktool ,
cyndia , Frida and
objection
Network: Nmap, Wireshark,

Metasploit, OpenVAS and
nessus
Cloud : AWS- Scoutsuite, PACU

Azure - scoutsuite,
azurcar, powerzure
And other tools as per client

environment

We have Foreign- Virtual Office for correspondence of international customers, address:

London(UK)- Kemp House 152-160 City Road, London EC1V 2NXice
We have tie up with foreign company for Phishing Simulation Services for our customers,
Knowbe4.inc KnowBe4 USA 33 N Garden Ave, Ste 1200 Clearwater, Florida 33755

Address: London(UK)- Kemp House 152-160 City Road, London EC1V 2NXice
(This is correspondence office -virtual office)
*Information as provided by CyberSRC® Consultancy LLP, 26July 2021
Back
M/s CYRAAC Services Private Limited
CYRAAC Services Private Limited
 Network security audit (Y/N) -Y

 Web-application security audit (Y/N) -Y
 Wireless security audit (Y/N) -Y
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N)- Y
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N - Y
 ICS/OT Audits (Y/N) -Y
 Cloud security Audits (Y/N) -Y
Govt. : 6
PSU : 2
Private : 151


ICS/OT Audits : 2
Technical manpower deployed for informationsecurity audits : 14
CISSPs : 1
BS7799 / ISO27001 LA : 4
CISAs : 2
DISAs / ISAs : 0
Offensive Security Certified Professional - 1
Certified Ethical Hacker - 5
Certified Information Security Manager –2
CBCP - 1
Name of Employee Duration with Experience in Qualifications related

S.
<organization> Information to Information
No.
Security (years) security
1. Murari Shanker 39 months 32 CISM
2. Suresh P 22 months 21 TOGAF 9
3. Deepti Bhatia 37 months 6 CISSP, CISA
Name of Employee Duration with Experience in Qualifications related
S.
<organization> Information to Information
No.
Security (years) security
Venkateshwaran 25 months 8 CISA
4.
Prabhakaran
5. Ram Prasad 39 months 13 CEH, CHFI
Anamika Patil 39 months 3.3 OSCP, CEH, ISO
6.
27001 LA
7. Varun Mokashi 24 months 2 CEH
8. Uday Naik 24 months 3 CEH
Ashutosh Nath 20 months 2 CEH
9.
Rimal
10. Kalyani B 6 months 6 ISO 27001 LA
Bharat 45 months 7 CISM, CBCP
11.
Srinivasaraghavan
Information Systems Audits for a Bank
Scope:
 Audit against requirements and circulars - RBI Cyber Security Framework,

Gopalakrishna Committee Recommendations
 Audit againstStorage of Payments Systems Data
 e-Sign Audit
 Audit against UIDAI requirements
 Vulnerability Assessment and Penetration Testing
 Application Security Assessment
 Cloud Security Audit
 Data Privacy
 Security Operations Audit
Locations: India
Tool User
Nessus Professional Infrastructure Scanning
Burp Suite Penetration Testing / Web Application Scanning
Charles Infrastructure Scanning
SQLmap Penetration Testing / DB Scanner
W3AF Web Application Scanning
AirCrack-ng Infrastructure Scanning
Netcat Multipurpose Tool
TCPDUMP Infrastructure Scanning / Sniffer
Wireshark Infrastructure Scanning / Sniffer
Kismet Infrastructure Scanning
OpenSSL Toolkit Infrastructure scanning
Tool User
Fiddler / Firebug Web Application Scanning
SQLNinja Penetration Testing / DB Scanner
Nirsoft Suite Multipurpose Toolset
Sysinternals Suite Multipurpose Toolset
Frida Mobile Application Penetration testing
Drozer Mobile Application Penetration testing
QARK Mobile Application Penetration testing
MobSF Mobile Application Penetration testing
SuperAndroidAnalyzer Mobile Application Scanning
Postman API Penetration Testing
FuzzAPI API Scanning
Astra API Penetration Testing
Fortify SCA Secure Code Review
PMD Secure Code Review
Checkstyle Secure Code Review
FingBugs Secure Code Review
Source meter Secure Code Review
SonarQube Secure Code Review
VCG Secure Code Review
Prowler Cloud Configuration Review
Scout Suite Cloud Configuration Review
Custom Scripts Multipurpose


*Information as provided by CYRAAC Services Private Limited on 25 July 2021
Murari Shanker
Co-Founder and CTO
Authorized Signatory
Back
M/s ESSENTIAL INFOSEC PRIVATE LIMITED
M/S ESSENTIAL INFOSEC PRIVATE LIMITED
Corporate address (Mailing Address):

1st Floor, Plot No. 16, Near SBI BANK Behind Sultanpur Metro Station, New Delhi
110030
Website: www.essentialinfosec.com
Mobile: +91 79855 34793
Email: cert[at]essentialinfosec.com
Registered Address:
UG/66, Shuchita Business Park, Pant Nagar Municipal Market, Patel Chowk
Ghatkopar East Mumbai City Mh 400075
Mobile: +91 73983 77126
Email: pawan[at]essentialinfosec.com
Network security audit (Y/N) : YES

Web-application security audit (Y/N) : YES
Wireless security audit (Y/N) : YES
Compliance audits (ISO 27001, PCI, etc.) (Y/N) : YES
Application VAPT - (Vulnerability Assessment & Penetration Testing) (Y/N): YES
Network VAPT - (Vulnerability Assessment & Penetration Testing) (Y/N): YES
Mobile Application VAPT - (Y/N) : YES
IOT Security Testing (Y/N) : YES
Social Engineering Assessment(Y/N) : YES
Secure Code Review (Y/N) : YES
Local Host Security Assessments(Y/N) : YES
Device Security Audit & Assessment(Y/N) : YES
Telecom Security Audit & Assessment(Y/N) : YES
Risk Assessments(Y/N) : YES
ERP Security Audit & Assessment(Y/N) : YES
Infrastructure Security Audit(Y/N) : YES
Big Data Security Audit & Assessment(Y/N) : YES
Cyber forensic Analysis(Y/N) : YES
Security Architecture Review(Y/N) : YES
Data Center Security Audit & Assessment(Y/N) : YES
Cloud Applications VAPT(Y/N) : YES
Threat Assessment(Y/N) : YES
SOC - Security Operation Center Type 1 & 2 Assessment(Y/N) : YES
Managed Security Service(Y/N) : YES
Automotive Security Audit(Y/N) : YES
AI - Artificial Intelligence Security Audit(Y/N) : YES
ML- MACHINE LOG AUDIT(Y/N) : YES
Data Localization Security Audit(Y/N) : YES
Ransomware Rescue Analysis & Forensic Investigation(Y/N) : YES
API Security Audit(Y/N) : YES
Network Performance Testing(Y/N) : YES
GDPR Compliance Audit(Y/N) : YES
Root Cause Analysis(Y/N) : YES
ISNP Audit(Y/N) : YES
AUA/KUA Audit(Y/N) : YES
AEPS and AADHAAR pay Micro ATM Audit(Y/N) : YES
IT/OT Infrastructure Audit(Y/N) : YES
e-Sign Compliance audit(Y/N) : YES
Thick Client Security Audit(Y/N) : YES
4. Information Security Audits carried out in last 12 Months : 84
Govt. : 40
PSU : 12
Private : 32
Total Nos. of Information Security Audits done: : 84


Mobile Penetration Testing : 30+
Others : 5+
CISSPs : 2
BS7799 / ISO27001 LAs : 2
CISAs : 2

CCIE : 1
Ec-Council CEH : 12
AWS Security : 1
ITIL : 1
CSSA : 1
CCNA/CCNP : 5
S. No. Name of Duration with Experience in Qualifications related to

Employee Essential InfoSec Information Information security
Security
1. Pawan Srivastav 2020 4.5+ Years CEH, CSSA

2. Deepak Gupta 2021 4+ Years CEH
3. P. Kumar 2020 4.5+ Years CEH
4. Uttika 2021 4.2+ Years ISO 27001:2013 LA
5. Sachidanand 2021 12+ Years CEH, MCP
6. Vikas 2021 7+ Years CCIE, CCNP, Certified Engineer
7. Vivek 2021 7+ Years CCNA
8. Gitesh 2021 4+ Years CEH, CCNP
9. Yogita 2021 2+ Years CEH
10. R. Kashyap 2022 5+ Years ISO Lead Auditor
11. Aditya 2022 4+ Years CEH
12. Ajhar 2022 6+ Months CEH
13. R. Gupta 2022 9+ Years ISO 27001:2013 LA
14. Akshay 2022 4+ Years CEH
Due to non-disclosure agreement with Client, Business/scope are restricted to disclosure.
1 Acunetix Commercial
2 Nessus Commercial
3 Snappytick Commercial
4 Burpsuite Pro Commercial
9 enumIAX Freeware
5 arp-scan Freeware
6 Dig Freeware
7 Ffuf Freeware
8 enum4linux Freeware
10 EyeWitness Freeware
11 Faraday Freeware
12 Fierce Freeware
13 Gophish Freeware
14 GoLismero Freeware
15 hping3 Freeware
16 ident-user-enum Freeware
17 InSpy Freeware
18 masscan Freeware
19 Metagoofil Freeware
20 Nmap Freeware
21 Rust Scan Freeware
22 OSRFramework Freeware
23 Postman Freeware
24 Recon-ng Freeware
25 Social Engineering Toolkit Freeware
26 SMBMap Freeware
27 SPARTA Freeware
28 testssl.sh Freeware
29 Sublist3r Freeware
30 Hashcat Freeware
31 theHarvester Freeware
32 URLCrazy Freeware
33 Wireshark Freeware
34 Xplico Network Forensics Freeware
35 BBQSQL Freeware
36 cisco-global-exploiter Freeware
37 jSQL Freeware
38 Lynis Freeware
39 openvas Freeware
40 sqlmap Freeware
41 Netcat Freeware
42 LinPEAS Freeware
43 WinPEAS (Privilege Escalation Audit) Freeware
44 Yersinia Freeware
45 Armitage Freeware
46 Backdoor Factory Freeware
47 BeEF Freeware
48 Commix (Command Injection Exploiter) Freeware
49 Crackle (Bluetooth Audit tool) Freeware
50 Searchsploit Freeware
51 Linux Exploit Suggester Freeware
52 Windows Exploit Suggester Freeware
53 Maltego Freeware
54 Metasploit Framework Freeware
55 RouterSploit Freeware
56 Aircrack-ng Suite Freeware
57 Bluetooth-arsenal Freeware
58 Airgeddon Freeware
59 kalibrate-rtl (GSM) Freeware
60 KillerBee Freeware
61 wpascan Freeware
62 DirBuster Freeware
63 fimap Freeware
64 FunkLoad Freeware
65 hURL Freeware
66 w3af Freeware
67 XSStrike Freeware


*Information as provided by < Essential Infosec Private Limited> on <26/02/2022>
Back
M/s ISECURION Technology & Consulting PVT LTD
ISECURION Technology & Consulting PVT LTD
2nd floor, #670, 6th Main Road, RBI Layout, J.P. Nagar 7th Phase, opp. Elita
Promenade, Bengaluru, Karnataka 560078

 Mobile application security audit (Y/N) : Yes
 Read Team Assessment (Y/N) : Yes
 Cloud Security Audit (Y/N) : Yes
 Penetration Testing (Y/N) : Yes
 IOT Security Testing(Y/N) : Yes
 Firewall Configuration review(Y/N) : Yes
 Deep Web /Dark Web Monitoring(Y/N) : Yes
 SOC2 Audit & Certification(Y/N) : Yes
 ISO 27001 Implementation & certification(Y/N) : Yes
Govt. : 0
PSU : 0
Private : 100+


Compliance audits
(ISO 27001, IEC 62443, IEC 27019, PCI, SOC2, GDPR etc.) : 10+
Secure Code revie : 2+
Firewall Configuration review : 10+
IOT Security Testing : 3+

CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification:CEH: 5, ISO 27001 LI:1

No. ISECURION Information Security Information security
1 Manjunath NG 5.5 Years 13 Years ISO 27001 LI, CEH,
CCNA, MCSE
2 Sachin Kumar S 2.5 Years 3.4Years CEH, CPT
3 Aghilesh B 2 .4 Years 2.4 Years NASSCOM Application
Security Analyst
4 Mukul Trivedi 4 Months 2.4 Years CEH
5 Pramod 6Months 5 Years VPA,IIHT-CCP, IBM-
Raghunathan CCS
6 Cephas Joseph 2 Months 4 Years CEH, CPFA, CISC
7 Rajesh Kannan 6 Months 01 Years CEH, CCNA, Comptia
N+, CCNP, MCP,
MCDST
8 Kasireddy 4 Months 01 Years
Venkateswarlu
Vulnerability Scan for Major BPO Company across 5 locations which consist of nearly 1000
Assets which includes Servers, Desktops, Network & Security Devices.
Performed Audit of 25+ Applications for a Largest Data Indicators in Europe across different
environments and Technology.
Quarterly External Penetration Testing Activity for Major Indian e-commerce company from
various perspective of their External infrastructure, Web & Mobile applications.
Project Value (s): Confidential
• Nmap
• Nessus Pro
• Nikto
• Metasploit
• Sqlmap
• BurpSuite Pro Edition
• Acunetix Pro
• OWASP Zed Attack Proxy
• Webscarab
• Kali linux OS
• Paros
• Wikta
• Sublister
• W3AF
• Android Tamer
• AppUse
• MobSF
• APKTool
• Drozer
• LogCat
• Cyberduck
• FileZilla
• Xposed Module SSLUnpinning
• Echo Mirage
• Prcoess Monitor
• Regmon
• Mallory
• Wireshark
• TCP relay
• WinHex
• Java Snoop
• mimikittenz
• DomainPasswordSpray
• nishang
• PowerSploit
• ADRecon


*Information as provided by ISECURION Technology & Consulting PVT LTD on 27-07-2021
Back
M/s Netmagic IT Services Pvt. Ltd.
Netmagic IT Services Pvt. Ltd.

Lighthall 'C' Wing, Hiranandani Business Park, Saki Vihar Road,
Chandivali, Andheri (East) Mumbai 400 072

Govt. : 50+
PSU : 100+
Private : 150+


CISSPs : 1
BS7799 / ISO27001 LAs : 2
CISAs : NA
DISAs / ISAs : NA
Any other information security qualification:(GCFA/CCISO/CEH/CHFI)

Security
1 Srinivas 12 years 12 years CISC, CPH, CPFA, ISO
Prasad 27001 LA, CPISI
2 Bhushan 9 years 16 years ISO 27001 LA, CISC
Pandloskar
3 Neeraj Pathak 3 years 16 years CISSP, CCNP, CCDP
4 Sandeep Kand 1 year 4 year ISO 27001 LA
5 Jaspreet Singh 3 years 5 years CEH, Cyberlaw, CTIA,
Bassan
Out of 25+ large projects of Netmagic, one of the largest and complex project was to carry out
Information Security with following detail scope.
The scope of entire activity includes:
 Vulnerability Assessment / Penetration Testing

 Configuration Audit of Network Devices
 Technical /Configuration Assessment of (Windows and Unix) Servers
 Policy and Process review & Audit
 Breach Assessment
Open Source
 Webscarab/Paros/Burp
 Grendle scan/Nikto/w3af
 KALI Linux
 Dir buster
 WebSecurify
Commercial
 Nessus
 Hacker Guardian
 Netgear Wi-Fi Scanner

YES
NO

YES.NTT LTD.
NO
*Information as provided by <Netmagic IT services Pvt Ltd> on <26.07.2021>
Back
M/s NetSentries Infosec Solutions Private Limited
1. Name & location of the Empanelled Information Security Auditing Organization:
NetSentries Infosec Solutions Private Limited
Bangalore Address:
No 185/7, 2nd Floor, Chandra Plaza,
8th F Main, 3rd Block Jayanagar
Bangalore 560011
Cochin Address:
No.5, 4th Floor, Wing II
Jyothirmaya Building, Infopark SEZ Phase-II,
Cochin 682303
Compliance audits (ISO 27001, PCI, etc.) (Y/N) Yes
SWIFT CSP Security Audits Yes
ATM/CDM/ITM Security Audits Yes
RPA Security Assessments Yes
Security Operations Center Audits Yes
IOT/OT Security Audits Yes
Red and Purple Team Assessments Yes
Cloud Security Audits Yes
Security Engineering Reviews Yes
Secure Code Reviews (SAST, SCA, DAST, IAST) Yes
Detailed List of Services offered By NetSentries with respect to Information Security.

Services Details
 Network Penetration testing
Infrastructure Security Assessment
 IOT/OT Security Assessments
 SCADA/ICS Security Assessments
 Web Application Security Assessment
Application Security Assessment  Mobile Application Security Assessment
 Application Source Code Reviews (SAST, IAST, SCA,
DAST)
 API Security Assessments
 Digital Wallets and Payment Systems Security
Assessments (Apple Pay, Samsung pay etc)
Digital Payment Systems Security  Payment Aggregators and Payment Gateway Security
Assessment Assessment
 POS terminals and POS preparation security assessments

ATM/ITM, POS, Card Production Security
 ATM/CDM/ITM/BTM security assessments
Assessments
 Payment gateway security assessment and
testing
 Card production security assessment
 External Red teaming and spear phishing
 Internal Red Teaming
Adversarial Simulations
 Purple Teaming
 Attack Surface discovery and reduction
 Business Email Compromise Simulations
 SOC assessment with content and correlation review
Security Operations Center (CSOC)
Assessment
 Threat Simulations and SOC Cyber Drills
 Enterprise security architecture review
 Security Engineering Reviews
Enterprise Security & Critical
 Enterprise email system security assessment
Infrastructure Assessments
 Core Banking systems Security Assessments
 Firewall segmentation testing
 Security baselining and control validation
 RPA and robotics security assessment
Other Advanced Security Assessments
 Cloud security assessment – (IAAS, PAAS,
SAAS)
 Blockchain, AI and ML Applications Security Assessments
 PCI DSS
 SWIFT CSP
GRC Enablement  GDPR
 ISO27K
 NIST
 RBI DPS
Govt. 0
PSU 0
Private 100+
Total Nos. of Information Security Audits done 100+

Network security audit 100+
Web-application security audit 100+
API Security Audits 50+
Wireless security audit 5+

Compliance audits (ISO 27001, PCI, etc.) 10+
SWIFT CSP Security Audits 15+
ATM/CDM/ITM Security Audits 25+
Open Banking Security Audits 3
RPA Security Assessments 50+
Security Operations Center Audits 2
IOT/OT Security Audits 1
Red and Purple Team Assessments 5
Cloud Security Audits 3
Security Engineering Reviews 10
Secure Code Reviews (SAST, SCA, DAST, IAST) 15+
Integration Layer and Micro Services Audits 50+
CISSPs 1
BS7799 / ISO27001 LAs 2
CISM 2
OSCP 6
OSWE 1
CRTP 2
ECSA 2
CHFI 1
CEH 9
Qualys Certified 6
7. Details of technical manpower deployed for information security audits in Government

and Critical sector organizations (attach Annexure if required)
NetSentries Security Assessment Team List

Name of Qualifications related to
# with Information
Employee Information security
Netsentries Security
CISSP-AP/EP/MP, SSCP, LPT
1 Arun Thomas 5 years 18 years
Master, ECSA Practical, CHFI
# with Information
2 Rupesh Nair 5 years 15 years AWS Certified Cloud Practitioner
Vamsi Kalyan PCI-ISA | ISO Lead Auditor | CCNA

3 5 years 18 years
Pothula | CCNP | CCIE(W)
4 Vidhyasagar K 2 years 5 years CISM
5 Abhinav Rajput 1 year 5 years OSCP, CCNA

OSWE; OSCP; CRTP; CEH Practical;
Qualys Vulnerability Management;
Vaibhav Joshi Qualys Web Application Scanning;
6 2 years 3 years
Qualys Policy Compliance; Qualys
PCI Compliance; Fortinet NSE2;
Fortinet NSE1
7 Mohammed Abin 2 years 3 years CEH, CRTP, CRTE
8 2 years 3 years CEHv10

Anoop AJ
CEHCEH v9; Fortinet NSE 1
Network Security Associate;
Fortinet NSE 2 Network Security
9 Amal Raj P 3 years 3 years
Associate; SWIFT Customer
Security Controls Framework
v2021;
10 Enosh George 3 Years 5 years CEH
BCA (Cloud Technology and

Information Security Management);
11 2 years 2 years
Rajalakshmi KR Qualys Certified Specialist (VM,
SSBP)
12 Sindhoori Murali 1 year 2 years CEH, NASSCOM
13 Suchand Babu 4 years 5 years CISM
14 Jason Dias 1 year 7 years OSCP, CEH

CEH, ECSA, Fortinet- NSE 1,Qualys
15 Bajrang Davda 1 year 2 years
Certified Specialist
16 Divyang Chauhan 1 year 4 years OSCP, Qualys Certified Specialist
Splunk Power User 6.3; Splunk SE

17 Habshan AK 4 years 4 years I; Fortinet NSE 1; Fortinet NSE 2;
Microsoft Specialist-Hyper V
CEH, CEH Practical, CEH Master,

18 Rajpal Singh Gurjar 2 years 2 years
ECSA, NSE 1 & NSE 2
19 Arun Kumar S 2 years 2 years Qualys Certified Specialist
Qualys Certified Specialist,
20 2 years 2 years
Jamie Jacob Mathew CheckmarxCx
21 Christy Elias 3 years 3years CheckmarxCx
22 Muhammed Fazil 3 years 3years CheckmarxCx

# with Information
T.S
23 Arvin Jangid 1 year 1 year OSCP

CEH V10; ISO 27001:2013 Lead
24 Madhup Bajpai 1 year 1 year
Auditor
25 Charchit Verma 1 year 1 year OSCP ; NSE-1 ; NSE-2
Archana M.Tech in Computer Science &
26 2 years 2 years
Radhakrishnan Information System,
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity,
locations etc.) along with project value.
SWIFT Security Gap Assessment, Remediation Enablement and Compliance Attestation for a
Multinational bank with more than 10 locations worldwide – Approx. Value – INR 2 Crores
PCI DSS Compliance Enablement and first-time certification assistance to the issuing business of a
large bank. Approx. Value – INR 1.5 Crores
External Red and purple Team Assessment with Remediation enablement and CSOC enhancement
services to a multi-national bank with presence in several countries. Approx. Value – INR 70
Lakhs
Application and Infrastructure Penetration testing for a conglomerate with more than 100
applications and several 100 Infrastructure components. Approx. Value – INR 2 Crores
NetSentries Security Assessment Tools List

Tools from Multi-paradigm Reverse Engineering Web App Exploitation
Penetration Frameworks: Tools Scanners: Frameworks:
Testing  Metasploit  IDA Pro  Qualys WAS  OWASP ZAP
Distribution  Armitage  PEStudio  Nikto  Fiddler
s:  Faraday  PEView  Arachni  Burp Suite
 Kali Linux  ExploitPack  WDK/WinDBg  W3af Pro
 Parrot OS  Pupy  OllyDbg  Wapiti  OWASP-
 BlackArch  X64dbg  WebReaver OWTF
 Kali Net  De4dot  WPScan  Wordpress
Hunter  Radare2  Cms- Exploit
 Tails  Immunity Debugger explorer Framework
 Qubes  Frida  Joomscan  WPSploit
 Whonix  dnSpy  Secaps
Suite
 binwalk
 ACSTIS
 PyREEBox
 Voltron
 Capstone
 Readelf
Exploit Network Utilities: Network Utilities Cotd Windows Transport
Frameworks  Nmap ., Utilities Layer Security
ctd:  Scanless  SSH MITM  Sysinternal Tools
 SQLmap  Tcpdump  Netzob s Suite  SSLyze
 Tplmap  Wireshark/Tsha  Pwnat  Windows  Tls_prober
 Weevely3 rk  Smbmap Credentials  Testssl.sh
 Wappalyz  Pig  Scapy Editor
er  Netsniff-NG  Dripcap  Mimikatz Infra and OS
 WhatWeb  Intercepter-NG  Printer Exploitation  PowerSploit Vulnerability
 Wafw00f  SPARTA Toolkit  Windows Scanners:
 Fimap  Dnsenum  Praeda Exploit  Nexpose
 Kadabra  Dnsmap  Routersploit Suggester  Nessus
 Kadimus  Dnsrecon  Evilgrade  Responder  OpenVAS
 Liffy  DNSChef  Xray  Bloodhound  Vuls
 Commix  Dshell  Ettercap  Empire  Qualys
 DVCS  CrackMapExec  Fibratus Guard
 Mitmproxy
Ripper  Morpheys  zarp  wePWNise
 Sslstrip2  Mallory  redsnarf
 NoSQLma  Magic
p Unicorn
 VHostSca  DeathStar
n
 FuzzDB
Security Hash Cracking Wireless Security Anonymity Secure Code
Control Tools Assessment Tools: Tools Review tools
Evasion  John the Ripper  Aircrack-ng  Tor  Veracde
Tools  Hashcat  Kismet  Onion Scan  SonarQube
 Veil  CeWL  Reaver  I2P  Sourcemete
 Shellsploi  JWT Cracker  Wifite  Nipe r
t  Rar Crack  Fluxion  Checkmarx
 Hyperion  BruteForce
 AntiVirus Wallet
Evasion
Tool
 peCloak.p
y
 UniByAV
OSINT Tools Social Proprietary Tools

Engineering
 Maltego  NS-Segmentor - This
 Harpoon  Custom SMTP is a segmentation
 Google Servers & penetration testing
dorks Phishing suite that assess
 GHDB Frameworks effectiveness logical
 Censys  Custom segmentation
 Shodan Spearphishing controls.
 Recon-ng Exploit Payloads  NS-Hawk - This is a
 SpiderFoo OSINT and Darkweb
t threat intelligence
 ZoomEye harvesting tool
 Intrigue  NS-TIP - This a a
Threat Intelligence
Platform capable of
IOC analysis and
sharing
 NS-ElastikTA - This a
Threat Hunting and
Security Analytics
platform developed
with ELK stack
Custom Tools: In addition to the above listed tools, custom tools will be developed based
on the context of the scoped asset.
10. Outsourcing of Project to External Information Security Auditors / Experts: NO

11. Whether organization has any Foreign Tie-Ups? If yes, give details : YES
UAE Sales Office

NetSentries Technologies FZCO
G11, TechnoHub, DTEC, Dubai Silicon Oasis
Dubai, UAE

If yes, give details.
13. Locations of Overseas Headquarters/Offices, if any: : YES
UAE Sales Office

NetSentries Technologies FZCO
G11, TechnoHub, DTEC, Dubai Silicon Oasis
Dubai, UAE
*Information as provided by NetSentries Infosec Solutions Private Limited on 26th July, 2021
Back
M/s Swadesh System Pvt. Ltd.
Swadesh System Pvt. Ltd.,

Address:504,5th Floor, 58, Sahyog Building,
Nehru Place, New Delhi-110019

 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) YES
 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) (Y/N) YES
 ICS/OT Audits (Y/N) YES
 Cloud security Audits (Y/N) YES
Govt. : 0
PSU : 0
Private : 100+


ICS/OT Audits : 00
CISSPs : 00
BS7799 / ISO27001 LAs : 02+
CISAs : 00
DISAs / ISAs : 00
Critical sector organizations (attach Annexure if required)- Annexure Attached.
S. No. Name of Employee Duration with Experience in Qualifications related to

<organization> Information Security Information security
01 RohitJain 12Yrs. 12Yrs. GraduateandMCSE

02 RoopaliJain 10Yrs. 10Yrs. MCA
03 GauravSharma 3Months 4Yrs. B.Tech
04 VanditSharma 2Months 2Yrs. B.Tech

05 CHRISTYMATHEW 2Months 3Yrs. B.Tech.,CEH
06 GVAISHNOCHAITANYA 3Months 3Yrs. B.Tech
07 DhruvMathpal 3Months 6Months B.Tech
08 UdayRaj 3Months 3Yrs. B.E., CEH

09 MayankGoswami 3Months 1Year B.Tech
10 MeghaGupta 10Days 1Year MBA
11 ShikhaSharma 3Years 3Years BCA/PursingMCA
etc.) along with project value.-.-: Saija Finance Limited- 4 Server Locations, 550 + IP
addresses that includes DC, Network devices, desktops and POS locations.
Acunetix Nmap/ Zenmap Hamster

Sonatype Nexus Sqlmap IP scanner
Burp suite Nikto Yersinia
SoapUI Hydra Ethereal
Nessus John the Ripper Echo Mirage
NetCraft Putty WebScarab
Qualys Whois W3af
NMAP Scapy Sparta
Metasploit Framework Pyloris Directory Buster
Netcat LOIC SMTP Ping
Kali Linux CSRF Tester Hash-Identifier
MOBSF Ollydbg SysInternals Suite
JD-GUI MBSA Santoku Linux
DEX2JAR TestSSLServer OpenVAS
APKTOOL Python / Powershell Scripts OmegaDB

SSL Qualys server lab Qualys SSL Fiddler
Wireshark/ TCPDump Ettercap WireEdit
Armitage Ferret Process Hacker
Browser Plugins Curl Dsniff

OpenZap NSLookup Lynis



*Information as provided by Swadesh System Pvt. Ltd. on 27.07.2021
Back
M/s TATA Power Delhi Distribution Ltd
TATA Power Delhi Distribution Ltd

NDPL House, Hudson Lines
Kingsway Camp
Delhi-110 009
 Network security audit (Y/N)

Y
 Web-application security audit (Y/N)
Y
 Wireless security audit (Y/N)
Y
 Compliance audits (ISO 27001) (Y/N)
Y
 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) (Y/N)
N
 ICS/OT Audits (Y/N)
Y
 Cloud security Audits (Y/N)
N
 IT Security policy and documentation (Y/N)
Y
 Phishing Campaign (Y/N)
Y
 Architecture Review (Y/N)
Y
 Source Code Review (Y/N)
Y
Govt. : 0
PSU : 0
Private : 62

Network security audit :3

Web-application security audit :5
OT Security audit :5
Information Security Incident Management : 14
Business Continuity Planning : 16
Risk Assessment :2
Information Security Awareness :2
Compliance audit as per statutory guidelines :1

CISSPs : 0
BS7799 / ISO27001 LAs : 13
CISAs : 1
DISAs / ISAs :0
Any other information security qualification:CISM:1, CEH:4, CASE:6, CND:3

TATA Power- Information Security Information security
DDL
1 Aamir Hussain Khan 9 years 14 years 1. Certified Information
Security Manager
(CISM)
2. DNV-GL Certified ISO
27001:2013 Lead
Auditor - ISMS
3. NABET Certified ISO
27001:2013 Lead
Auditor – ISMS
4. EC council Certified
Ethical Hacker
5. Indian Law Institute
Certified “Online Course
in Cyber Law
6. “Vulnerability
Assessment &
Prevention” Course
from CDAC-Noida
7. US Homeland
Security Department
Certified Cybersecurity
Practices for Industrial
Control Systems
8. US Homeland
Security Department
Certified Cybersecurity
Landscape for
Managers
9. Cybrary certified
“Introduction to IT &
Cybersecurity”
2 Abhishek Bhargav 6 years 13 years 1. Certified Network
Defender
2. “Vulnerability
Assessment &
Prevention” from CDAC-
Noida
3 Tarun Bhardwaj 10 years 8 years 1. Certified Information
Security Auditor
2. ISO 27001:2013 LA
3. “Vulnerability
Assessment &
Noida
4. ISGF - Cyber
Security for Power
System Control
4 Abhishake Sharma 7 years 6 years 1.Certified Application
Security Engineer
2. ISO 27001:2013 LA
3.“Vulnerability
Assessment &
Noida
5 Parul Bahl Sawhney 6 years 6 years 1. CEH

2. ISO 27001:2013 LA
3.“Vulnerability
Assessment
&Prevention” from
CDAC-Noida
6 Vinita Gupta 10 years 6 years 1. CEH
2. ISO 27001:2013 LA
3.“Vulnerability
Assessment
&Prevention” from
CDAC-Noida
7 Akash Ahuja 10 years 4 years 1. CEH
2.“Vulnerability
Assessment
&Prevention” from
CDAC-Noida
8 Kanishka Guha 6 years 4 years 1.Certified Application
Biswas Security Engineer
2.“Vulnerability
Assessment &
Noida
9 Vasu Maurya 3 years 3 years 1. Certified Network

Defender
2. “Vulnerability
Assessment &
Noida
10 Pushpendra Kumar 15 years 4 years 1.Certified Application
Chaudhary Security Engineer
2.“Vulnerability
Assessment &
Noida
11 Darshana Pandey 4 years 4 years 1. CEH
2.“Vulnerability
Assessment
&Prevention” from
CDAC-Noida
12 Joginder Shokeen 11 years 4 years 1.Certified Application
Security Engineer
2.“Vulnerability
Assessment &
Noida
13 Sakshi Gupta 5 years 4 years 1.Certified Application
Security Engineer
2.“Vulnerability
Assessment &
Noida
14 Aseem Kher 12 years 4 years 1.Certified Application
Security Engineer
2.“Vulnerability
Assessment &
Noida
15 Rahul Jonwal 4 years 2 years 1. Redhat Certified
Professional
2. Vmware Certified
Professional
Leading The scope involved planning, organizing and scheduling No. of Teams audited-
Power ISMS (ISO 27001) based audits for a large power sector 13
Sector utility comprising of Generation, Transmission and Team Details-
Organization Distribution units being managed by a common IT Dept. Delivery Excellence
Managing a programme of ISMS audits involves planning, Enterprise Application
controlling and monitoring/overseeing it, through activities Training
such as: Enterprise Application
(SAP-ISU)
 Prioritizing, planning and outlining the scope of Analytics & Insights
individual ISMS audits within the overall audit work Enterprise Application
programme, perhaps combining wide-scope - SAP
superficial ISMS audits with more tightly-focused Infosec / CISO
audits going to more depth on areas of particular HR
concern (e.g. longstanding issues or significant Legal and Compliance
risks) SAP Basis
 Allocating suitable resources to undertake planned IT Infrastructure
and approved audits (e.g. ensuring that ISMS Physical & e-Security
auditors are trained, competent and motivated to do Interaction with
the work to a required level of quality) Secondary Data
 Arranging or coordinating ISMS audits at multi-site Centre team
organizations including multinationals and ‘group’ Top Management
structures, where comparisons between the ISMSs
in operation within individual business units can
help share and promote good practices
 Auditing the ISMSs of second parties such as
suppliers and business partners (note: a second
party’s ISO/IEC 27001 certification from an
accredited certification body may or may not provide
sufficient assurance across all the areas of concern,
for example there may be significant information
risks or compliance implications arising from
information services provided, or incidents and
concerns may indicate issues that deserve
exploring).
Audit management activities include:

 Gaining support from management to conduct the
ISMS audit as proposed in outline, with their
agreement in principle and authority to proceed with
the detailed scoping and planning (which may lead
to a further authorization step once finalized)
 Supervising, guiding, motivating and supporting
auditors, ensuring they follow accepted audit
practices, conducting file reviews and proofreading
draft reports
 Reviewing and challenging unsubstantiated or
notable findings e.g. playing the devil’s advocate to
explore the evidence, depth of analysis and nature
of issues; proposing alternative explanations and
potential recommendations; helping auditors
evaluate the risks in the business context
 Dealing with issues that jeopardize the audit
assignment such as interpersonal problems, lack of
engagement, delays, reluctance or refusal to supply
essential information etc. (issues may be raised or
escalated by anyone involved in the process)
 Liaising with management, perhaps providing
interim updates and setting expectations for the
audit reporting phase.
Various checkpoints considered during the audit are as

listed below:
 Need, importance, expectations, awareness of

ISMS
 Lists of procedures and policies
 Statement of Applicability (SoA)
 Risk assessment
 Metrics to track the performance of Information
Security Objectives
 List of information assets
 Business Continuity Plan and Disaster Recovery
(BCP-DR Plan)
 Incident Management
Commercial:
Nessus Pro
BurpSuite Professional
Nexpose
Freeware:
ZAP
Beef
Kali Linux
Nmap
SQLMap
Nikto
Metasploit
Hydra
Wireshark


*Information as provided by Tata Power Delhi Distribution Ltdon 28-July-2021

Back
M/s Amigosec Consulting Private Limited
Amigosec Consulting Private Limited

401, Shatrunjay,
Divecha Complex, Edulji Road,
Charai, Thane(w), Maharashtra - 400601.

 ICS/OT Audits (Y/N) : No
 Mobile Application Security Audit (Y/N) : Yes
 API Security Audit (Y/N) : Yes
 Thick-client Application Security Audit (Y/N) : Yes
 Firewall Rulebase Analysis (Y/N) : Yes
 Security Audit Reviews (Y/N) : Yes
 Network Penetration Testing (Y/N) : Yes
Govt. : 0
PSU : 0
Private : 234


(Multiple IPs)
External PT : 2
Internal VA : 50
Configuration Review : 50
ICS/OT Audits : 0
Mobile-application security audit : 19
Thick Client-application security audit : 4
CISSPs : 0
BS7799 / ISO27001 LAs : 1
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification :4
S. Name of Employee Duration withAmigosec Experience Qualifications related to

No. Consulting Private in Information security
Limited Information
Security
1 Ashish Rao 18-Aug-2014 13+ years ISO27001 LA
2 Paresh Jain 18-Aug-2014 11+years Master’s in computer
and Information
Security, C|EH
3 Pooja Chavan 1-Dec-2018 2.8+ years C|EH
4 Vaibhav Raman 1-Nov-2019 2.9+ years CPFA, CISC, C|EH
5 Sidhvick Shivalkar 17-Nov-2020 2+ years ECSA, CEH
Leading NBFC Investment and CreditCompany(NBFC-ICC)that deals in Financing

ofSMEs,Rural Micro Enterprisesalong with Loans for Vehicle, Home,Personal
andProperty with Pan India Presence:
 We have been successfully managing application security program for a leading NBFC
company of India.
 The scope included making an assessment plan for all the new applications introduced
by the Technology teams and assess the business-critical application on a periodic
basis. As a part of this engagement, we have dedicated security analysts and a project
manager working with the Infosec team of the client.
 We have developed a robust security process to ensure that the applications are
released with best security standards.
 The security assessment is done for all applications before they are released in product
environment. And the team is guided for security best practices to be implemented
based on the nature of application, technology stack and architecture.
 We also equip the application development teams with secure coding practices &
methodologies.
Project Highlights:
- Assessed 92 Web, Mobile Apps and APIs in previous financial year
- Co-ordinated with 3rd party product vendors
- Recommended design level security controls for complex applications
- Conducted trainings for Web & Mobile app development teams
- Created a security framework for mobile applications
- Generated compliance reports for tracking & closures.
Project Value:
In 2020-2021: ~28 Lakh (in INR)
NBFCCompanythat focuses on Consumer and MSME financing:

 We conducted an annual vulnerability management engagement for an Asset Finance
company of India. The scope of the project was to carry out security assessments of
all their application assets and the IT infrastructure.
 A security assessment calendar was planned based on the business criticality and go-
live schedules of the teams.
 In the initial phase our team was involved in creating security baseline documents for
various servers and devices present in the client environment.
 Licensed security tools were installed and configured as per the client environment for
the project.
 Periodic vulnerability scanning was conducted on monthly basis for critical assets. And
adhoc assessments were scheduled and performed for newly onboarded IT assets.
 The applications that were audited involved Intranet as well as Internet facing ones. It
included Line of Business applications integrated with 3rd party payment gateways
and payment providers, HRMS applications, and APIs.
 The detailed reports were released for each security assessment and the vulnerabilities
reported were tracked for closure with the IT teams. Re-assessments were carried out
in a timely manner.
Project Highlights:
- Assessed 20 Applications including Web and Mobile
- Performed External PT for 140+ IPs
- Performed Internal VA (Adhoc) for over 400+ IPS
- Performed half-yearly Calendar VA for over 350+ IPs
- Built baseline audit checklists for Windows and Linux as per Client policies
Project Value: In 2020-2021: 15 Lakh (in INR)
Tool name Description Type
Nessus Professional For scanning vulnerabilities in Commercial

Scanner server ports
Burp-suite Professional For Capturing Web Request & Commercial
Response, and injecting
attack payloads
SynVM For Centralized Vulnerability Proprietary
management
Owasp ZAP For Capturing Web Request & Freeware
Response, and injecting
attack payloads
NMAP For Port Scanning Freeware
SQLMap For exploiting SQL injection Freeware

parameters
DirBuster For identifying web directories Freeware
present on the server
Nikto For scanning web server for Freeware
security flaws related to
configurations
WinHex For reading browser memory Freeware
Wireshark For network analysis Freeware
POSTMAN For Web services and API Freeware

Testing
JD-GUI / DEX2JAR/ For Android Mobile App Freeware
APKTOOL reverse engineering
Drozer For dynamic analysis of Freeware
Mobile Application
MOBSF For static application security Freeware
testing
Metasploit Framework For developing and executing Freeware
exploit code for systematic
vulnerabilities on networks
and servers
Hydra/John the Ripper For password cracking Freeware
Nipper-ng For audits the security of Freeware

network devices such as
switches, routers, and
firewalls
Netcat For reading from and writing Freeware

to network connections using
TCP or UDP
Aircrack-Ng For assess Wi-Fi network Freeware
security


*Information as provided by Amigosec Consulting Private Limited on 30-July-2021
BacK
M/s ANZEN Technologies Private Limited
ANZEN Technologies Private Limited
A-429, Second Floor, Vashi Plaza, Sector 17, Vashi 400703

Mobile: +91 9821775814
www.anzentech.com

 Compliance audits (ISO 27001, PCI, HIPAA, GDPR, PDPB and NIST etc.) : Yes
 Compliance implementation end to end consultancy
(ISO 27001, PCI, HIPAA, GDPR, PDPB and NIST etc.) : Yes
 Managed security services : Yes
 Risk assessment : Yes
 Mobile-application security audit : Yes
 Thick client-application security audit : Yes
 API security audit : Yes
 Micro service security audit : Yes
 Secure code review : Yes
 SAP security audit : Yes
 Red team assessment : Yes
 Firewall configuration audits : Yes
 Firewall rule review : Yes
 Network devices configuration audits (routers, switches) : Yes
 Server configuration audits : Yes
 Database configuration audits : Yes
 Cloud infrastructure security audits : Yes
 IOT device security audit : Yes
 AI/ML product security audit : Yes
 Reverse engineering : Yes
 Social engineering audits : Yes
 Phishing campaign : Yes
 Network architecture review : Yes
 Incident response : Yes
 Incident management : Yes
 Forensics investigation and analysis : Yes
 Threat hunting : Yes
 Defacement monitoring : Yes
 Network malware scan : Yes
 Information security trainings : Yes
 SOC consulting : Yes
 SIEM consulting : Yes
 Data Loss prevention implementation : Yes
 Firewall Implementation : Yes
 ATM Security solution : Yes
 Identity and access management : Yes
 MITRE ATT&CK Framework Implementation : Yes
 SSLDC Consulting : Yes
 Physical Security Audit : Yes
Govt. : 0
PSU : 0
Private : 260+


Red Teaming : 2
Firewall configuration audit : 90+
Firewall rule review : 90+
Network devices configuration audits (routers, switches) : 100+
Server configuration audit : 100+
Database configuration audit : 50+
Incident response : 20
Incident management : 6
Secure code review : 30+
Forensics : 6
Reverse engineering : 25+
6. Cloud security Technical manpower deployed for informationsecurity audits :
CISSPs : 0
BS7799 / ISO27001 Las : 7
CISAs : 0
DISAs / ISAs : 0
CEH : 10
ITIL : 2
Prince2 Foundation & Practitioner : 1
Lean Six Sigma Green Belt : 1
Symantec STS (DLP) : 1
CCNA : 1
Certified Network Defender : 1

No. ANZEN Information Security Information security
Technologies
1 Ramesh Tendulkar 4 Years 25 Years ISO 27001 LA , ITIL
Foundation ,
2 Akshay Dixit 6 Years 10 Years ISO 27001 LA
3 Pooja Chandarana 4 Years 5 Years M. Tech (Information
Security), CEH, ISO
27001 LA
4 Dheeraj Meher 3 Years 8 Years CEH, ISO 27001 LA,
Symantec STS (DLP)
5 Avinash Anand 3 Years 5 Years ISO 27001 LA
6 Kushagra 1.5 Year 1.5 Year NIL
Krishnatrey
7 Esther Rani 6 Months 10 Years ISO 27001 LA
8 Gaurav Pandey 4 Months 2.5 Years CEH, ITIL
9 Bhushan Joshi 2 Years 5 Years CEH, CND ,CCNA
 Multi-Crore ATM, Server Security Monitoring Project for BFSI Client across multiple
locations in India.
 1 Cr+ Value Entire Information Security Services Portfolio execution & management
for Indian setup of global retail giant.
Commercial Freeware Proprietary

Nessus Pro BurpSuite BRISK
R-Studio Acunetix Custom Virtual Machines
Acunetix Owasp Zap Audit Scripts
BurpSuite Nmap PhishMeister
Nipper Studio Metasploit
Netsparker Netcat
Checkmarx Nikto
Appknox Wireshark
Encase Procmon
Autopsy Webinspect
Nessus (AWS)
Masscan
Recon-ng
apk tool
Drozer
d2j-dex2jar
jd-gui
KeyTool
JarSigner
ZipAlign
SoapUI (Community)
PostMan
Echo Mirage
Process Hacker
Regshot
Bizsploit
Mallory
JAVA Snoop
Interactive TCP Relay
WinHex tool
JetBrainsDotPeek
IDA Pro /Olly dbg
CFF Explorer
Searchsploit
SQL Map
Harvester
Sublister
Nipper Studio
Santoku VM
Android Studio

11. Whether organization has any Foreign Tie-Ups? If yes, give details: NO
12. Whether organization is a subsidiary of any foreign based organization?: NO

*Information as provided by ANZEN Technologies Pvt. Ltd. on 28July 2021
Back
M/s Attra Infotech Pvt. Ltd.
Attra Infotech Pvt. Ltd,

No. 23 & 24, 2nd Floor, AMR Tech Park II, Hongasandra, Bengaluru – 560068
2. Carrying out Information Security Audits since : <January 2018 >
 Network security Assessment(Y/N) : Yes

 Web-application security Assessment(Y/N) : Yes
 Wireless security Assessment(Y/N) : Yes
 Compliance audits (ISO 27001, PCI, etc.)(Y/N) : Yes
 Secure SDLC Review (Y/N) : Yes
 API and Web services security assessment (Y/N) : Yes
 Payment Gateway Assessment(Y/N) : Yes
 Cloud Security Assessment (Y/N) : Yes
Govt. : <number
of>
PSU : <number
of>
Private : <4>
Total Nos. of Information Security Audits done :4

Network security audit : <1>

Web-application security audit : <2>
Wireless security audit :
<None>
Mobile Application security audit : <1>
Compliance audits (ISO 27001, PCI, etc.) :
<None>
CISSPs : <1>
BS7799 / ISO27001 LAs : <3>
CISAs : <None>
DISAs / ISAs : <None>

CPISI : <3>
CEH : <2>

No. <Attra Infotech> Information Information security
Security
1 Lakshmikanth 2.4 CISSP, ISO 27001 Lead
Reddy Gajjala 14 Auditor
2 Bharadwaj 4.9
Doddaballapur CEH
Jagannath 8
3 Certified Information
Security Risk Assessor,
Certified Payment Card
Security Implementer,
Certified Business
Continuity Management
Assessor, and Certified
Data Security Control
Riaz Kakroo 2.9 20 Assessor
4 CPISI, ISO27001 LA,
Deepika Wadhwani 10.6 10.6 ISO31000
5 CPISI , Certified risk
Harish professional, Purusing
Eshwarappa 6.4 6.4 ISO 27001 LA
6 CEH, Nessus Certificate
of Proficiency,
Tenable.io Certificate of
Sabareesh VK 2.7 2.7 Proficiency, (OSCP)
7 Vinoth KR 2.3 2.3 (OSCP)
8 Jeshu Rai 4.5 4.5 CPISI, Trained in CCNA
9 H Manohar Rayker 0.3 6.5 Pursuing CISSP
Web and Mobile applications security audit for European largest card processing and payment
services provider comprising of -
 Multiple complex web application involving merchant onboarding, card Acquiring &
Issuing, End-user and Salesforce Applications with various user access levels
 Mobile applications (Android and iOS variants) for Merchants onboarding and self-
service modules for transactions
 Internal web applications for backend interface, monitoring, and admin activities
 Total Project Value = 2.75 Million USD (Security testing was a large part of the overall
project)
Commercial Proprietary Opensource

 Rapid7 InsightVM  CyberSecurus  Nmap
 Nessus Professional  Phishing simulator  Sqlmap
 Burp Suite Professional  Custom scripts and  OWASP Zed Attack
 Nipper Studio codes developed on Proxy
 ManageEngine need basis  Nikto web scanner
 Darktrace Antigena  Weevely
 Fortinet  Dirbuster
 McAfee  Metasploit
 Symantec  NetCat
 W3af
 Wireshark
 exploit-db
 Aircrack-ng
 Cain and Able
 SSLstrip
 MobSF
 Wazuh
 Suricata
 Firewalk
 Httprecon
 Curl
 Kali Linux
 Firefox browser and
add-ons


Attra Infotech Pty Ltd
Australia— Headquarters
Level 4, Suite 4
990 Whitehorse Road
Box Hill, Vic – 3128
Australia
Phone: +61 3 9895 0555
*Information as provided by <Attra Infotech Pvt. Ltd> on <30-July-2021>
Back
M/s Aujas Cybersecurity Limited
Aujas Cybersecurity Limited (Previously known as Aujas Networks Ltd)
Bengaluru, Karnataka
 Network security audit - Y

 Web-application security audit - Y
 Wireless security audit - Y
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) - Y
 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) - Y
 ICS/OT Audits - N
 Cloud security Audits - Y
Govt. : 03
PSU : 01
Private :
165+


ICS/OT Audits : 0
Cloud securityAudits : 5+
CISSPs : 11
BS7799 / ISO27001 LAs : 40
CISAs : 08
DISAs / ISAs : 0
CEH – 115+
OSCP – 20+
OSWP -6

No. <Aujas Information Security Information security
Cybersecurity
Ltd.>
1 A Memane 3.3 5.7 CEH
2 Balaji G 1.7 4.1 CEH
3 B Reddy 3.6 7.7 CEH
4 Irfan Y 3.5 9.3 CEH, Azure
fundamentals
5 K Manoharan 2.7 5.5 OSWP, CPISI
6 Aniket L 2.5 6.3 CEH, CHFI, ECSA,
OSCP
7 Bimal S 1.9 4.1 CRTE, OSCP
8 M Yusuf 0.2 3.8 CEH, ECSA
9 I John 1.7 6.3 CEH, Qualys certified
vulnerability
management
10 P Nigam 0.5 5.6
One of the largest private banks in India (client name cannot be disclosed as we signed NDA
with client)
We performed security assessment of around 300 applications including web Applications,
SOAP & REST web Services & Android & iOS mobile applications. We also performed
architecture review of web & cloud-based applications as well as of the infrastructure.
Name Description
Open-Source Tools
Kali Linux Security Testing platform
Paros HTTP/S Interception Proxy
Nikto HTTP/S Interception Proxy
OWASP ZAP Web Vulnerability Scanner
Cookie Editor Firefox Plug-in to Edit Cookies
Dirbuster brute-force the directories
SQL Map SQL injection Framework
Beef XSS scanner and exploitation framework
Nmap Port Scanner, Fingerprinting
Dbeaver Universal Database tool
WinHex Cache / Ram Memory reader
John the Ripper Unix and Windows Password Analyzer
Metasploit Exploitation tool
SOAP UI Web service proxy tool
Postman Web Service proxy tool
SSL Strip SSL stripping proxy
Wireshark Packet Analyzer
Hex Editors Manipulation of binary data
Android SDK Administration tools for SQL Database
Apk tool Reverse Engineering of APK files
hextojar Conversion of Hex to Jar
Charles Web debugging proxy
Fiddler HTTP debugging proxy server application
xcode Integrated Development Environment
SQLite Manager Relational database management system
Android tamer Android security testing platform
Disassembler Machine language to assembly language translator
Drozer Android exploit Framework
ADB Android testing Framework
Commercial Tools
Burp Suite Pro Web Vulnerability Scanner & Interceptor
Acunetix Web Scanner Tool
Nessus Professional Vulnerability Assessment
Nipper Firewall & Network Configuration Audit Tool
Proprietary Tool
Phishnix Phishing Simulation


San Francisco Metro Area 19925 Stevens Creek Blvd. Suite #100, Cupertino, CA 95014,
United States of America.
New York Metro Area 2500, Plaza 5, Harborside Financial Center, Jersey City, NJ
07311,
United States of America.
Dallas Fort Worth Metro 5700 Granite Pkwy, Suite 200, Plano, TX 75024, United
Area States of America.
Ottawa Gatineau 400−1565 Carling Avenue, Ottawa, Ontario K1Z 8R1,
Cybersecurity Cluster Canada.
UAE Saif Suite Z1-66, P.O. Box 121421, Sharjah, United Arab
Emirates.
KSA WH01-04, Digital City, Second Floor, Unit 11, Riyadh, Saudi
Arabia.
*Information as provided by Aujas Cybersecurity Limited (Previously known as Aujas

Networks Ltd) on 2nd Aug 2021.
Back
M/s CEREIV Advisory LLP
CEREIV Advisory LLP,

Chembakam Building, Koratty Infopark, Thrissur Dt, Kerala – 680 308
(Previously Known as ValueMentor Consulting LLP and on 10/06/2019 name changed to
CEREIV Advisory LLP)

<2013>
 Network security audit(Y/N)

 Wireless security audit(Y/N)
 Compliance audits (ISO 27001, IS Audit, etc.) (Y/N)
 Mobile Application Audit (Y/N)
 Thick/Thin Client Audit (Y/N)
 API Testing(Y/N)
Govt clients. : 50
PSU clients : 2
Private clients : 47


Compliance audits (IS Audit, etc.) : 11
Mobile Application Audit : 17
Thick/Thin Client Audit : 1
API Testing : 2
CISSPs : 3
BS7799 / ISO27001 LAs : 3
CISAs : 5
DISAs / ISAs : 0

No. Employee <CEREIV Information to Information security
Advisory LLP> Security
1 Binoy 8.5 Years 15+ Years CISSP, CISA, CISM,
Koonammavu CRISC, SBCI
2 Balakrishnan 6.5 Years 20+ Years CISSP, CISA, CISM, ISO

Alingal 27001 LA
3 Jobbin Thomas 8.5 Years 15+ Years CISSP, CISA, ISO 27001:
2013 LA
4 Angela Maria 8.5 Years 14+ Years CISA, CISM, ISO 27001
Paulson LA
5 Renjith T C 7.5 Years 7.5 Years OSCP, CREST Practitioner
Security Analyst, CREST
CRT, AUSE
6 Sandeep Rajan 7 Months 6 Years CISA, ISO 27001 LI
7 Melbin Mathew 4.5 Months 2 Years CEH, OSCP, EU GDPR
8 Nikhil Tony 1.9 Years 1.9 Years CEH, ISO 27001 LI
9 Aravind Murali 1.8 Years 1.8 Years CEH, ECSA
10 Mohammed Faris 1.8 Years 1.8 Years CEH
11 Hemant Boban 1.8 Years 1.8 Years CEH
Client Name – Perfect Software Solutions Pvt Ltd

Scope – Web Application VAPT
Scope in Detail:
 No of Application and Name of Application – 1, SCORE – Smart core Banking
 Number of Dynamic pages – 690
 Number of static pages –4
 Number of login systems - 1
 Number of Input forms – 690
 Number of Input Fields – 6000
 Roles- Normally 2. Maker, Checker.Multiple User defined Roles like Administrator, Manager,
etc.
 API - 4 Web services
Project Value–INR 2,30,000.00
Network security audit Web-application security audit

Nessus Professional Accunetix Vulnerability Scanner
Kali Linux tools Burp Professional Scanner
Metasploit Framework Browser Addons
WireShark BruteSpray
Nipper Dirbuster
Nmap DNSRecon
Masscan DotDotpwn
Bloodhound Exploitdb
Hping2 Script Gobuster
Ike - scan Hashcat
Impacket Tools In-house scripts
In-house scripts John the Ripper
Nishang Johnny
Nmap Script Kali Linux tools
Nuclei Metasploit Framework
OpenVAS Nikto
PowerSploit SecLists
PowerUp SQLMap
PowerView sslscan
SMBClient WP-Scanner
SMBMap Zaproxy
SNMPWalk Zed Attack Proxy (ZAP)
Wireless security audit Mobile Application Audit

Aircrack 3utools
AirSnort Android Debug Bridge
Cain & Abel APKTool
Fern Wifi Burp Professional
Kali Linux tools Cydia
dex2jar
Drozer
Exposed Fremework
Frida
GenyMotion
Kali Linux tools
Libertylite
MobSF
QARK
RMS Framework
RootCloak
SSLBypass
SSLKillSwitch
SSLUnpinning
Thick/Thin client Audit
Burp Professional
CFF Explorer
DIE Tool
Echo Mirage
IDA Debugger
ITR
Kali Linux tools
Proccess Monitor
Process Hacker
RegShot
WinHex
Wireshark


*Information as provided by <CEREIV Advisory LLP> on <02-8-2021>
Back
M/s Hewlett Packard Enterprise India Pvt Ltd.
Hewlett Packard Enterprise India Pvt Ltd,

#24, Salarpuria Arena, Hosur Main Road, Adugodi, Bangalore-560030, India.

Govt. : 2
PSU : 1
Private : 3


ICS/OT Audits : 2
CISSPs : 5
BS7799 / ISO27001 LAs : 3
CISAs : 6
DISAs / ISAs : 0

1 Suhas Nayak 3 9 years CEH, pursuing CRTP
2 Malligarjunan 10 15 years Pursuing CISA
Easwaran
3 Suhas V 4 2 years CEH
4 Suhas Shivanna 16 10 years CISSP/CEH
5 Kishore Lakshman 14 3.5 years CEH
6 Nishant Rawtani 5 4.5 years CEH
7 Supriya 7 4.5 years CEH
Kamthania
8 Dhrumil Shah 2 13 years ECSP
9 Brahmaji Potluri 17 7 years CEH
10 Anoop Chandra B 5 3.5 years CEH
N
11 Ragashree M C 3 1.5 years Pursuing CEH
12 Sujith Emmanuel 7 5 years CEH
13 Rakshith S 3 1 year Pursuing CEH
14 Shivakanth 11 6 years CEH
15 Elayaraja 15 3 years CISA
Customer Name: Largest Automobile Manufacturer, Europe.

Volume: 20000+ IP’s for VAPT / Vulnerability Management
Complexity: Project includes security assessment of Web, Network devices and Server
infrastructure. It is a Multi-geo project been delivered from different HPE locations.
Locations: 4 countries across WW.
Project value: > $10Mn
Customer Name: Largest Defence Manufacturing Organization, India

Volume: 500+ IP’s for VAPT
Complexity: Project includes security assessment of Web, Network devices and Server
infrastructure.
Locations: 9 locations within India.
Project value: $2.5Mn
a. Burpsuite Pro
b. Tenable Nessus
c. Qualys Guard Scanner
d. Metasploit Pro
e. HCL AppScan
f. HPE Armor
g. nMap
h. DirBuster
i. Nikto
j. Hydra
k. Johntheripper
l. Maltego
j. SQLmap
k. PadBuster
l. Wfuzz
m. WPscan
n. Airbase-ng
o. Aircrack-ng
p. Airodump-ng
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes



Hewlett Packard Enterprise
6280 America Center Dr.
San Jose
California
95002
United States
*Information as provided by Hewlett Packard Enterprise India Pvt Ltd on 29-Jul 2021
Back
M/s Innovador Infotech Private Limited
Innovador Infotech Private Limited

Corporate Office:
1128, Ahmamau, Opposite Walmart Best Price,
Shaheed Path, Arjunganj, Lucknow - 226002
(Uttar Pradesh)
Tel: +91-8896605755, +91-7080259900, +91-9076239906
Email ID – contact[at]innovadorinfotech[dot]com
Pentest[at]innovadorinfotech[dot]com

 Web-application/API security audit : Yes
 IT Infrastructure Audits : Yes
 Mobile Application security audit : Yes
 Thick Client Application security audit : Yes
 Payment Gateway Audit : Yes
 IT Risk Assessment : Yes
 UIDAI AUA/KUA Audit : Yes
 Vulnerability Assessment and Management : Yes
 Penetration Testing (Web/Network/Infra) : Yes
 Cyber Crime Investigation : Yes
 Cyber Forensics Investigation (Mobile Forensics, Computer Forensics, Audio/Video
Forensics, Network Forensics, CDR & IPDR Analysis, Email Forensics etc.): Yes
 Credit/Debit Card Fraud Investigation : Yes
 VOIP Fraud Investigation : Yes
 IT Security Consulting Services : Yes
 Information Security Awareness / Cyber CrimeInvestigation Trainings: Yes
 OWASP Top 10 Awareness Training : Yes
 Social Engineering : Yes
 Threat Modeling : Yes
 Operational Technology (OT) Audits : Yes
 SCADA & Critical IT Infrastructure Audits : Yes
Govt.: 10+
PSU: 0
Private: 50+

Mobile Application Security Assessment : 2
Penetration Testing : 15+
Cyber Crime Investigation : 20+
IT Infrastructure Audit : 1
Web API Security Audit : 2
UIDAI AUA/KUA Audit : 1
SBI Vendor Site Compliance Certificate (SBI VSCC) : 1
OSCP: 3
BS7799 / ISO27001 LAs: 1
CEH: 6
Total Nos. of Technical Personnel: 10+
S. No. Name of Employee Duration with Experience Qualifications related

Innovador in to Information
Infotech Information security
Security
1. Rahul Mishra (Technical 8+ Yrs 10+ Yrs Certification in
Director – Information Ethical Hacking &
Security) Penetration Testing
2. Minhal Mehdi(Security 6+ Yrs 6+ Yrs OSCP, CEH, Certified
Consultant) Information Security
Expert
3. Chatak Vajpayee (Security 3+ Yrs 6+ Yrs CEH
Analyst)
4. Neha Garg (Sr Security 4+ Yrs 9+ Yrs OSCP, CEH
Consultant)
5. Virender Nishad (Sr 3+ Yrs 6+ Yrs CEH
Security Analyst)
One of the leadingtechnical institute:50+ Network Devices, 10+ Web Applications, 500+ IP
Addresses, Configuration Review. Value of the Project was approx.10 Lacs.
Commercial Freeware Proprietary

Burp Suite Professional Metasploit In-house developed
Tenable Nessus OWASP ZAP scripts and tools
Nmap, Superscan and Fport
Metasploit framework, Netcat
BeEF , Cain &Abel, Hydra, John

the ripper
Aircrack-ng, Kismet
Nikto, OpenVAS, w3af,
SQLMap, wp-scan
Kali Linux
10. Outsourcing of Project to External Information Security Auditors /Experts: No


*Information as provided by Innovador Infotech Private Limited on Dec17, 2021
Back
M/s Kratikal TechPrivate Limited
Kratikal TechPrivate Limited

A-130, Second Floor, Sector 63, NOIDA, Uttar Pradesh - 201301

 Vulnerability Assessment & Penetration Testing (Y/N) YES
 Phishing Simulation Exercise (Y/N) YES
 Source Code Review (Y/N) YES
 Mobile Application Audit (Y/N) YES
 Information Systems Audit (Y/N) YES
 IT Risk Assessment (Y/N) YES
 Formulation of IT policies & Procedures (Y/N) YES
 ERP Audit (SAP, etc.) (Y/N) YES
 Configuration Analysis and Auditing (Y/N) YES
 API Security Audit (Y/N) YES
 Thick Client Security Audit(Y/N) YES
 Cloud Security Audit(Y/N) YES
Govt. : 0
PSU : 0
Private : 63+


Mobile Application Audit 40+
Phishing Simulation Exercise 127+
Source Code Review 11+
ERP Audit (SAP, etc.) 3+
Configuration Analysis and Auditing 31+
Thick Client Security Audit 4+
API Security Testing 5+
Cloud Security Audit 10+
CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
ISCP : 11
CEH : 3
DISAs / ISAs : 0
S. Name of Profile of Employee Duration with Kratikal Experience Qualifications related to

No. Employee Tech Pvt Ltd in Information security
Information
Security
1 Pavan Kumar CEO 7 year(s) 8 month(s) 7.5 B. Tech, ISCP
2 Paratosh Kumar CTO 7.5 B. Tech (CSE),
7 year(s) 8 month(s) CCNA(Training), ISCP
3 Archit Jain Sr. Security 3 year(s) 3 MCA, BCA, ISCP
Analyst
4 Jai Prajapati Sr. Security 2 year(s) 11 month(s) 5 PG- Cyber Security, BCA,
Analyst ISCP, CEH
5 Anjali Chauhan Security Analyst 2 year(s) 11 month(s) 3.5 BCA, ISCP, AD-Cyber
Security
6 Rishabh Sahni Security Analyst 2 year(s) 7 month(s) 3 MCA, BCA, CEH, ISCP
7 Niraj Kumar Security Analyst 2 year(s) 2 BSc (IT), CCNA(Training),
MCSA(Training),
VMware((Training), ISCP
8 Vinay Kardam Security Analyst 2 year(s) 2 month(s) 2.5 B. Tech (CSE), ISCP
9 Samir Ahmad Security Analyst 11 month(s) 2 B. Tech (IT), ISCP
Malik
10 Madhur Jain Security Analyst 4 Month(s) 1 B.E. (Mech), ISCP
11 Nilesh Patil Security Analyst 6 Month(s) 1 BCA, CEH
12 Shaquib Izhar Security Analyst 3 Month(s) 2 Diploma in computer
engineering
Web application Security assessment, Internal and external Network

Penetration Testing and Security configuration review for two of their Major
India’s Leading infrastructure within the country.
Infrastructural The scope of work includes security audit of Web applications, SOAP web
Company services, IPs, devices configuration, Phishing Simulation Exercise, incident
response service.
The Project value was 30 Lacs Annually
Web Application and Mobile Application secure code review, Web application
Penetration Testing, IT Infrastructure Penetration Testing, Phishing and
Ransomware simulation services, Security Awareness training services for their
India’s Leading Organisation.
Ecommerce Company The scope of work includes security audit of web application subdomains,
web applications, Firewalls, Network Devices, switches, Web servers, security
awareness and phishing simulation for 2000 employees of the organisation.
The Project value was 40 Lacs Annually
Vulnerability
Information Gathering Mapping Assessment Exploitation
1. Dnsenum 1. Nmap 1. Nessus Professional 1. Metasploit

2. Dig 2. Ike-scan 2. Netsparker 2. John the Ripper
3. Whois 3. Dirbuster 3. Wp-scan 3. Hostapd
4. Wget 4. Openssl 4. JoomlaScan 4. Fluxion
5. Maltego 5. Sslscan 5. OpenVas 5. W3af

6. Google Advanced
search 6. Netcat 6. Nikto 6. Sqlmap
7. Shodan.io 7. Jwtcat 7. Burp suite professional 7. Routersploit
8. Cloudenum 8. Traceroute 8. SOAPUI 8. BeEF Framework
9. Ffuf 9. Enum4linux 9. Acunetix Web Scanner 9. Hydra

10. Angry IP 10. Custom Python
10. Sublister Scanner 10. Vega Scripts
11. Crt.sh 11. Wireshark 11. Qualys 11. Drozer
12. Mxtoolbox 12. Ettercap 12. Prowler 12. ADB
13. Github 13. Scoutsuite
14. Wappalyzer 14. MobSF
15. ProcMon 15. Nipper
16. Process Hacker
17. SysInternal suite
19. DotPeak
20. Cffexplorer
21. Jwt.io


*Information as provided by Kratikal Tech Private Limited on 20-July-2021
Back
M/s HackIT Technology and Advisory Services
HackIT Technology and Advisory Services, Kochi, Kerala

 Red Teaming : (Y)
 Smart Contract Audit
 Attack Surface Discovery : (Y)
 Compliance audits (ISO 27001) : (Y)
 ISMS, Regulatory/Statutory Requirements Consultancy : (Y)
 Telecom Security Audit : (Y)
 IOT Security Audit : (Y)
Govt. : 1
Private : 6


Android Application Security Audit : 2
CISSPs : 3
BS7799 / ISO27001 LAs : 2
OSCP - 3
OSCE - 1
CISMs : 2
SL No Name of Employee Duration Experience Qualifications related to Information

with in security
HackIT(In Information
Months) Security(In
Months)
1 Manu Zacharia 111 315 CEH,CHFI,CCNA,MCP,CICP-EX, Certified
ISO 27001-2005 Lead Auditor,MVP-
Enterprise Security (2009-2012), ISLA-
2010 (ISC)²
2 Akash Joseph Thomas 86 86 CEH
3 Deshmukh Rohit Shivaji 12 12 DBDA
4 Gowthaman K S 20 30
5 Mahima Bajrang Mangal 16 16 DITISS
6 Nitin Wadhawan 32 36
7 Mehta Ruchi Birenbhai 17 17 DITISS
8 Vishak V 32 32 CEH
9 Viraj Chudasama 11 15
10 Sunidhi Chavan 10 19
11 Khushboo Anand 7 42
12 Ujjwal Das 7 62
13 Rahul Kushwaha 5 57 CEH
14 Rashi Gupta 5 5 DITSS
15 Utkrashi 4 41
16 Savalia Yamini 4 4 CNSS
Mathurbhai
17 Singh Sanjeev Ravindra 3 3 CNSS
18 Rushabh Vaghela 1 1 CSFPC
19 Hritish Kumar 1 12 OSCP, OSCE
Sl No Project Overview Value
1 Client: A Business Group with interest in Data Protected by NDA,

Jewelry, Retail and Real Estate which restricts public
disclosure
Scope of Work:
 ISMS Audit and Consultancy

 Web Application Security Audit
 Infrastructure/Network Security
Audit
 Cloud Security Audit
Engagement Mode: Augmented, Annual,

Remote
Billing: Hourly
2 Client: Member Nations, UN, through ITU Data Protected by NDA,

which restricts public
Scope of Work: Cyber Security Consultancy disclosure
Engagement Mode: Onsite
Billing: Hourly
3 Client: Service Provider to the Health Data Protected by NDA,

Sector, USA which restricts public
disclosure
Scope of Work:
 External VA-PT
 ISMS consultancy to ensure security
maturity level as mandated by
HIPAA
Engagement Mode: Remote/ Onsite
Billing: Flat Rate


*Information as provided by HackIT Technology and Advisory Services on 20/8/2021
Back
M/s G.D. Apte & Co.
1 Name & location of the empanelled G.D. Apte & Co.

Information Security Auditing
Organization
2 Carrying out Information Security Audits <2005>
since
3 Capability to audit , category wise (add
more if required) :
Compliance audits (ISO 27001, IEC Yes
62443, IEC 27019, PCI, etc.) (Y/N)
Finance Sector Audits (Swift, ATMs, API, Yes
Payment Gateway etc.) (Y/N)
ICS/OT Audits(Y/N) No
Cloud security Audits (Y/N) Yes
4 Information Security Audits carried out in
last 12 Months :
Govt. <->
PSU 1
Private <->
Co-Operative 2
Total Nos. of Information Security Audits 3
done
5 Number of audits in last 12 months ,
category-wise (Organization can add
categories based on project handled
by them) :
Network security audit ---
Web-application security audit ---
Wireless security audit ---
Compliance audits (ISO 27001, IEC 2
62443, IEC 27019, PCI, etc.)
Finance Sector Audits (Swift, ATMs, API, ---
Payment Gateway etc.)
ICS/OT Audits ---
Cloud security Audits ---
Systems Design Review 1
Concurrent Audit Data Center 1
Systems Audit 2
Internal Financial Controls/ITGC 1
6 Technical manpower deployed for
information security audits :
CISSPs 1
BS7799 / ISO27001 LAs 1
CISAs 3
DISAs / ISAs 5
Any other information security ---
qualification
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
Sr. Name of Employee Duration Experience in Qualifications related
No. with GD Information Security to Information
Apte & Co. security
1 Prakash P. Kulkarni 36 years ITGC : 15 years CISA, DISA, FAFD
(Partner)
2 Saurabh S. Peshwe 15 years Information Security CISA & DISA
(Partner) : 6 years
3 Umesh S. Abhyankar 18 years ITGC : 6 years DISA
(Partner)
4 Ashwini A. Khade 5 years ITGC : 6 years DISA
(Partner)
5 Santosh B. Rashinkar 8 years ITGC DISA, FAFD
(Partner)
6 Anagha M 13 years ITGC : 5 years DISA
Nanivadekar
(Partner)
7 Pranav R. Apte 11 years ITGC : 7 years DISA, FAFD
8 Rajesh Dhadphale 11 years IT Management, ITGC CISA, ISO 27001 LA,
& ISO 27001 CISM, ITIL V3(F)
Consultancy,
Applications Audit :
18 years
9 P.D.Bapat 20years ITGC & Applications CISA, Diploma in
Audit : 3 years Cyber Laws
10 Rajesh Deodhar 3 years (As Network Security, CISA, CISSP
Consultant) VAPT : 12 years
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
Syndicate Bank Project
Locations: Bengaluru, Mumbai

Scope: NPA Management System, RAM-CAM Application, Integrated Treasury Systems
Aggregate Project Value: Rs. 30 lakh
Nessus, Burp Suite, Open VAS, Nikto, Nmap, Ntop, Wireshark, Aircrack-NG, Yersinia,
Customized scripts, Firefox add-ons


*Information as provided by G.D.Apte & Co. on 2 August 2021
Back
M/s Lucideus Technologies Private Limited
Lucideus Technologies Private Limited
Registered Address: A-1/20, Basement Safdarjung Enclave, New Delhi - 110020
2. Carrying out Information Security Audits since : March 2017
○ Network security audit (Y/N) : Yes

○ Web-application security audit (Y/N) : Yes
○ Mobile Application Security Audit : Yes
○ Security Architecture Review : Yes
○ Security Configuration Assessment : Yes
○ Wireless security audit (Y/N) : Yes
○ Cloud Security Audit : Yes
○ Source Code Review : Yes
○ Red Team Assessment : Yes
○ Compliance audits (ISO 27001, PCI, etc.) (Y/N) : No
○ Govt. : 0
○ PSU : 0
○ Private : 100+
○ Total Nos. of Information Security Audits done : 100+

○ Network security audit : 30+

○ Web-application security audit : 35+
○ Mobile Application Security Audit : 12+
○ Security Configuration Assessment : 6+
○ Cloud Security Audit : 5+
○ Source Code Review : 2+
○ Red Team Assessment : 10+
○ Compliance audits (ISO 27001, PCI, etc.) : No
○ ISO 27001 LAs : 10

○ Any other information security qualification:
● OSCP : 12
● OSWP : 01
● CRTP : 02
● CEH : 05
● CSP: (Cloud Security Speciality) : 01
○ Total Nos. of Technical Personnel : 35+
Duration with Lucideus Experience in Qualifications related to
S. No. Name of Employee (Working Since) Information Security Information security
1 Vidit Baxi 1 June 2012 11+ MCTS, MCP
2 Rahul Tyagi 1 August 2013 11+ OSCP
3 Rubal Jain 20 March 2017 7+ OSCP
4 Piyush Sharma 18 Sep 2017 4+ OSCP
5 Silky Choudhary 12-Dec-2018 5+ OSCP
○ Security assessment of 1400 applications for global largest media conglomerate
○ Infrastructure Security Assessment of some of the largest banks In India
○ Red Team Assessments of some largest private banks in India

○ Commercial: Acunetix, Checkmarx, Cobalt Strike, Burp Suite, Nessus Professional
○ Proprietary: SAFE
○ Open source tools: Objection, Frida, Nuclei, MobSF, SQLMap, Nmap, Wireshark,
Nikto, Metasploit
11. Whether the organization has any Foreign Tie-Ups? If yes, give details : No
12. Whether the organization is a subsidiary of any foreign based organization? : Yes
○ The organisation is a 99.99% subsidiary of Safe Securities Inc. (formerly known as

Lucideus Inc.), which is a corporation existing under the laws of the State of Delaware
Principal Address: Safe Securities Inc: 3000 El Camino Real, Building 4, Suite 200,
Palo Alto, CA 94306, USA.
● Safe Securities Inc:

Registered Office: 1013 Centre Road, Suit 403-B, City of Wilmington, Country of New
Castle, Zip Code 19810-4345.
● Lucideus PTE Ltd :

Registered Office: 6 RAFFLES QUAY #11-07, Singapore, 048580
*Information as provided by Lucideus Technologies Private Limited on 2nd August 2021
Back
M/s MapleCloud Technologies
MapleCloud Technologies, Delhi.

Govt. <number of> : 0

PSU <number of> : 0
Private <number of> : 6

Network security audit: <number of> : 6

Web-application security audit: <number of> : 6
Wireless security audit:<number of> : 6
Compliance audits (ISO 27001, PCI, etc.):<number of> : 3
CISSPs : <number of>: : 1

BS7799 / ISO27001 LAs : <number of>: : 2
CISAs /CISM: <number of> : 2
DISAs / ISAs : <number of> : 0
Any other information security qualification:<number of> : 8
. Name of Duration with Experience Qualifications related to

No. Employee <organization> in Information security
Information
Security
1 Yogendra 7 Years 22 years  CISM – Certified Information
Rajput Security Manager
CPISI – Certified Payment Card
Industry Security
Implementation
ISO 27001 Implementation
Certificate from BSI.
Checkpoint Certified Security
Administrator [CCSA].
 ITIL V2 and V3 & ISO 20000
Cisco Certified Network Associate
[CCNA].
2 Himanshu Gaur 1 Years 11 Years PMP, CISSP, CISM,CEH, ITIL, ISO-

27001 LA, IBM Certified system
programmer
3 Mayur W 1 year 1 Year ICSI | CNSS Certified Network
Security Specialist
4 Archit S 1 year 2.5 Years CEH
5 Tavish Thakur 4 Years 4 Years CCNA Security
6 Shivendra 4 Years 8 Years CCNA
7 Eslin Rajkumar 4 Months 3 Years CCNA
8 Vijay Kaushik 1Year 11 Years CCNA,MCP, GDPR
Performed security audit for following devices:
S.No. No of Devices/Server OS version Type Internet No of Data No of End

/network/Applications Facing/ Centers users
/Locations Internal (Employee)
1 Total Locations - 32 2
2 Routers : 140
Switches : 231
Firewalls : 75
WLC : 16
AP : 110
Applications : 22
3 Windows Server (Total Windows Internal 1 3500
- 118) Server 2012
R2
4 Exchange Server 2013 Mailing Internet 2 3500
5 SAP Redhat Linux ERP Internet 1
7.2

 IBM AppScan
 Acunetix
 Custom Scripts
 QualysGuard
 Metasploit
 Kismet
 SQLMAP
 Wireshark
 ZAP
 Netsparker
 Nikto
 Fiddler
 WinHex
 OpenVAS
 Beef
 W3AF
 WP-Scanner
 HPing3
 Echo Mirage
 Geny Motion
 WebScarab
 Drozer
 MobSF
 Nmap
 Aircrack suite
 Cain & Able
 JohnTheRipper
 IronWasp
 Social Engineering Toolkit
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No : No

11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No : No
12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No : No

13. Locations of Overseas Headquarters/Offices, if any : Yes/No : No
*Information as provided by MapleCloud Technologies on 23rd July-2021.
Back
M/s MobiTrail
MobiTrail
Office No 205, Triumph Estate, Near Express Zone,
Goregaon East, Mumbai, Maharashtra 400063

 Cyber Security Awareness and Training : Yes
 Vulnerability Assessment and Management : Yes
 Cloud Security Audit : Yes
 Information Security Assessment : Yes
 WAF Analysis and Robustness Assessment : Yes
 IT Infrastructure Audit : Yes
Govt 0
PSU 0
Private 224
Total Nos. of Information Security Audits done 224

Network Security Audit 79
Web-application Security Audit 90
Wireless security Audit 4
Mobile Application Security Audit 14
Cyber Security Awareness and Training 15
Vulnerability Assessment and Management 19
WAF Analysis and Robustness Assessment 3
CISSP 0
BS7799 / ISO27001 LA 0
CISA 1
DISA / ISA 0
OSCP (Offensive Security Certified Professional) 2
CEH (Certified Ethical Hacker) 7
AWS (Amazon Web Services) 1
Other Information Security Certification 4

MobiTrail Information Security Information security
1 Deepika Jindal 4 years 7 years OSCP, CEH
2 Rahul Patil 15 years 8 years CPT
3 Pritesh Agarwal 2 years 4 years CISA, CBA
4 Siddhesh Jadhav 2.5 years 2.9 years OSCP
5 Harendra Negi 1.5 years 3 years CISEH
6 Sandeep Tonape 2 months 6.2 years CEH, CISC
7 Kanhaiya Panchal 6months 3 year IBM CCSA, TCM

Security
8 Harshit Kochar 1 year 1 year Python Certified, AWS
Clients Assessment
Complete Security Assessment of India’s 100 + Web applications

Leading Mutual Funds.
120+ Network Devices & IP’s
Servers and Security Devices Assessments
Infrastructure Security Testing, Wifi Security, Mobile
Security, WAF Analysis and Robustness
India’s Leading Real Estate Company Web and Mobile Application Security Testing including
Database Testing, Server Configuration and API
Security Audit
Commercial Freeware
Burp Suite Wireshark
Nessus Professional Kali Linux
OWASP ZAP
Proprietary Vega
Nmap
Vulnerability Assessment and Management
Web Scarab
dashboard
Aircrack suite
Custom Python Scripts Nikto
MBSA
JohnTheRipper
10. Outsourcing of Project to External Information Hydra Security

Auditors / Experts : No DirBuster ( If yes,
kindly provide oversight arrangement (MoU, SQLMap contract
etc.))
Metasploit
11. Whether organization has any Foreign Tie-Ups? If Nox Emulators yes,
give details: No TestSSL

*Information as provided by Mr. Vikas Kedia from MobiTrail on2nd August 2021
Back
M/s Sequretek IT Solutions Pvt Ltd.
M/s Sequretek IT Solutions Pvt Ltd.

304, Satellite Silver, Andheri Kurla Road, Andheri East, Mumbai – 400 059, INDIA

 Risk Assessment : Yes
 Thick Client Penetration Testing : Yes
 Firewall Configuration review : Yes
 Servers Configuration Review : Yes
 Network Architecture Review : Yes
 Process & Policy Review : Yes
Govt. : NIL
PSU : NIL
Private : 20 +
Total Nos. of Information Security Audits done : 20 +


Mobile Application security audit : 4
Red Team Assessment : 1
GRC Consulting : 6
Server Security Audit : 14
CISSPs : 2
BS7799 / ISO27001 LAs : 8
CISAs : 2
DISAs / ISAs : Nil
ECSA : 2
CHFI : 1
CPTE : 2
CEH : 11
M. Tech (Cyber Security) : 23 +
Total Nos. of Technical Personnel : 300 +
Experience in
No. Sequretek Information security
Security
1 Rajendra Kumar 4 + Years 5 + Years CISA
CISA, ISO 27001:2013 LA,
2 Gangadhar Kyatham 1 + Year 10 + Years CEH, CPTE
3 Anup Saha 4 + Years 8 + Years ECSA
4 Sachin Mahajan 4 + Years 8 + Years ISO 27001:2013 LA
5 Omkar Rane 2 + Years 4 Years ISO 27001:2013 LA
6 Amit Kumar 2 + Years 5 Years ISO 27001:2013 LA
7 DipaliKosare 1.5Years 2 + Years CHFI
8 Chintan Rathod 4 + Years 3 + Years ISO 27001:2013 LA
9 Savita Hiremath 4 + Years 3 + Years ISO 27001:2013 LA
10 Akshay Chindarkar 3 + Years 2 + Years ISO 27001:2013 LA
11 KshitijGunale 1.5Years 2 + Years CEH, CISC
12 Pinki Rani 2.5 + Years 3 Years ISO 27001:2013 LA
13 Ekta Singh 2.5 + Years 2.5 Years ECSA
14 YugandharThombare 1 + Years 11 Months CPTE
15 Pooja Karande 8 Months 1 + Years CNSS
16 Sayanwita Das 7 Months 2 + Years ISO 27001:2013 LA
17 Shafique 1.5 Years 9 Months CEH, CPTE
18 SiddheshSurve 2.5 + Years 2 + Years CEH
19 PranaliDhekale 1 Year 1.5 Years CEH
20 Sonu Chaudhary 1+ Year 1 + Year CEH
21 Sneha Mahulkar 1+ Year 6 Months CEH
22 ParvKhambholja 1.5 + Year 1 + Years CEH
23 Anuj Suthar 8 Months 1 Year CEH
24 Dipak Pradhan 2.5 + Years 3 Years CEH
25 Vishnu Menon 1 + Years 7 Months CEH
Value Device volume

Sl Organization Scope Location
(Approx.) (Approx.)
VAPT assessment 200 (Servers,
Europe based
(Servers, Network & Network 45 Sites
Automobile
1 Web), 1.3 Cr devices, across the
parts
Security Operations Security Globe
Manufactured
Centre Services solutions)
2000 (Servers,
India based one
Network
of the largest Security Operations
2 2 Cr devices, Pan India
BFSI Centre services
Security
collaborator
solutions)
User lifecycle
India based one User - 175000
management &
of the largest Application -
3 Application integration, 3.5 Cr Pan India
private sector 600
Patch management &
bank Servers - 11000
CA/VA closure
Commercial OpenSource Proprietary

BurpSuit Social Engineering
Kali Linux (OS) Dozer IGA
Professional toolkit
Nessus AndroDebugge
Parrot (OS) Dirbuster EDPR
Professional r
Acunetix Santoku (OS) DirSearch MobSF
Nmap Hydra Genymotion
Wireshark Knock py Jadx
Metasploit
Wpscan
Framework
Searchploit Wfuzz
SQL MAP Commix
OWASP ZAP Gophis
VEGA Sparta
Aircrack suite Hping
Nikto Cisco Auditor
John the ripper Whois
SSL Strip XSSscrapy
LFI Guard Httpx
NetCat Asset finder


Location: USA
Address: The CoWorking Space,
Suite 204, 97 Main Street,
Woodbridge, NJ,
USA 07095
*Information as provided by Sequretek IT Solutions Pvt. Ltd. on 02Aug 2021

Back
M/s Accenture Solutions Pvt. Ltd.
Accenture Solutions Pvt. Ltd.

Plant-3, Godrej & Boyce Complex, LBS Marg.
Vikhroli (W), Mumbai 400079. Maharashtra

 Cloud Security Audits : Y
 Block chain Security Assessment : Y
 Platform Security (SAP/Oracle/Salesforce/workday) : Y
 Application security architecture audits : Y
 DevSecOps Assessments and Implementations : Y
Govt. : 10+
PSU : 30-40
Private : 70-80


Block chain Security Assessment : 5+
Platform Security (SAP/Oracle/Salesforce/workday) : 20+
Application security architecture audits : 50+
DevSecOps Assessments and Implementations : 20+
Cloud Security Audits : 10+
 CISSPs : 20+
 BS7799 / ISO27001 LAs : 10+
 CISAs : 30+
 CISM : 25+
 OSCP : 10+
 CEH : 100+
 GIAC-GCPN : 5+
 GIAC-GCFA : 10+
 GIAC-GCSA : 5+
 CompTIA Pentest+ : 5+
 AWS Security : 100+
 Total Nos. of Technical Personnel : 500+
S. No. Name of Duration with Experience in Qualifications related

Employee Accenture Information Security to Information security
1 Ramesh Shetty 1.8 Years 16+ Years CISSP, GCFA, GCSA,
CEH, CCSA, CCSE,
JNCIS, MCP
2 Suneet Singh 3.2 Years 14.8 Years CISM, CEH , ISO
Thakur 27001, GDPR 11001
3 Monika Kachroo 1.3Years 11 Years ISO 27001 LA
4 Ankit Gurjargour 4Years8 8+ Years OSCP, GIAC-GCPN,
Months Pentest+ CEH
5 Deepak Pandey 2 Years 8+ Years OSCP, CISM, CRTP,
AWS Certified solution
architect- Associate,
CEH
6 Rahul Ahuja 2 6 Years OSCP, CEH, Azure
years7Months 900, AWS Certified
solution architect-
Associate
7 Sameer Goyal 9Months 7 Years OSCP, CEH, Crest –
CPSA & CRT, AWS
Cloud Practitioner
8 Prasenjit 7 Months 8+ Years OSCP, CEH
9 Atish Sarambale 7.2 Years 3+ Years CEH, AWS security
Specialty, Azure 900,
AWS Certified solution
architect- Associate
10 Gopalakrishna 1 Years 8 9+ Years OSCP, ECSAv9, CEH
Kaja Months
1. Accenture has conducted below security engagements for a leading bank:

• Conducted Vulnerability assessment and penetration testing of Android and IOS
mobile wallet applications for a leading bank
• Vulnerability assessment and penetration testing of Network Infrastructure.
• Dynamic testing using Automated scanning tool and extensively performed False
Positive Analysis
• Web application / APIs / Thick client application security projects
• Integration of Application Security into the CI/CD pipeline as part of DevSecOps
Approx. Applications/ APIs/ Infra server counts: ~ 400

Value: INR ~ 1 Cr
Location: US
2. Payments Gateway organization:
• Accenture performed payment systems security assessment for a large payment

gateway Client in Middle East region. As the part of engagement Accenture
conducted Compliance audits (ISO 27001, PCI), Infrastructure security
assessment of payment gateway network, API/Middleware security audit.

Value: INR ~ 50+ lacs
Location: Canada
3. Security engagements across multiple Telecom projects across UK:

• Accenture is currently engaging Dynamic Application Security Testing and
Penetration Testing of multiple telecom operators which includes Mobile security
audit, Web-application security audit, Network security audit, Application security
architecture audits
• Accenture is also carrying out Secure SDLC engagements and Source Code Review
of various telecom products such as wallet applications, internal and external web
applications.

Location: UK
4. Leading E-commerce client:
• Accenture has perform application security testing for a leading e-commerce client
where scope of the testing was to perform Static application security
testing(SAST), Dynamic Application security testing(DAST) and penetration
testing.
• Accenture has carried out penetration testing of entire functional flow of the
application that starts from user registration to product delivery.
• Accenture had performed attack simulation as to showcase how the actual attack
has been performed on the website.
Approx. Applications: ~ 40+

Location: India
5. Penetration testing of entire SAP ecosystem for a government client in

Canada:
Accenture has performed the penetration testing of entire SAP ecosystem for a
government client in Canada.
Scope included the internal infrastructure penetration testing of Prod, dev and QA
environment, Web application testing for various SAP portals like S4HANA, Fiori , BI,
BO etc.
Approx. Applications: ~ 6, Server: ~150

Value: INR ~ 30 lacs
Location: Canada
Type of Tools Name
Commercial tools BrupSuite Pro

Appscan
AppScan source
Webinspect
Fortify
Qualys
Nessus
Checkmarx
Whitesource
Snyk
Aqua
Twistlock
Metasploit Pro
Onapsis
Blackduck
Veracode
IriusRisk
SD Elements
Threatmodeler
SonarQube
Accenture Proprietary Accenture ERP Security Insight (AESI)
Mobile application security platform (MASP)
Intelligent application security platform (IASP)
Accenture Rapid port scanner
Freeware Kali Linux
OWASP Zap
OWASP Threat dragon
OWASP Dependency Check
Microsoft Threat Modeling
Beef
Kismet
Aircrack-ng
SSLLabs
SSLstrip
SSLyzed
Nmap
Wireshark
Paros
Ecomirage
Fiddler
Drozer
Objection
Burp suite
Postman
Metaspoit
Findsecbugs
Security Code Scan
Scoutsuite
Git secrets
10. Outsourcing of Project to External Information Security Auditors / Experts: No ( If yes,


Accenture Solutions Pvt Ltd., 3 grand canal plaza, grand canal street upper, Dublin,
*Information as provided by Accenture Solutions Pvt Ltdon 20-04-2021
Back
M/s QA InfoTech Software Services Private Limited
QA InfoTech Software Services Private Limited, Noida
2. Carrying out Information Security Audits since : February

2013

 Wireless security audit (Y/N) : No
 Cloud Security Audit and Configuration Review (Y/N) : Yes
 Mobile App Security Audit (Y/N) : Yes
 Vulnerability Assessment Penetration Testing (Y/N) : Yes
 Thick Client Application Security Testing (Y/N) : Yes
 IoT Security Audit (Y/N) : Yes
 DR, SCM, BCP and Due diligence Audits : Yes
Govt. : 20+
PSU : 0
Private : 90+


Cloud Security Audit and Configuration Review : 10+
Mobile App Security Audit : 20+
DR, SCM, BCP and Due diligence Audits : 30+
CISSPs : 0
BS7799 / ISO27001 Las/ISO 27001 LIs : 2
CISAs : 1
OSCP : 1
OSWP : 1
ECSA : 1
CHFI : 1
CEH and Equivalent : 7
ICSI | CNSS Certified Network Security Specialist : 1
CNSS Certified Network Security Specialist : 1
Fortinet NSE 1 Network Security Associate : 1
Fortinet NSE 2 Network Security Associate : 1
API Security Test Architect : 2
1. Akshay Aggarwal 5 years 9 9 Years Certified API Security
months Architect
2. Vikas Tomer 3 years 10 5 years -OSCP : Offensive
months Security Certified
Professional
-OSWP : Offensive
Security Wireless
Professional
-ECSA : EC-Council
Certified Security
Analyst
-CHFI : Computer
Hacking Forensic
Investigator
-ISO 27001:2013 Lead
Implementer
-CEH : Certified Ethical
Hacker
-Post Graduate
Certification in
3. Vikas Pethiya 3 Years 3 Months 7 Years CISA, ISO 27001 LA,
CEH, CCNA, ITIL V3
4. Mohit Kumar 4 years 4 4 years 4 months - CCNA (Routing &

Sharma months Switching
-API Security Architect
- AWS Security
Fundamentals(Second
Edition)
-CNSS
- Fortinet NSE 1
Network Security
Associate
- Fortinet NSE 2
Network Security
Associate
5. Vaibhav 10 months 4 years 11 months -Certified Ethical
Srivastava Hacker (v10)
-ICSI | CNSS
6. Anurag Singh 3 years 1 month Comptia Security+
7. Manish Kumar 6 Months 1.5 Years -API Testing(Udemy), -

-Ethical
Hacking(Udemy)
8. Harshit Sengar 1 Month 2 Years ISCP, CSFP
Infrastructure (External/Internal) Network VAPT including the configuration audit

for a subsidiary of the World’s Largest Financial Conglomerate
 Performed comprehensive Vulnerability Assessment and Penetration Test

(VAPT) audit comprising External and Internal Network/Infrastructure
vulnerability assessment and Penetration Testing of Company’s global IT
Infrastructure majorly spread across 3 different locations in the USA, by
probing physical and virtual servers, networks, internet applications, internet
accessible devices, remote devices, firewalls, VOIP system with dedicated
switches, operating systems, Cloud environments and device configurations.
 Project Value- 65+ Lac
Commercial:
 Acunetix,
 Burp,
 Nessus
 Core Impact
 Nexpose
Open source tools
 BackTrack,
 Kali Linux,
 Metasploit
 Paros,
 SQLMap,
 nmap,
 Wireshark
 OWASP ZAP
 Web Scarab
 Aircrack suite
 Nikto
 MBSA
 L0phtcrack: Password Cracker
 OpenVas
 W3af
 SSL Strip
 SOAPUI
 Vookie
 Sqlninja
 BeEF Framework
 Hydra

11. Whether organization has any Foreign Tie-Ups? If yes, give details: No, but QA
InfoTech
Software
Services
Private
limited is now
part of the
Qualitest
group
12. Whether organization is a subsidiary of any foreign based organization? : QA InfoTech

Software
Services
Private
Limited
Company is
not a direct
subsidiary of
a foreign
parent, but
it’s a step-
down
subsidiary of
a foreign
parent.

1. Michigan, USA 2. Toronto, Canada
6 Forest Laneway, North York, Ontario,
32985 Hamilton Court East, M2N5X9
Suite 121, Farmington Hills, Michigan, 48334
*Information as provided by QA InfoTech Software Services Private Limited on August,

10, 2021
Back
M/s Siemens Limited
Siemens Limited,
Birla Aurora Towers, Level 21, Plot 1080,
Dr, Annie Basant Road,Worli, Mumbai - 400030
 Network security audit(Y/N) : Y

 Device Security Audit (Y/N) : Y
 Mobile Application Security Audit (Y/N) : Y
 ICS/ SCADA Security audit (Y/N) : Y
 Embedded System security audits (Y/N) : Y
 ISO 27001 Compliance audits (Y/N) : Y
 IEC 62443 Compliance audits (Y/N) : Y
4. Information Security Audits carried out in last12 Months:
Govt : Nil
PSU : Nil
Private : 17
(Due to COVID pandemic few audits are deferred &overall audits performed
have been limited during the period)


Device Security audit : 1
Mobile Application Security audit : 2
ISO 27001 Compliance audit : 4
IEC 62443 Compliance audit : 4
Total : 39
ISO 27001 Lead assessors : 4

ISA / IEC 62443 certified assessors : 6
CEH : 3
OSCP : 2
CISSP : 1
CISA : 1
CISM : 1
Cyber Forensics : 1
Cyber Law : 1
CISA-CIP : 1
CISA-CSCM : 1
DCPLA : 2
DG-Guardian (DLP) : 1
S. Name of Duration with Experience Qualifications related to

No. Employee Siemens Ltd in Information security
Information
Security
1 Amitava 15 years 12 years ISO 27K LA, IEC 62443,
Mukherjee DCPLA, CISA, CISM
2 Raju John 11 years 7 years ISO27K LA, IEC 62443, Digital
Guardian DLP – Visibility and
Control, DCPLA
3 DM Kulkarni 16 years 12 years ISO 27K LA, CEH, ISA/IEC
62443
4 JoshuaRebelo 4 years 14 years MS in Cyber Law & Cyber
Security, OSCP, ISA/IEC
62443
5 Gopal Mishra 4 years 9 years PGD – Information Security,
CEH, IEC 62443, OSCP, CISA-
CIP, CISA-CSCM
6 Shiv Kataria 2 Years 13 years CISSP, CEH, ISO 27001 LA,
ISA/IEC 62443 Cybersecurity
Expert, PG Diploma in Digital
and Cyber Forensics and
Related Laws
High level Challenge / Scope / Volume Benefits&

customer complexity indicative project
profile value (in million
INR)
Petrochemical Critical › Identify & critical › Risk assessment

Major, India Infrastructure infrastructure protection › Scope definition
protection › Assessment & evaluation for OT security
› Security program program
development › Solution
› Upgradation of security architecture &
posture including implementation
Industrial Control System › Approximate
(ICS) upgrades and Project Value: ₹
implementation of security 50 Mil
components for the ICS
› Handholding in
implementation of OT
security
High level Challenge / Scope / Volume Benefits&
customer complexity indicative project
profile value (in million
INR)
Metal Major, Multiple › Provide transparency on › High visibility on
India manufacturing current OT cybersecurity risks and
facilities status of individual plants vulnerabilities.
› Integrate Heterogenous › Cost effective
fleet of assets with and optimal
multiple protocols and strategy for a
designs global roll out to
› OT security program achieve a higher
development maturity level for
› Implementation of OT Industrial
network monitoring Security
› Remediate low hanging › Approximate
vulnerabilities Project Value:
₹1.3 Mil
Chemicals Lack of › Identify & critical › Establish better

Major, India transparency on infrastructure protection processes to
the security › Assessment & evaluation manage OT
posture of OT
› Security program security.
environment and
lack of cyber development › OT monitoring &
security › Implementation of matured incident
management continuous threat / anomaly
system. detection system for the handling
OT environment › Approximate
Project Value: ₹3
Mil
Petrochemical Multiple zones, › Protection of the › Broader

Major, largely Distributed Control protection
Malaysia distributed yet Systems, Engineering & against malicious
connected
Client stations against attacks
devices
incoming cyber threats › Centralized
› Harmonize distributed security patch
systems management
› Implement centralized › Approximate
monitoring & end point Project Value:
security solution ₹3.2 Mil
› Whitelisting & WSUS
implementation
› Distributed systems
demanding a central
administration console for
managed security
Chemicals Lack of › Asset data evaluation and › Higher
Major, Global transparency on asset management transparency
the asset brings actionable
vulnerabilities at
insights to
multiple
manage OT
manufacturing
facilities across security
the globe › Approximate
Project Value: ₹4
Mil
Open-Source Tools Description

Nmap Port Scanner Port Scanner, Fingerprinting
Netcat Network Utility
John the Ripper Password Analyzer / Cracking
Metasploit Exploit Framework
Kali Hacking tools repository
Netstumbler Wireless Network Detector / Sniffer
Redline Forensics
Wireshark Network protocol analyzer
Nikto Web server/application vulnerability scanner
Dir buster Enumeration tools
Sysinternals Tools Windows debugging utilities
Ssltest SSL Health check
OWASP ZAP Proxy Web server/application vulnerability scanner
MobSF Android Pentesting
Drozer Android Pentesting
JD-GUI Decompiling tool
SQLMAP SQL Injection Tool
Fiddler HTTP Proxy
TCPDump Traffic Analyzer
Commercial Tools Description
Accunetix Web Vulnerability Scanner

Burp Suite Pro Web Vulnerability Scanner + intercept proxy tool
Netsparker Web Vulnerability Scanner
Nessus Network & Web Vulnerability Scanner
Nipper Audit tool
Shodan Threat Intelligence

12. Whether organization is a subsidiary of any foreign based organization : Yes

More than 50% (fifty percent) of the subscribed and paid-up equity shares of Siemens Limited,
India (hereinafter referred to as the “Company”) are held by Siemens International Holding
B.V. and Siemens Metals Technologies Vermogensverwaltungs GmbH, which are indirect
wholly owned subsidiaries of Siemens Aktiengesellschaft, Germany (hereinafter referred to as
“SAG”). By virtue of the aforesaid, the Company is a subsidiary of SAG.
Siemens AG
Siemens Aktiengesellschaft
Werner-von-Siemens-Straße 1
80333 Munich
Germany
*Information as provided by Siemens Limited on 2nd August 2021
Back
M/s Accedere Limited
Accedere Limited
Spaces Inspire Hub, Western Heights,
JP Road, 4 Bunglows,Andheri West, Mumbai 400053
3. Capability to audit, category wise

 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : (Y)
We are also an ISO/IEC Accredited Certification Body
 Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : (Y)
 ICS/OT Audits (Y) We have about 10 years of relevant experience
 Cloud security Audits : (Y)
We are a Cloud Security Alliance (STAR) empaneled Audit Firm
 Privacy Audits : (Y)
Govt. : NIL
PSU : NIL
Private : About 40 per year with main focus on compliance audits
such as SOC 2, GDPR, HIPAA, ISO27001, ISO 27701 etc.
5. Number of audits in last 12 months, category-wise
Network security audit : NIL

Wireless security audit : NIL
Finance Sector Audits (Swift,ATMs, API, Payment Gateway etc.) : NIL
ICS/OT Audits : NIL
Privacy Audits : 20
CISSPs : 1
BS7799 / ISO27001 LAs : 2
CISAs : 1
DISAs / ISAs : NIL
Any other information security qualification:Master in Cyber Security, CEH
(Full Time)

No. Employee Accedere Information Security to Information security
1. Ashwin Initial July 19 years CITP,CISSP, CISA,
Chaudhary 1983 CSIM, CRISC, CGEIT,
CDPSE, CCSK,
ISO27001LA, ITIL,PMP
2. Sama Chaudhary October 2019 5 years BE, CEH
3. Kunal Chaudhary March 2019 7 years BTech Comp Sc, IIT
4. Deepa Sharma June 2020 5 years MTech, ISO27001LA
5. Abhishek Yadav Jan 2022 3 months Masters in Cyber Law
6. Bijesh Mistry Jan 2022 3 months Masters in Cyber
Security
etc.) along with project value. SOC 2 for Jio Platforms Ltd.
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary): Mostly

opensource
10. Outsourcing of Project to External Information Security Auditors / Experts: GenerallyNo.(

If yes, kindly provide oversight arrangement (MoU, contract etc.)) If required
contracts are in place.
Mr Ashwin Chaudhary CEO of Accedere Limited also owns 100% of Accedere Inc USA which is
also an Audit organization and a CPA Firm licenced by Colorado State, and listed with the PCAOB
and Cloud Security Alliance and focusing on SOC 1 and SOC 2 Type 2 Audits for Cloud Data
Security and Privacy. Accedere Inc is also an ISO/IEC Certification Body for Management
Systems covering ISO 27001, ISO 27701 and other Data Security and Privacy Audits. Accedere
Limited manages the SOC & ISO/IEC certifications in India and neighbouring countries from
Mumbai, India. Mr Kunal Chaudhary of Accedere Limited owns a UAE organization to pursue
business in the UAE.
UAE
UnitedStates
70B, Building 280,
999, 18th St,
Taweelah,
#3000, Denver,
Abu Dhabi
Colorado 80202

As mentioned above.
*Information as provided by Accedere on April 7, 2022
Back
M/s Audix Techno Consulting Solutions Private Limited
Audix Techno Consulting Solutions Private Limited
Corporate Office: 108, Lodha Supremus Tower 1, Near New Passport

Office, Road No. 22, Wagle Estate, Thane West, Maharashtra - 400604
Registered Office: B-451, Orchid Corporate Park, Royal Palms, Aarey

Road, Goregaon East, Mumbai-400065
2. Carrying out Information Security Audits since : October 2018

 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) - Yes
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N) - Yes
 Cloud security Audits (Y/N) - Yes
Govt. : Nil
PSU : Nil
Private : 313


ICS/OT Audits: 1
Technical manpower deployed for information security audits:
CISSPs : Nil
BS7799 / ISO27001 LAs : 3
CISAs : 2
DISAs / ISAs : Nil
CEH: 9
OSCP: 1
CCNA/CCNP(In Information Security): 2


Security
1 Vivek T 3.10 Years 11+ Years CISA
2 Sarthi S 3.10 Years 8+ Years CISA, Member of
National Security
Database
3 Girish P 3.10 Years 30+ Years CEH, PMP, DSCI
Cybersecurity Strategist
Certification Program,
White Belt Certification
by Uptime,
Transformational
Leadership by IIT
Mumbai; Device42
Technical Advanced
Certification
4 Rahul S 7 Months 12+ Years ISO/IEC 27001 Lead
Implementer; ITIL
5 Pankaj G 2.9 Years 4+ Years CEH
6 Sreedeep A 9 Months 3+ Years CEH
7 Nikhil R 9 Months 3+ Years CEH
8 Sourav 2.5 Months 2+ Years OSCP
9 Chaitali S 1.9 Years 2+ Years CEH
Client: Suryoday Small Finance Bank Limited

Scope: IS assessments audit for critical IT Infrastructure & Applications as a part of their IT
infrastructure migration from Managed services to On-prem DC. Bank has around 100+ Web
applications, 30+ Mobile Applications & Thin client application etc. for continuous vulnerability
assessments & penetration testing. The Bank’s IT infrastructure consists of around 200+
servers. Audix has been doing Vulnerability assessments, compliance audit of servers & N/W
devices.
 Burpsuite Professional,  WPScan

Nessus  APKTool
 Kali Linux  Python Scripts
 Metasploit  Easyapktool
 MobSF  Frida
 AndroBugs Framework  Seceon
 Nmap  LTS Secure
 SqlMap  Darktrace
 Solarwinds  NMIS
 Wireshark  Drozer
 Qualys  Dibuster, Dirsearch
 W3af
 BeEF
 Open SSL
 Nikto
 Xposed Framework
 Jadx
 apkEasy tool
 Android
 Dex2Jar,

* Information as provided by Audix Techno Consulting Solutions Pvt. Ltd. on 28 Sep

2022
Back
M/s AVASURE TECHNOLOGIES PVT. LTD.
AVASURE TECHNOLOGIES PVT. LTD.

Mr. Jaiveen Mehta – Founder & Director
Address: 4 – Chandra Jyoti, Bhimani Street, Matunga, Mumbai – 400019.
Tel No: +91 9820058628
Email: jaiveen.mehta@avasuretechnologies.com
 Network security audit (Y/N) Y

 Web-application security audit (Y/N) Y
 Wireless security audit (Y/N) Y
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) Y
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N) Y
 ICS/OT Audits (Y/N) N
 ERP Audit (Y/N) Y
 Functional Audit (Y/N) Y
 Process Audit (Y/N) Y
Govt. : <number of> 5

PSU : <number of>
Private : <number of> 18

Network security audit: <number of> 5

Web-application security audit: <number of> 9
Wireless security audit: <number of> 2
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): <number of> 2
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): <number of> 1
ICS/OT Audits: <number of> 0
Cloud security Audits: <number of> 1
ERP Audit <number of> 1
Application Functional Audit <number of> 1
Application Process Audit <number of> 1
CISSPs : <number of> 1

BS7799 / ISO27001 LAs : <number of> 1 (ISO 27001/PCI)
CISAs : <number of> 2
DISAs / ISAs : <number of> 1
Any other information security qualification: <number of> 3 (CEH, OSCP, CISC,
CPFA)

1 Mr. Sudhir Lad 8 months 16 years CISA
2 Mr. Hardik Hingu 4 years, 4 5 years CISA, DISA
months
3 Mr. Ashish 4 months 7 years CISSP
Sarnobat
4 Mr. Suraj Pandey 5 months 5 years OSCP, CRTP
5 Mr. Chirag 4 years, 6 6 years CEH, CISC, CPFA
Solanki months
6 Mr. Irman Ali 4 years, 2 5 years CEH
months
7 Mr. Hardik 2 years, 4 3 years CEH
Solanki months
Largest Project handled was for a large retail client in Dubai, UAE. We had a kick-off meeting,
and the following was our scope of work:
1. Web application Audit: 8 Nos

2. Network & Infrastructure Audit: 92 IPs
3. Mobile Application Audit: 3 Nos
The implementation was carried out on-site as well as remotely. We had given full support to
the client for patching the vulnerabilities & we made sure that the compliance round was done
after 20 days of the preliminary round. We had also conducted a basic security awareness
training for their employees. The total value of the project was Rs. 16 Lakhs.
Freeware Tools
• Nmap, Superscan and Fport - Port Scanners

• Metasploit framework, Netcat, BeEF , Cain & able, Hydra, John the ripper - Penetration
• Process explorer, Sigcheck, Kproccheck - Windows Kernel & malware detection
• Netstumbler , Aircrack-ng suite & Kismet – WLAN Auditing
• OpenVas, W3af, Nikto - Vulnerability scanner
• Social Engineering ToolKit – Social Engineering testing
 Firewalk - Traceroute-like ACL & network inspection/mapping
 Hping – TCP ping utilitiy
 Dsniff - Passively monitor a network for interesting data (passwords, e-mail, files, etc.).
facilitate the interception of network traffic normally unavailable to an attacker
 HTTrack - Website Copier
 Tools from FoundStone - Variety of free security-tools
 SQL Tools - MS SQL related tools
Commercial Tools
• Nessus
• Burp Suite Pro
• Acunetix
• Proprietary Python Scripts

NO
YES
eCloudPro Technologies LLC

PO Box: 57324, 1702, Boulevard Plaza Tower 1,
Sheikh Mohammed Bin Rashid Boulevard, Downtown Dubai,
United Arab Emirates.

NO
NO
*Information as provided by < Avasure Technologies Pvt. Ltd.> on <11-05-2022>
Back
M/s Beagle Cyber Innovations Private Limited
Beagle Cyber Innovations Private Limited

ACE, 4th Floor, CDAC Building, Technopark Campus
Trivandrum – 695581, Kerala, India
Website: https://beaglesecurity.com
Services: https://beaglenext.com
Email: info@beaglesecurity.com
Phone: +91 807 800 9000

 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): Y
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): Y
Govt.: 0
PSU: 0
Private: 71


ICS/OT Audits: 1
CISSPs : 0
BS7799 / ISO27001 LAs : 4
CISAs : 0
DISAs / ISAs : 0


No. Beagle Cyber Information to Information
Innovations Security security
Private Limited
1 Prathapachandran 2 Years 18 Years ISMS LA
2 Rejah Rehim 2 Years 12 Years ISMS LA

3 Manieendar Mohan 2 Years 7 Years ISMS LA
4 Anees PK 2 Years 5 Years ISMS LA

5 Febna V M 2 Years 3 Years MSc Cyber Security
6 Gincy Mol AG 2 Years 3 Years MSc Cyber Security
1. Project for one of the largest banking organizations’ applications.
The scope includes:
o Audit of web application by analyzing and executing advanced testing techniques

against all verified vulnerabilities, mobile application, cloud architecture review.
o Review of existing IT policies and procedures, risk assessment, vulnerability
assessment and penetration testing and secure code review.
o Risk assessment and testing vulnerabilities to ensure that all the false positives and
inaccuracies are removed.
o Performing re-testing post receiving the confirmation from the developers on fixing the
issues.
o Discussion with developers on vulnerabilities identified and suggesting remediation.
o Enterprise cloud architecture and DevSecOps Implementation
o Finalization of report and submission of the same to the client management.
2. Project for one of the financial institutions in India.
The scope includes:
o Audit of their IT infrastructure which contained 150 servers, 8 routers, 10 switches

and other network devices
o Internal network vulnerability assessment and penetration testing
o Network security assessment
o Security configuration review
 Beagle Security
 Nessus
 Qualys Guard
 Burp Professional Suite & Charles Proxy
 Metasploit
 NMAP
 KALI Linux Distribution
 Metasploit
 OWASP ZAP
 Paros
 Fiddler
 SSL Strip
 SQLMap
 Bowser Add-ons / extensions
 Wireshark
 WinHEX
 Nikto
 Wikto
 W3af
 John The Ripper / Hydra
 Social Engineering ToolKit
 Aircrack-Ng
 Android Emulator
 Java De-compiler
 APK Inspector
 APK Analyzer
 Cydia Tool set
 Python scripts
 Go scripts
*Information as provided by Beagle Cyber Innovations Private Limited on 28th September 2022
Back
M/s BSCIC Certifications Private Limited
BSCIC Certifications Private Limited

Location: 1st Floor, &work, 5B/15A, Crown Plaza Mall, Faridabad,
Haryana 121007

<2014>
 Network security audit (Y/N) :Yes

 Web-application security audit (Y/N): Yes
 Wireless security audit (Y/N) :Yes
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N): Yes
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N): Yes
 Mobile security Audits (Y/N) :Yes
 API/Web service security audits (Y/N) :Yes
 ICS/OT Audits (Y/N) :Yes
 Cloud security Audits (Y/N) :Yes
Govt. : <1>
PSU : <0>
Private : <19>

Network security audit: <00>

Web-application security audit: <00>
Wireless security audit: <00>
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.):
(ISO/IEC 27001:2013 TOTAL AUDIT 20)
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): <00>
ICS/OT Audits: <00>
Cloud security Audits: <00>
CISSPs: <2>
BS7799 / ISO27001 LAs: < ISO 27001 LAs - 7>
CISAs: <number of>
DISAs / ISAs: <number of>
 CEH- 3
 CISSP-2
 CNSM-1
 GDPR- 2
 CIISA-1
 CSCU-1
 CHFI-1

1. Sanjay Deshwal 4+ 10+ LA 27001
2. Ribhu Nath 9+ 25+ LA 27001, GDPR

Lavania
3. Akhil Gupta 9+ 25+ LA 27001
4. Karanam Krishna 6+ 15+ LA 27001

Rao
5. Abhirup Guha 9 Month 10+ LA ISO/IEC 27001,

GDPR, CISSP, CNSM,
CEH
6. Rohit Ghosh 9 Month 4+ CSCU, CHFI, CEH
7. Sudipta Biswas 9 Month 25+ LA ISO/IEC 27001,

CEH, CISSP, CIISA
8. Vaishali Sharma 1.5 1.5 LA ISO/IEC 27001
Coforge Limited: Coforge, formerly known as NIIT Technologies, is an Indian multinational

information technology company based in Noida, India and New Jersey, United States. The
company's stock trades on the Bombay Stock Exchange and on the National Stock Exchange
of India under the ticker symbol COFORGE.
POSOCO: Power System Operation Corporation Limited (POSOCO) is a CPSE under the
jurisdiction of Ministry of Power, Government of India. It is responsible to monitor and ensure
round the clock integrated operation of Indian Power System in a reliable, efficient and secure
manner thus serving a mission critical activity. It consists of 5 Regional Load Despatch Centres
(RLDCs) and the National Load Despatch Centre (NLDC)List of Information Security Audit
Tools used (commercial/ freeware/proprietary)
• Burp Suite
• SQLmap
• Nikto
• Wappalyser
• Geny Motion
• Jadx
• Kali

*Information as provided by < organization> on <date>
BSCIC Management Systems Certification,
Office suites 1367, 13th Floor, Sky Lobby, Business Tower Burjuman Sheikh Khalifa Bin Zayed
Road, Al Mankhool, Dubai, UAE
*Information as provided by <BSCIC Certifications Pvt. Ltd.> on <28-09-2022>
Back
M/s BSE Technologies Private Limited
BSE Technologies Private Limited

Location /Office Address: 25th Floor, P J Tower, For, Mumbai,
Maharashtra, 400001

 ICS/OT Audits (Y/N) - N
Govt. : 0
PSU : 0
Private : 3


ICS/OT Audits: 0
CISSPs : 1
BS7799 / ISO27001 LAs : 1
CISAs : 1
DISAs / ISAs : 0
This is a confidential detail, you may contact us on the contact provided below for
details,
Name : Ashish Patel

Phone : 022-22728670
E-Mail : MSOC[@]BSETECH[.]IN (remove [] while sending the mail)
The information is confidential under customer non-disclosure agreements therefore

we are in no position to share this information. Kindly contact us on the contact
details provided above for arranging reference calls.
We uses mix of software to extract best possible results which includes Commercial
Proprietary and Freeware tools.

The same is done basis customer requirements if needed for any part of audit
exercise. Such engagements are governed by strict contracts and MoU which is
confidential in nature and can not be disclosed to any party without consent.

*Information as provided by BSE Technologies Private Limited on 29-Sep-2022
Back
M/s Bureau Veritas (India) Pvt Ltd
Bureau Veritas (India) Pvt Ltd

72, Business Park, 8th Floor, Marol Industrial Area,
Opposite SEEPZ Gate No.2, MIDC Cross Road “C”,
Andheri (East), Mumbai – 400 093.

<2019>
 Network security audit (Y)

 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y)
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (N)
 ICS/OT Audits (Y)
 Cloud security Audits (Y)
Govt. : <9>
PSU : <2>
Private : <2>

Network security audit: <NIL>

Web-application security audit: <Nil>
Wireless security audit: <Nil>
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): <1827> Activity
Audit on Cloud security (ISO 27017) and Data privacy (ISO 27701 and ISO 27018)
along with ISO 20000 – IT Service Management and Business Continuity (ISO 22301)
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): <NIL>
ICS/OT Audits: <NIL>
Cloud security Audits: <YES>
Technical manpower deployed for information security audits:
CISSPs: <NIL>
BS7799 / ISO27001 LAs: <7>
CISAs: <1>
DISAs / ISAs: <NIL>
Any other information security qualification: <B Sc Computer Science, BCA >
Total Nos. of Technical Personnel: Bureau Veritas Exploitation, Paris, France = 5
Secura B.V = 100
Bureau Veritas India Pvt Ltd = 6
1 Adithya Srinivas 1 Year 3 years Bsc Computer Science
2 Ganesh kumar 1 year 3 years MCA
Murugan
3 Mohammed Adhil 1 Year 1 Year BCA
4 JAGADISAN 1 Year 1 Year B E E&C
SIDDARTHA
5 Fabien Pendaries 3 years 21 years Masters in Computing
6 Rajesh Ranjit 8 years 20 Years Diploma Electronics
Zaveri Post Diploma in
Computer
7 Ganesh M Pai 19 years 16 years BE Production
8 Ravindra Kumar 20 years 18 years ISMS Auditor &
Trainer
9 Jayesh Khamer 12 years 10 years ISMS Auditor & Data
Privacy
10 Sanjeev 5 years 10 years ISMS, Cloud & Data
Deshpande Privacy Auditor
11 Sesha 12 years 15 years ISMS, Cloud & Data
Chandrasekhar Privacy Auditor
12 Satya Gopal 8 years 5 years ISMS, Cloud & Data
Privacy Auditor
etc.) along with project value. – NIL.
S.NO Audit / Testing Task Tools

Information Security Policy Review And
Assesment against Best Security
1 Practices TBD
2 Information Security Testing TBD
3 Process Security Testing TBD
4 Application Security Testing BurpSuite
5 wireless security testing Alfacard, Aircrack-NG
6 Network Security Testing Nessus, Metasploit, Nmap, kali Linux
7 Software Vulnerability Assessment Nessus
8 Penetration Testing Metasploit, Nmap, kali Linux

Copy of the letter attached herewith

Parent company agreement attached.
Parent company document attached.
*Information as provided by < Bureau Veritas India Pvt Ltd> on <22-06-2022>

Back
M/s Cloud4C Services Private Limited
M/s Cloud4C Services Private Limited
 Network security audit (Y/N): Y

 Web-application security audit (Y/N): Y
 Wireless security audit (Y/N): N
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N): Y
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N):N
 ICS/OT Audits (Y/N): N
 Cloud security Audits (Y/N): Y
Govt. : 5
PSU : 10
Private : 285


Wireless security audit: NA
ICS/OT Audits: NA
CISSPs : 3
BS7799 / ISO27001 LAs : 11
CISAs : 5
DISAs / ISAs : 0

1 Venkata Pavan July 2021 14+ years ISO 27001 LA
Kumar, Marella CSA Star LA
2 Ravikumar Bijjam April 2018 8+ years CEH
3 Siftain July 2018 10.6 years CEH, McAfee Certified
Product specialist,
Azure Architect, Azure
Security Engineer, MS
365 Certified Security
administrator, Oracle
Cloud infrastructure
security 2021, Oracle
cloud platform Identity
and Security
Management 2021
4 Charan Teja July 2016 9 years
5 Uday Kumar M November 2014 8 years
6 Srikanth Battu June 2016 5 years
Supported BFSI sector client based out of Mumbai covering 1000+ Assets worth of value
~14.5 Crores
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary): Nexpose,

Qualys, Nessus, HCL App Scan, Burpsuite


The company is owned by a Singapore Entity named Cloud4C Technology Pte. Lte
Sl.NO. Country Address SCOPE

1 Cloud4C Service Pvt Ltd, 16,
Datacenter Building, All Floors,
India Software Units Layout, Madhapur
(HitechCity), Hyderabad – 500081,
Telangana, India
2 Cloud4C Service Pvt Ltd, Datacenter
Building, All Floors, Plot
India
No.Gen.72/1/A, TTC Industrial Area,
Mahape, Navi Mumbai - 400701 Co-location Services, Managed Services,
3 Cloud4C Service Pvt Ltd, Datacenter Security Services through Infrastructure
Building, All Floors, Plot No13, Near as a Service (IaaS) , Platform as a
India Service (PaaS) models including Public,
Vakthavarpur Shani Mandir, Sector-
127, Noida-201304 Private & Hybrid Cloud Hosting, 4Copy
Cloud, Virtual Private Cloud, Cloud
managed services on Azure, AWS, GCP
Building, All Floors, PLOT NO. – 15/A,
India and OCP, Disaster Recovery Solutions,
2ND Main Road, Electronic City, Phase
SAP/ERP Solutions, Backup & Recovery
1,
Solutions, CRM, Custom application
5 Bangalore, Karnataka, Postal Code: hosting and Network Management.
India
560 100
Building, All Floors, Suyveyno:115/1,
India
BSEINDIA Building , Financial District,
Nanakramguda, Hyderabad
7 Cloud4C Services Pty Ltd - IBX SY4
Australia Sydney, 200 Bourke Rd, Sydney NSW
2015, Australia
8 Cloud4C Service Pvt Ltd, Equinix HK5
Hong Kong ;Tower 2, 299 Wan Po Road, Tseung
Kwan O, Hong Kong
9 PT Cloud Four Cee Services, Sentul
City,Telkomsigma Data Center Jalan Ir
Indonesia
H Juanda, Cijayanti, Babakan Madang,
Bogor, Jawa Barat 16810, Indonesia.
10 PT Cloud Four Cee Services, CBN Data
Center, Cyber2 Tower 2nd Floor, JL .HR
Rasuna Said X5 No.13, RT.7/RW.2,
Indonesia
East Kuningan, South Jakarta City,
Jakarta 12950, Indonesia CBN Nex DC,
Jakarta, Indonesia.
11 Cloud4C Services KK , SCSK Sanda
Japan DC,2-6-1, Otsuska, Inzai-shi, Chiba,
Tokyo, Japan
12 Cloud4C Services KK , 2-3-1
Japan Akashiadai, Sanda-shi, Hyoqo, Japan-
669-1323
13 Cloud4C Services Limited, 352
United Buckingham Avenue, Slough Trading
Kingdom Estate, Slough, Berkshire SL1 4PF,
United Kingdom
14 Cloud4C Services Limited, 6/7/8/9
United
Harbour Exchange Square, London E14
Kingdom
9GE, United Kingdom
15 Cloud4C Services SDN BHD, VADS Data
Malaysia Center, Jalan Cyber Point 4 , Cyber 8 ,
63000 Cyber Jaya , Selangor Malaysia
16 Cloud4C Services Mexico, Cerrada de la
Princesa 4,Municipio del
Mexico
Marques,Parque Industrial El Marques,
Zipcode 76240,Queretaro México,
17 Cloud4C Services BV, Science Park 610
Netherlands
1098 XH Amsterdam Netherlands
18 Cloud4C Services Limited, Spark
New Takanini Data Center Site 2: Spark
Zealand Takanini DC, 8/30 Walters Rd,
Takanini, Auckland 2112, New Zealand
19 Cloud4C Services Limited, Datacom
New
Kapua Data Centre, 14 Simsey Place,
Zealand
Te Rapa, Hamilton 3200 New Zealand
20 Cloud4C Services Inc, Globe Data
Philippines Center , 2275 Chino Roces Extension ,
Makati City , in front of Volvo
21 Cloud4C Services Inc, PLDT Data
Center, 222 Nicanor Garcia, Brgy., Bel-
Philippines
Air, Makati City, Metro Manila,
Philippines
22 Cloud4C Service Pvt Ltd, Edificio Data
Protugal Center Covilhã Sitio da Grila - S. Pedro
6200 - 065 Covilha ;
23 Cloud4C Services LLC, MEEZA (M-
Qatar VAULT 2) Data Center, Umm Qarn 10
km from Al Khor, Doha City Qatar,
24 Cloud4C Services LLC, MEEZA (M-
VAULT 2), Qatar Science & Technology
Qatar
Park, Tech 2, Office # 106, 1st Floor,
PO Box 892, Doha Qatar
25 CloudFourC Services PTE LTD, Mobili
KSA Building, Fayah City, Jeddah, Saudi
Arabia
26 CloudFourC Services PTE LTD, NourNet
KSA Data Center, Ibn Al Haitham, An
Nahdah, Riyadh 13222
27 Cloud4C Services PTE LTD, Singtel
Singapore KCT2- Data Center - 38A kim chuan
road 537066
28 Cloud4C Services PTE LTD, Equinix SG3
Singapore Data Center : 26A Ayer Rajah
Crescent, Singapore 139963
29 Cloud4C Services Korea Ltd., C/o
South Autoever, 75, Jingoksandanjungang-ro,
Korea Gwangsan-gu, Gwangju, Korea Pin
62207
30 Cloud4C Services Korea Ltd, C/o
South Autoever, 148-43, Palhakgol-gil, Jori-
Korea eup, Paju-si, Gyeonggi-do, Korea Pin
10939
31 Cloud4C Service Pvt Ltd, IBX ZH5
Switzerland (Oberengstringen), Almendstrasse 9
Oberengstringen 8102 CH
32 Cloud4C Services Co.Ltd, TrueIDC Data
Center, Muang Thong Thani, 47/553-
554, 557-558 Moo3, 8th Floor New
Thailand
Geneva Industry Condominium,
Popular 3 Road, Bannmai, Pakkred,
Nonthaburi, 11120
33 Cloud4C Services Co.Ltd, 700/86 Soi
Amata Nakom Industrial. Tambon Ban
Thailand
Kao, Amphoe Phan, Thong, Chang Wat
Chon Buri 20000
34 Cloud4C Services Danismanlik Limited
Sirketi, Turkcell Superonline,GOSB
Turkey
Tembelova alanı 3300.Cadde No:3314
Gebze/ Kocaeli,
35 Cloud4C Services Danismanlik Limited
Sirketi, Turkcell Superonline, İTOB
Turkey Organize Sanayi Bölgesi, 10.005
,Sokak No: 37 Tekeli Köyü Mevkii
Menderes ,İzmir Türkiye
36 Cloud4C Services FZ-LLC, Equinix DX1
Data Center, F92 pre built unit Sheikh
UAE Mohammed Bin Zayed Road,
International Media Production Zone,
Dubai, United Arab Emirates
37 Cloud4C Services FZ-LLC, AD1 Equinix
International Business Exchange™
UAE (IBX) Data Center (Abu Dhabi) Khazna
Data Centre Masdar City Abu Dhabi
500389 AE
38 Cloudd4C Services INC, DC11, 21731
USA
Filigree Court, Ashburn, VA. 20147
39 Cloud4C Services INC CH3, 1905 Lunt
USA
Avenue, Elk Grove, IL 60007
*Information as provided by Cloud4C Services Private Limited on 28-Sep-2022
Back
M/s CMS IT Services Pvt. Ltd.
CMS IT Services Pvt. Ltd.

Bangalore, Delhi/NCR, Mumbai, Kolkata, Pune, Chennai, Ahmedabad,
Jaipur, Bhopal, Chandigarh, Lucknow

 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N) : No
 ICS/OT Audits (Y/N) : No
 Mobile Application Security : Yes
 Source Code Audit : Yes
 Cybersecurity Frameworks Audit : Yes
 CSOC Audit : Yes
Govt. : 1
PSU : 1
Private : Nil


Wireless security audit: Nil
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): Nil
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): Nil
ICS/OT Audits: Nil
Cloud security Audits: Nil
CISSPs : Nil
BS7799 / ISO27001 LAs : 4 Nos.
CISAs : 1 Nos.
DISAs / ISAs : Nil
Any other information security qualification:3 Nos.
1 Manjeet Singh August 2016 10 Years CISA , ISO/IEC 20000,
ITSM,ISO
27001:2013,
ISMS,ISO/IEC 27001-
27002 Lead Auditor,
CompTIA Security+ ,
CEHV11
2 Sanjay Singh April 2007 8 Years ISO 27001, ISO 20000
, Six sigma black belt,
3 Tariq Syed June 2004 6 Years ISO 27001:2013 Lead
Auditor
4 Sampad Sourav Feb 2019 3 Years CEH, Cyberark
Bhaisal Trustee
5 Blessing Stanly Feb 2019 3 Years CEH, CCNA, Cyberark
Trustee, Mcafee SIEM
6 Naveen May 2019 3 Years CEH, Cyberark
Trustee, Mcafee SIEM
7 Sourav Mandal Dec 2021 2+ Years Certified Ethical
Hacker (CEH)
8 Suchismita Dec 2021 3+ Years Certified Global Ethical
Hacker (CGEH)
9 Sucharita Jan 2022 2+ Years Certified Ethical
Hacker (CEH),
Certified Global Ethical
Hacker (CGEH)
10 Nilamani Behera Jan 2022 3+ Years Certified Global Ethical
Hacker (CGEH), ISO
27001-2013 Certified
Lead Auditor, Certified
Ethical Hacker V11,
11 Kalptaru Bhola Nov 2021 2+ Years

Master in Cyber
Security (MCS),
Certified Ethical
Hacker (CEH),
Hacker (CGEH)
12 Bhanu Pratap Nov 2021 2+ Years
Master in Cyber
Security (MCS),
Certified Ethical
Hacker (CEH),
Hacker (CGEH)
ONGC is our Managed services contracts where CMS IT is providing the AMC and FMS Support services
PAN India (35+) Locations. Assets covered under the contract are more than 40,000 Nos. which
includes network devices, servers, PC, peripherals etc.. More than 400 Nos. of FMS engineers have
been deployed to deliver onsite service operations. In this, managed services contact we are doing
VA/PT for all network devices, servers and applications. Security audit, being a part of contract, there
is no additional commercial value associated or mentioned in purchase order.
VAPT has been done for approx. 3000 no. of devices which includes server, network switches,
websites, mail servers etc. Below are the key activities covered in scope.
• Review of current configuration of IT security devices
• Internal and external vulnerability assessment
• External penetration testing
• Review of Network and Security Architecture
• Security assessment of IT components
• Audit of Trend Micro OfficeScan Corporate Edition (OSCE) Policies at ONGC
• Review of Desk top related security issues
• Information security policy review
• Review of Security Policies and procedures
• Review of Roles and responsibilities
Above activities were performed using below methods. The Approach was based on the best practices
of most reputed international standard on information security such as ISO/IEC 27001:20013 and
other best industry standard
 Familiarization of the current policies, procedures, practices, processes, network, servers,

applications running on the servers and desktops through interviews with the key personnel
 Vulnerability scanning
 Verification of the configurations of devices, servers and desktops
 Penetration testing
 Table top reviews
Tools Licence Type Tools Licence Type

Nessus Commercial W3af Freeware
Burp Suite Commercial Wire Shark Freeware
Qualys Commercial Ettercap Freeware
Social Engineering Tool
netsparker Commercial Kit Freeware
Acunetix Commercial Exploit database Freeware
cobalt strike Commercial Aircrack-Ng Freeware
OWASP ZAP Freeware Hydra Freeware
Nmap Freeware Directory Buster Freeware
Nikto Freeware SQL Map Freeware
Firewalk Freeware CAIN & Able Freeware
Hping Freeware BeEF Freeware
HTTrack Freeware Charles Proxy Freeware
John Freeware Hetty Freeware
Meta Sploit Freeware GoBuster Freeware
Ethereal Freeware Hashcat Freeware
NetCat Freeware Mimikatz Freeware
OpenVas Freeware



*Information as provided by CMS IT Services Pvt. Ltd. on 29th September 2022
Back
M/s CODE DECODE LABS
CODE DECODE LABS
HEAD OFFICE ADDRESS: -

M/S. CODE DECODE LABS PVT. LTD.,
A-02, ‘Cassiopeia Classic’, Near Pancard Clubs,
Baner, Pune – 411045 (MAH), India.
Phone: +91 (020) 20251477,
Fax: +91 (020) 20251477
NEW DELHI: E-372, Kalkaji, New Delhi - 110019, India.

MUMBAI: Flat No.201, Dheeraj Towers, Building 1, Saibaba Complex, Mohan Gokhale Road,
Goregaon (East), Mumbai - 400063 (MAH) India.
BANGALORE: G-01, Dolphin Dew Appts., Boganhalli Main Road, Panathur,
Kadubeesanahalli, Bangalore - 560103 (Karnataka) India.
Mobile: +91-9545852578 / +91-7887801188

Email: vivaan@codedecodelabs.com,
alisha@codedecodelabs.com,
audits@codedecodelabs.com,
https://www.codedecodelabs.com
 Network Security Audit : Yes

 Web Application Security Audit : Yes
 Wireless Security Audit : Yes
 Compliance Audits (ISO 27001, IEC 62443, IEC 27019, PCI DSS, etc.) : Yes
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : Yes
 Payment Gateway Audit : Yes
 OT/Industrial Control Systems (ICS, SCADA, DDCMIS, DCS) Audits : Yes
 IT & OT Audit of Power Generation, Power Transmission & Power Distribution : Yes
 Cloud Security Audits : Yes
 DevOps & DevSecOps Consulting : Yes
 Cyber Security Threat Analysis : Yes
 V-CISO As A Service (V-CISO) : Yes
 Red Teaming, Purple Teaming & Blue Teaming : Yes
 Vulnerability Management As A Service (V-MAAS) : Yes
 Vulnerability Mitigation & Patch Management : Yes
 Website, Server & Firewall Security Testing Audits : Yes
 Physical Access Controls & Security Testing : Yes
 Cybersecurity Monitoring : Yes
 Cyber Incident Management & Defense : Yes
 Security Asset Management : Yes
 Managed Application Security : Yes
 Software Product Security Testing - Threat Assessment : Yes
 Black Box & White Box - Vulnerability Assessment & Penetration Testing (VA & PT)
: Yes
 Encryption Security Assessment Audits : Yes
 Embedded System Security : Yes
 Malware Reverse Engineering & Forensics Testing : Yes
 Security Code Review (SCR) : Yes
 Business Continuity Management (BCMS) : Yes
 Disaster Recovery Planning Management (BCP & DR) : Yes
 Incident Response Management – SIEM & SOAR Analytics : Yes
 Red Teaming - Security and Response Management : Yes
 Cyber Security Awareness Drills : Yes
 Information security policy review and assessment against best Security Practices
: Yes
 Security Patching for Applications & Software : Yes
 Compliance Process Security Testing – GDPR, PCIDSS, ISMS, ISO 27001, ISO 20000,
ISO 25999, ISO 22301, COSO, COBIT, BASIL, SOX, HIPAA, NIST, ITU & ENISA
Security Matrix etc. : Yes
 ISP Network & Communication Security Devices Testing : Yes
 Block Chain Security & Cyber Analytics : Yes
 Mobile Application Security Testing and Development : Yes
 e-Commerce Architecture Security : Yes
 National Critical Infrastructure & Grid Security : Yes
 Cyber Operations & Defense Response Management : Yes
 Cyber Infrastructure Operational Security : Yes
 Managed Security Services (MSS) : Yes
 Building & Maintaining Security Operations Centre (SOC) : Yes
 SOC & SIEM Monitoring Review Audits : Yes
 SOAR Security Orchestration, Automation and Response Audit & Review : Yes
 Independent Verification & Validation for Information Systems Audit -
RBI/NABARD/IRDA/NBFC/ SEBI Stock Brokers/DP Compliance audit : Yes
 SEBI Cyber Security & Cyber Resilience Framework : Yes
 UIDAI – AUA KUA Compliance Security Audit : Yes
 Functional Audits (CBS/Treasury/BBPS/CTS/In-House Software) Audits : Yes
 VSCC Certificate for SBI – Vendor Site Compliance Certificate : Yes
 ISNP Security Audit : Yes
 RBI - Cyber Security Framework for Urban Cooperative Banks : Yes
 RBI - Guidelines for Payment Aggregators and Payment Gateways : Yes
 RBI - Guidelines for Cyber Security in the NBFC Sector : Yes
 Scalability and Resiliency Audit : Yes
 IS Compliance Audit as per Government Guidelines - IT Acts, CVC, RBI, SEBI, TRAI
: Yes
 IT Risk Assessments : Yes
 Formulation of IT policies & Procedures : Yes
 Formulation/Review of Cyber Crisis Management Plan (CCMP) : Yes
 Data Migration Audit : Yes
 ERP Audit (SAP, Oracle etc) : Yes
 Source Code Review (SCR) : Yes
 Load Testing/Performance Testing : Yes
 Functional Testing : Yes
 Usability Testing : Yes
 Portability Testing : Yes
 Inter-operability Testing : Yes
 Accessibility Testing : Yes
 Configuration & Compatibility Testing : Yes
 DDoS Assessment : Yes
 IoT Audit : Yes
 Social Engineering : Yes
 System Audit Report for Data Localization (SAR Audits) : Yes
 Cloud Security, Outsourced DC and DR site audits : Yes
 Server/Firewall/Database/Email Configuration Review : Yes
 CSOC/DLP/FW/IPS/WAF/PIM/SIEM/Security Products Audit : Yes
 Cyber Resilience/Business Continuity/Disaster Recovery Audits : Yes
 SOC 1, SOC 2, Type I, Type II (SSAE18 & ISAE3402) - Implementation, Compliance
Audit & Certification : Yes
 Malware Analysis & Reverse Engineering : Yes
 NIST & ITU Compliance of Cyber Security Assessment Framework (CSAF) : Yes
 Digital Forensics Investigation (Mobile Forensics, Computer Forensics, Audio/Video
Forensics, Network Forensics, CDR Analysis, Email Forensics etc. : Yes
 Assistance on IT Acts, Cyber Laws, International Data Protection Acts & on Privacy &
Data Protection Bill (PDPB) & Regulatory Compliances : Yes
Govt.: 500+
PSU: 25+
Private: 350+
5. Number of audits in last 12 months, category-wise –
 Network Security Audits : 100+

 Web Application Security Audits : 300+
 V-CISO As A Service (V-CISO) : 20+
 Red Teaming, Purple Teaming : 30
 Vulnerability Management As A Service (V-MAAS) : 25+
 Wireless Security Audits : 150
 International Infosec Compliance Audits (ISO 27001, IEC 62443,
IEC 27019, PCI, etc.) : 50
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : 35
 Cloud Security Assessment & Review Audits : 80+
 E-Commerce Architecture Security Assessments : 20+
 Payment Gateway Audits : 25
 Industrial Control Systems (ICS, OT, SCADA, DDCMIS, DCS) Audits : 30+
(Power Generation, Power Transmission & Power Distribution)
 Telecom & ISP Audits : 15+
 Information Systems Audit : 30+
 IS Audit of Bank as per RBI Gopalakrishna Committee Report & SEBI guidelines: 20+
 Regulatory Compliance audit as per Government Guidelines (IT Act, CVC, RBI, SEBI
etc.) : 30+
 IT Risk Assessment : 50+
 Formulation of IT policies & Procedures : 30
 Data Migration Audits : 10+
 UIDAI AUA/KUA Audit : 10+
 RBI Regulatory Audits / SAR Audits : 35+
 SAP & ERP Audits (SAP Modules, Oracle etc) : 20+
 Source Code Review (SCR) : 10+
 Software Testing - Load Testing/Performance Testing : 20+
 Software Testing - Functional Testing : 20+
 SOC Monitoring Review Audits : 20+
 Independent Verification & Validation : 15+
 SOAR Security Orchestration, Automation and Response Audit & Review : 15+
CISSPs : 7
ECSA : 4
OSCP : 5
OSCE : 3
ISO 27001 LAs / ISO 27701 : 8
ISO 25999 LAs / ISO 22301 : 5
CISAs : 5
DISAs / ISAs : 3
CISM : 3
CGEIT : 2
SANS GIAC Certified Professionals: 5
MCSA/MCSE: 3
PCI DSS : 3
ITIL : 3
DCPP : 2
CIPP : 3
CBCP : 2
CCSP : 3
CEH/CCNA/CASP/MBCI/OSCP: 10
Any other information security qualification: SANS, MILE2 & CDAC Certified Security
Professionals.

No. Code Decode Labs Information Information Security
Security
1) Vivaan Thakral 10 Years 22 Years B.E., M.S., CISSP, CISM, CRISC,
SANS GIAC, PCI DSS QSA, ITIL, PRINCE
2.
2) Pallaw Mishra 4 Years 20 Years M. Tech (Cyber Security), CISSP, OSCP,
GPEN, PRINCE2, SOC I, II, III
3) Col Gautam Pathak 8 Years 12 Years B. Sc, ISO 27001 LA, ISO 25999
4) Captain Vivek 5 Years 15 Years B. Com, MBA, ISO 27001 LA
Kamat
5) Neha Bagmar 8 Years 10 Years B. E., CISM, PMP, ECSA, ISO 27001 LA,
CDAC Certified Security Pro, DSCI DIPP
6) Sachin Singhai 12 Years 16 Years B. Tech, PRISM, CISA, CEH, CHFI,
CWASP, ISO
27001 LI, Cyber Laws, ISO/IEC 27701
7) R Kulkarni 8 Years 22 Years MCA, CISSP, CISM, CGEIT, ITIL, ISO
27001 LA, ISO 14001, ISO 20000, ISO
22301.
8) Ashish Mehta 3 Years 10 Years B. Tech (IIT), ECSA, CWASP, CCSA,
Cloud Security Engg (CCSP),
ISO/IEC 27701 Auditor
9) Shilpa Nayak 10 Years 14 Years M. Tech, MCSE, RHCE, CCSP, ISO 27001
LA, SANS GAWN, SANS GSEC, SOC II
10) Shubham Upadhyay 8 Years 8 Years BCA, CCNP, RHCE, CWASP, CASP+
11) S. Vishakha 8 Years 6 Years B. Com, CISM, ISO 27001 LA,
ISO 22301 LA, PCI QSA, SAP GRC.
12) Amit Awate 8 Years 12 Years B. E., CEH, CWASP, CASP+, ISO 27001
LA
13) Sapna Shah 5 Years 5 Years B. Com, MBA, ISO 27001 LA,
TUV Certified Security Auditor
14) Michael Govardhan 6 Years 8 Years B. Sc., CDAC Certified Security Pro
15) Rahul Kasabi 4 Years 5 Years BCA, CEH, CHFI, CASP+
16) K Satyajit 8 Years 8 Years B. Sc, CCNA, CISA, CEH, ECSA, ISO
20000
17) Yogita Surve 2 Years 2 Years BCA, CEH, MILE2 CPTE, MILE2 CCSA
18) Niraj Sharma 2 Years 5 Years B.E., OSCE, RHCE, GPEN, eWPTX
19) Rohit Raj Ojha 7 Years 7 Years B. E., CCNP, CCSP, OSCP, CEH, SAP GRC
20) Snehal Chaudhari 4 Years 4 Years B.E., CHFI, CEH, RHCE,
CDAC Certified Security Engineer
21) Vinit Pandey 7 Years 7 Years BCA, PRISM, CCNA, LPT, ISO 27001 LA,
GIAC GWAPT, Firewall Engg.
22) Prabhjeet Singh 8 Years 8 Years MCA, PRISM, CWASP, CISE, ISO 27001
LA
23) Jatinder Paul 6 Years 6 Years B. Tech, eWPTX, CBCP, CCSP
24) Alagu Jeeva 3 Years 8 Years B. Tech, CISSP, ECSA, CEH, GPEN
25) Sachin Sathe 6 Years 10 Years BCA, CHFI, ISO 27001 LA
26) Hardik B Jain 7 Years 7 Years B.E., CASP+, ISO 27001 LI, DSCI DCPLA
27) Alisha Kurian 3 Years 5 Years B. Tech, Security+, CASP+, ISO 22301
Sr. Client & Location Details Project Scope & Delivery Details Project
No. Value (In
INR)
Red Teaming, Cyber Security Architecture

Telecom Regulatory Authority, Review, Cyber Threat Assessment,
1) Indonesia Cyber Security Operation Center (C-SOC), 3.98 Crore
– Multiple Locations Security Incident Management, VAPT,
Web & Mobile Application PT, Security Code
Review (SCR), System Forensics & Malware
Assessment, Information Security (ISMS) &
Data Protection Awareness Trainings.
Cyber Security Architecture Review, Cyber

Leading Oil & Refinery Security Operation Center (C-SOC), Security
2) Company of Dubai & Middle Incident Management, Application Software 1.85 Crore
East - VA-PT, ISMS, Security Code Review,
Multiple Locations Information Security & Data Protection
Awareness Trainings
Security Incident Management, SCADA OT

Audits, VAPT, Web Application Testing,
3) Aerospace Engineering Security Code Review, System Forensics & 86 Lakhs
Corporation, Malaysia Malware Assessment, Data Protection &
Information Security Awareness Drills, Data
Protection Compliance Trainings
Red Teaming, Mobile Banking Application

Security Testing, Web Application Security,
4) National Banking & Finance Cloud security, Cyber Security Architecture
Corporation, Mumbai, India. Development, SOC Lab Set-up,
ISO 27001, PCI DSS, Security Incident
65 Lakhs
Management Response Cell, Security Code
Review (SCR), System Forensics & Malware
Assessment, Cyber Incident Handling
Trainings
Cyber Defense Unit, Cyber Security Threat Analytics & Operational

5) Ministry of Defense (MoD) Security Incident Response: Software, ----
Government of India, India. Analytics & Report Documentation
We utilize mix of all commercial, licensed, freeware & proprietary editions of these following tools with
its respective latest versions & updates –
Commercial Tools Freeware Tools Proprietary Tools
 Application Security Testing  Putty

Tools:  NMAP + Zen Map
 Appscan  Router Sploit CyShieldz
 Qualys Guard
 Superscan
 Appknox
 AirCrack - Ng Suite Zoneshield
 Veracode – Vul Analyzer Toolkit
 Nessus – Vulnerability Scanner  Fport - Port Scanners
 Burp Suite -Pro  Echo Mirage Cyinteller
 Accunetix - Web App Auditing  Snort
 Nexpose  Kali Linux CyFence
 Shodan  Paros Proxy Lightweight
 Core Impact ThreatHunterz
 Metasploit Framework
 Qualys Cloud Platform
 CheckMarx  ImmuniWeb
 Hydra CypherX
 Fiddler Core
 Vulnerability Management  MBSA
CDR LinkNet
Suite -  Netcat
 Netskope  DNS Dumpster
 SecPod  Fierce
 Holm Security
 Scapy
 Micro Focus Fortify
 SonarQube  Maltego
 Netsparker  OllyDbg
 SOC & MSS Tools: VEGA,  BeEF (Browser
AlienVault Unified Security Exploitation)
Management (USM), CrowdStrike  L0phtCrack: Password
Falcon, LogRhythm XDR Stack, Crackr
• Rapid7 Insight Platform,  SQL Map
SolarWinds Security Event
 FOCA
Manager, TrendMicro XDR,
 OpenVAS
Manage Engine
 SQL Ninja
 SIEM Tools: IBM QRadar  Cain & Able
Security Intelligence Platform,  HTTP Toolkit
Splunk, ArcSight ESM Software,  IronWasp
NetIQ / Micro Focus, Trustwave,  OWASP ZAP
AlienVault, BlackStratus, Intel  Signcheck
SIEM, SolarWind, LogRhythm,  APK Analyzer
RSA  Process Explorer
 Kproc Check - Windows
 SOAR Tools: Splunk Phantom,
Kernel & Malware
IBM Resilient, Exabeam, DFLabs
IncMan, RespondX, SIRP. Detection
 Netstumbler
 Parrot QA  Kismet – WLAN Auditing
 Arbutus Analyzer - Migration  AppSpider
Audit & Log Analysis  Directory Buster
 Social Engineering ToolKit –  SSL Strip
 Internet Evidence Finder  W3af
 CSRFT Tester
 Forensics Imaging & Analysis  Wapiti
Tools: FTK, Tableau, Paraben  Nagios
E3:DS  Ettercap
 Data Recovery Tool: E4SeUS  Retina
Recovery Wizard  Tamper Data
 CDR Analysis Tool: CDR & Tower  Nikto - Vulnerability
Dump Analysis Tool Scanner
 Video Forensics: Kinesense LE  Web Inspect
 Mobile Forensics: MobilEdit,  Wireshark – Packet
UFED4PC Analyzer
 John the Ripper – Password
Cracking Suite
 Passware – Password
Cracking
 Mobile Application Security

Testing Tool:
 Android Debug Bridge
 Cydia Impactor
 MobSF
 Android Emulator
 Drozer
 iMas
 Frida
 CodifiedSecurity
 Ghidra

13. Whether organization has any Foreign Tie-Ups? If yes, give details:
We have been working closely with 30+ (Thirty) ‘Cyber Security Consulting Services Provider
Companies’, as their back-end delivery, services & support partner. These organizations are from 10
different countries situated and serving in ASEAN, APAC, Europe, UAE, Middle East, Latin America &
Africa markets.
For this purpose, we abide to practice stricter, ‘Confidentiality and Non-Disclosure Agreements’
before engaging with various consultants for assignments. Also, all of our team members have to
strictly adhere to IT Security and other Policies of ‘Code Decode Labs’ along with all Data Protection
compliance policies of the clients during the course of the engagement.

*Information as provided by - Code Decode Labs on 28/09/2022.
Back
M/s CYBERNERDS SOLUTIONS PRIVATE LIMITED
CYBERNERDS SOLUTIONS PRIVATE LIMITED , Trichy

2018

 Finance Sector Audits (API, Payment Gateway etc.) : Yes
 Cloud security Audits : Yes
 Secure Code Review : Yes
 IoT Security Assessment : Yes
Govt. : 1
PSU : 0
Private : 33


Finance Sector Audits (API, Payment Gateway etc.) : 3
ISO27001 LAs : 3
CISAs : 2
CISMs : 1
CEHs : 4
GDPR Lead Implementers : 2

CYBERNREDS Security Information security
1 Sasi >2 >8 CISA, CISM, ISO 27001
Lead Auditor, GDPR
Lead Implementer,
CEH
2 Sowmya <2 >12 CISA, ISO 27001 Lead
Auditor
3 Rajesh <4 >5 CEH, AZ-500
4 Yogesh Kumar <2 >1 CEH
5 Amuthan <2 >1 -
 Leading NBFC in India:

o Application Security Audits for all their web and mobile applications
o Network Security Assessments for complete infrastructure
o ISO 27001 Implementation
o ITGC Audit
o API and Cloud Security Assessments
o Value: Approx. 20Lacs INR
 Data Analytics SaaS provider:

o Application Security Audits for all their web and mobile applications
o Network Security Assessments for complete infrastructure
o API and Cloud Security Assessments
o Value: Approx. 10Lacs INR
Opensource / Freeware Commercial
1. Nmap
2. Nikto
3. Sqlmap
4. Zedproxy
5. Kali Linux 1. Burp Suite Pro
6. Wireshark 2. Nessus
7. OWASP Zap
8. Metasploit
9. MobSF
10. OpenVAS


*Information as provided by CYBERNERDS SOLUTIONS PRIVATE LIMITED on 28th September

2022
Back
M/s DigitalTrack Solutions Private Limited
DigitalTrack Solutions Private Limited

No. 9, Vinayak Koil Street, Venkatapuram, Little Mount, Saidapet, Chennai -
600015, Tamil Nadu, India.

<2018>

 Cloud security Audits (Y/N) – Y
 Red Team assessment (Y/N) – Y
Govt. : None
PSU : None
Private : 65


ICS/OT Audits: 2
CISSPs : None
BS7799 / ISO27001 LAs : 1
CISAs : 1
DISAs / ISAs : None
Any other information security qualification: OSCP, CDPSE, CRISC, ISMS LA
Experience in Qualifications related

Duration with
S. No. Name of Employee Information to Information
<DigitalTrack>
Security security
1 Rohit 2 4 OSCP, CEH
2 Kota Nagaraju 6 yrs 7 months 6 CEH
3 Sunil Kumar 5 5 CEH
4 Kewin 2 3 OSCP, CEH
5 Janakiraman 4 4 CEH
6 Ahutiben Patel 1 2 CEH
Subramaniam CISA, CDPSE, CRISC,
7 2 months 25 years
Lakshminarayanan ISMS LA
Task Summary QTY
Vulnerability identification and Exploitation

900+
(Desktop/Laptop)
Servers Virtual 80
Servers Physical 26
Infrastructure Routers 5
PT
Firewalls (Black Box & White Box) 3
Switches 39
Public IP Address 10
A+E Corporate & Dubai Click & Collect Retail Site 1

A+E Ecommerce site, B2C Website 1
B2B Website 1
A+E Internal productivity applications (LICMON &

1
STOCKTAKE)
A+E Internal returnable asset tracking 1
A+E BI software 1
Web A+E BI software 1
Application PT
A+E BI software 1
SSL VPN Portal 1
Cisco Jabber Hosting 1
Red Team Testing (whole infrastructure) 1
Cloud Architecture Audit & Review 2
Cloud Security Audit & Review 2
Firewall Policy Review 2
Completion of all assessment activities as outlined in

Gray Box 1
Scope
Security
Maturity
Assessment Submission of Analysis & Report 1
Wireless Wireless Assessment without credentials for 4– Total 7

7
Security Audit Access Points)
Locations Ras Al Khaimah, Fujairah, Dubai Mall, Marina Mall 4

Metasploit
• Nexpose
• Nessus
• Nipper
• Netsparker
• HCL App Scan
• Checkmarx
• Burp Suite
• Nmap
• SSLScan
• Wireshark
• Immunity Canvas
• Immunity Silica
• Hak5 (Pineapple Wifi)
• Social Engineering Toolkit
• Kali Linux
• Aircrack-ng
• Ettercap
• John the Ripper
• Kismet
• Maltego
• Cuckoo
• Volatility
• sslstrip
• hping3
• dnswalk


Dubai – UAE
DigitalTrack computer trading LLC
BC2-01, Al Attar Business Center,
Plot No 373-107, Al Barsha 1
Doha – Qatar
DigitalTrack Solutions Trading WLL
Zone 24, Street 830, Building 5,
Office 3, First Floor, Muntaza Area,
Rawdat and Khail, Doha- Qatar
*Information as provided by DigitalTrack on 29/09/2022
Back
M/s DREAMWORKS INFOTECH PRIVATE LIMITED
M/s DREAMWORKS INFOTECH PRIVATE LIMITED

Address: 277 K-5 Road No: 2, Dam Side Road,
Kanke Road, Ranchi, Jharkhand Pin code - 834008, India
 Network Security Audit : Y

 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : N
 Cloud Security Audits : Y
 Source Code Review : Y
 Mobile Application Audit : Y
 Vulnerability Assessment : Y
 Penetration Testing : Y
 Red Team Assessment : Y
 Database Configuration Review & Audit : Y
Govt. : 0
PSU : 0
Private : 14+


Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.):0
ICS/OT Audits: 0
API Security Assessment: 3
Mobile Application Security: 1
Database Configuration Review & Audit: 1

CISSPs :
BS7799 / ISO27001 LAs : 1
CISAs : 1
DISAs / ISAs :
CEH: 3
CCNA: 1

Duration with Experience Qualifications

S. Dreamworks in related to
Name of Employee
No. Infotech Pvt. Information Information
Ltd. Security security
1 Mr. Deonandan Oraon 12.9 Years 12.9 Years CISA, CEH
2 Mr. Dhananjay P. Singh 5.6 Years 8 Years CEH
3 Mr. MD.Kamran Khan 5.6 Years 5.6 Years ISO 27001 LA
4 Mr. Anmol Akash Khalkho 5.6 Years 5.6 Years M.C.A.
5 Mr. Praveen Kumar Kachhap 5.4 Years 5.4 Years B. Tech.
6 Mr. Mithilesh Kumar Yadav 8.8 Years 8.8 Years MBA(IT)
7 Mr. Ratan Topno 6.10 Years 6.10 years CCNA
8 Nishat Aafreen 1.1 Years 4 Years CEH
Scope: Cloud based Web Application with multiple modules and user roles along with
API End Points.
Project Value: N/A
(Information confidential due to compliance with Non-Disclosure Agreement with
the client/customer.)
Web Application Network/Server/Wireless API
1 Burp Suite 1 Metasploit 1 Postman

2 OWASP ZAP 2 Nmap 2 FuzzAPI
3 SQLmap 3 Wireshark 3 Astra
4 wpscan 4 Aircrack-ng 4 Soap UI
5 Nikto 5 tcpdump
6 W3af 6 Netcat
7 John The Ripper 7 Kismet
8 Dirbuster
Mobile Application Others Cloud
1 APK Tool 1 Exploit DB 1 Kube-hunter

2 MobSF 2 Kali Linux 2 Docker Bench
3 dex2jar 3 Customized Scripts 3 Dagda
4 Drozer
10. Outsourcing of Project to External Information Security Auditors / Experts:

( If yes, kindly provide oversight arrangement (MoU, contract etc.)) : No
11. Whether organization has any Foreign Tie-Ups? If yes, give details: : No
12. Whether organization is a subsidiary of any foreign based organization?: : No

13. Locations of Overseas Headquarters/Offices, if any: : No
*Information as provided by DREAMWORKS INFOTECH PRIVATE LIMITED on 28th Sept 2022
Back
M/s ESF Labs Limited
Registered Office:
ESF Labs Limited

NO.SRT-253, 2nd Floor, Main Road,
Sanath Nagar, Hyderabad,
Telangana, India – 500018.
Corporate Office:
ESF Labs Limited

1-624/2, Bank Colony, Chilakaluripet, Guntur District,
Andhra Pradesh, India - 522516.

 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : Yes
 ICS/OT Audits : Yes
Govt. : 4
PSU : 16
Private : 32


ICS/OT Audits: 2
CISSPs : 0
BS7799 / ISO27001 LAs : 3
CISAs : 0
DISAs / ISAs : 0
[ CEH, ECSA, CCNA, CCNP, SANS, ] : 32

ESF Labs Limited Information Information security
Security
1. Anjaneyulu (Anil) A 8 years 20+ years ISO 27001 Lead Auditor
of Information Security,
ISO 37001 Enterprise
Risk Management,
Certified Forensic
Examiner (ACE), Mobile
Phone Forensic Examiner,
CISCO certified
Professional (CCNP,
CCNA, CCSPA) and
Licensed Penetration
Tester (LPT), Certified
Security Analyst (ECSA),
(CEH), Advanced Network
Forensics Professional
(SANS).
2. Sivaram Anisetti 7 years 16+ years CCSP, Certified
Penetration Tester, Sun
Certified Java
Programmer, Certified
Incident Responder,
Digital Forensics Analyst
3. M. Krishna Reddy 5 years 15+ years ISO27001 LA,CEH, ECSA,
ITIL V3, Rational App
Scan, ISTQB, SABSA
Foundation, HADOOP
Security
4. K Srinu 7 years 13+ years B.Tech
5. G. Thirumaleswari 3+ years 12+ years M.Tech., (Ph.D) in
6. Ravi Kiran Raghava 2+ years 11+ years ISO 27001 LA, MS in
Kunder Computer and
Information Security,
CEH, Qualys guard
certified specialist in
vulnerability management
7 Sureka 6 years 6+ years M.Tech
8. Phani Kumar 5 Years 5 years M.Tech
9. Pavan Kumar 6 Years 6 Years B.Tech , CEH
10. Anusha 1 year 3+ years B.Tech
11. M. Sai Prasanna 4 years 4+ years M.Tech in Cyber Security
Laxmi & Digital Forensics
12. Kota Sri Parvathi 3 years 3+ years M.Tech in Cyber Security
& Digital Forensics
13. Y. Pakeera Reddy 3 years 3+ years B.Tech
14. Ramya 3 years 5+ years B.Tech
15. Sai Teja 1 years 1+ Years B.Tech
16. Arya Tripati 2 years 5+ years M.Tech in Cyber Security
& Digital Forensics
17. Bhavana 4 years 4+ years M.Tech in Cyber Security
& Digital Forensics
18. Pujitha 4 years 4+ years M.Tech in Cyber Security
& Digital Forensics
19. Triveni 4 years 4+ years M.Tech
20. Sahithi 4 years 4+ years B.Tech
21. Pravallika 4 years 4+ years B.Tech
Pharmaceutical companies: 3
 Network VAPT
 Web Application Security testing
 SOC service
 Emergency Response
 HIPPA Audit
One of the Financial Services Sector in India:
 Incident Response Service

 SOC Service
 Application and network VAPT
One of the Banks recognized by RBI in India:
 PCIDSS audit
 SOC Service
 Emergency Response Services
 Web and Mobile VAPT
Commercial Tools: Acunetix, Nessus Professional, Fortify, Genymot1ion, SonarQube, Burpsuite

Professional, Checkmarx, Aircrack-ng, FTK, AD Enterprise, EnCase, Qualys
Freeware: Kali Linux, Wireshark, Burpsuite, OWASP ZAP, SQL Map, SSL Digger, Metasploit,
Web developer & cookie editor tools, Postman, Fiddler, Social Engineering Toolkit (SET),
MobSF,Hydra, OSINT Tools, Nmap


*Information as provided by ESF Labs Limited on 19 May 2022.
Back
M/s Eventus Techsol Pvt Ltd
Eventus Techsol Pvt Ltd

1403, Cyberone, Sector 30- A, Plot 4 & 6,
Vashi, Navi Mumbai 400703
 Network security audit (Y/N): Yes

 Web-application security audit (Y/N): Yes
 Wireless security audit (Y/N): Yes
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N): No
 ICS/OT Audits (Y/N): No
 Cloud security Audits (Y/N): Yes
 Red Teaming (Y/N): Yes
 Managed XDR (Y/N): Yes
 Managed SOC (Y/N): Yes
 Breach & Attack Simulation (Y/N): Yes
 Source Code Review (Y/N): Yes
Govt. : 5+
PSU : 15+
Private : 15+


DevSecOps Assessment and Implementation: 5+
Red Team Assessments: 5+
Breach and Attack Simulations: 5+
Source Code Reviews: 5+
Cloud security Audits: 5+
CISSPs : 2
CISA: 1
BS7799 / ISO27001 LAs : 1
OSCP: 2
CEH: 10+
ECSA: 1
CHFI: 1
CCSK: 1
CRTP: 1
AWS Solutions Architect – Associate: 3
AWS Security Specialty – 1
Name of Duration with Experience in Qualifications

S.
Employee <organization> Information related to
No.
1 Manish Chasta 1.1+ years 16+ years CISSP, CHFI, ITIL
CISSP, CISA, ISO
27001 LA, Diploma in
Cyber Law, AWS
Dominic
2 2.9+ years 30+ years Security Specialty,
Fernandes
AWS Certified
Solutions Architect –
Associate
OSCP, OSWP,
eCPPTv2, CompTIA
Pentest+, Pentester
Academy DevSecOps
Professional, CEH,
3 Jay Thakker 1.2+ years 5.9+ years ECSA, CHFI, CAST-
613, AWS Certified
Solutions Architect –
Associate, Google
Cloud Professional
Cloud Architect
CISM, ICSI Certified
Network Security
Specialist, OSCP, AWS
4 Deepak Pandey 4 months 9+ years Certified Solutions
Architect – Associate,
AWS Security
Specialty
5 Nikhil Raut 5 months 5+ years ME (IT)
CISE (Certified
Expert), Trend Micro
Certified (ApexONe,
6 Pravin Singh 2.9+ years 4+ years Deep Security), Red
Team Operation-Initial
Access, CRTA
(Certified Red Team
Analyst)
Sr.
Category Brief Description of Work Additional Info
No
We also manage their

1 Private Providing 24x7 SOC and MXDR services. Incident Response
activities.
We are also providing web
Providing Vulnerability Assessment and
2 Private application penetration
Configuration Assessment services.
testing.
Providing Cloud Security Posture

We are also providing 24x7
3 Private Management Assessment, Application
SOC and MXDR services.
Penetration and Source code review.
Microfocus Fortify
Picus
Scythe
Trend Micro DDAN
Tenable Nessus
OpenVAS
SoapUI
sqlmap
Metasploit
Wireshark
sslscan
nmap
MISP
netcat
MobSF
objection
sysinternals
winhex
ecomirage
fiddler
spiderfoot
findsecbugs
browser extensions
scouitsuite


*Information as provided by Eventus TechSol Pvt Ltd on 24th May 2022
Back
M/s G-Info Technology Solutions Pvt. Ltd.
G-Info Technology Solutions Pvt. Ltd.

Plot No. 144, 3rd Floor, Pocket-11, Sector-24, Rohini,Delhi-110085
 Network security audit (Y/N)

Y
Y
 Wireless security audit (Y/N)
Y
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N)
Y
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N)
Y
 ICS/OT Audits (Y/N)
Y
 Cloud security Audits (Y/N)
Y
 Mobile Application Security Audits(Y/N)
Y
 Ransomware Assessment(Y/N)
Y
 Cyber Forensic Audits(Y/N)
Y
 Compromise Assessment(Y/N)
Y
 Dark Web Assessment(Y/N)
Y
 Thick Client Assessment(Y/N)
Y
 Red Teaming Assessments(Y/N)
Y
 Source Code Reviews(Y/N)
Y
 Secure SDLC Review (Y/N)
Y
 BCMS Audits (Y/N)
Y
 Physical Access Controls & Security testing (Y/N)
Y
 Software Vulnerability Assessment (Y/N)
Y
 Information Security Testing (Y/N)
Y
 IOT Devices Penetration Testing(Y/N)
Y
 Cyber Security Monitoring & Incident Review (Y/N)
Y
 Active Directory Security Assessments (Y/N)
Y
 Email Phishing Audits(Y/N)
Y
Govt. : <NIL>
PSU : <301>
Private : <764>


Wireless security audit: <nil>
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): < 181 >
ICS/OT Audits: <02>
Email Phishing Audits <300>
Red Team Assessments <07>
Mobile Application Security Audits <28>
Active Directory Penetration Testing <01>
BCMS Audits <05>
CISSPs : <00>
BS7799 / ISO27001 LAs : <04>
CISAs : <01>
DISAs / ISAs : <00>
Any other information security qualification: <PCI DSS Implementor 02,
OSCP 01, CEH 03, Certified Incident Handler 01 >
S. Name of Employee Duration with G- Experience Qualifications

No. Info Technology in related to
Solutions Pvt. Ltd. Information Information security
Security
1 Naveen Dham  4 Years 8 Months 18 + Years CISA, CEH, ISO
27001 LA, PCIDSS
2 Dheeraj Sharma 2 Years 7 months 16 + Years ISO 27001 LA,
PCIDSS, Certified
Incident Handler,
Six Sigma & Prince 2
Certified
3 Mohd. Azam 2 Years 7 months 10+ Years Trained Certified
Ethical Hacker
4 Amolak Singh 4 Months 14 + Years
5 Jawahar Dhawan 3 Months 12 + Years ISO 27001 LA
ISO 27001 LI
6 Samiran Santra 4 Months 6 + Years CEH
7 Ishan Saha 6 Months 8 + Years CEH & OSCP
8 Soundarya 9 Months 1.5 + Years ISO 27001 LA
Chandrashekhar Khadake
9 Dharmendra Yadav  8 Months 3 + Years Certified Android
Penetration Tester,
Trained Certified
Ethical Hacker,
Certified API
Security Tester
10 Shivam Kulshrestha 8 Months 2 + Years Trained Certified
Ethical Hacker
11 Rishav Kumar 8 Months 2 + Years Trained Certified
Ethical Hacker
12 Pritam Pratap Nipanikar 8 Months 1.5 + Years Trained Certified
Ethical Hacker
Project Type :- Cyber Risk Assessment for one of the Largest Conglomerate in India
Total Locations : 9 Entities having Total of 14 Locations
Scope Complexity :-
1. Red Team Assessment of all the entities
2. Penetration Testing of
a. Web Applications,
b. Android Applications,
c. IOS Applications
d. Cloud Networks
e. Firewalls
f. Switches
g. Routers
h. End Points
3. Information Security Compliance Assessment based on

a. NIST Standard
b. CIS Standard
c. ISO 27001 Standards
4. Alignment Of Cyber Security Risks with the Business Risks
5. Business Continuity Management Systems Review
6. Consultation on the closure of Identified Gaps
7. Re-Assessment of the Infrastructure to validate the closures
8. Submission of Cyber Security Maturity Road Map for next 5 years.
9. Deploying the Cyber Security Resources for Ongoing assessments
Project Value :- 77.74 Lacs
Free Commercial Proprietary

war
e
Wireshark/ Ettercap Dsniff Nessus Pro GISPL
TCPDump Proprietary
penetration
Tools
Kali Linux Ferret Lynis Burpsuite Pro Python
Developed
Scripts
Nmap/ Zenmap Hamster NSLookup
Sqlmap IP scanner Netcat
Nikto Yersinia OmegaDB
Hydra Ethereal OpenZap
John the Ripper Echo Mirage OpenVAS
Putty WebScarab Hping
Whois Tor’s Hammer Fiddler
Scapy W3af SSLTest
Pyloris Sparta HTTPMaster
LOIC Directory Buster Curl
CSRF Tester SMTP Ping WireEdit
Ollydbg Hash-Identifier Process Hacker
MBSA Cisco Auditor Armitage
TestSSLServer SysInternals Open SSL
Suite
Python / Powershell Santoku Linux Browser
Scripts Plugins
Qualys SSL Genymotion MobSF
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No No

11. Whether organization has any Foreign Tie-Ups? If yes, give details: Yes/No No
12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No No

13. Locations of Overseas Headquarters/Offices, if any : Yes/No Yes
We have our Branch Office in USA at below address
G-Info Technology Solutions Inc.

13731 Monarch Vista Drive
Germantown Maryland 20874
United States
*Information as provided by G-Info Technology Solutions Pvt. Ltd. on 13.05.2022
Back
M/s IHUB NTIHAC Foundation (C3iHub)
IHUB NTIHAC Foundation (C3iHub),

C3I BUILDING, I I T CAMPUS KALYANPUR Kanpur,
Uttar Pradesh, 208016 India
• Network security audit: Y

• Web-application security audit: Y
• Wireless security audit: Y
• Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): Y
• Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): N
• ICS/OT Audits: Y
• Cloud security Audits: Y

Govt.: 0
PSU: 2
Private: 4
Total Nos. of Information Security Audits done: 6


ICS/OT Audits: 0
6. Technical manpower deployed for information security

audits:
CISSPs - 0
BS7799 / ISO27001 LAs - 2
CISAs -1
DISAs / ISAs-0
CEH -3
EJPT-1
ICSI-4
MTA-1
CPT-1
Center for Development Technical Education (CDTE)-1
Advanced Certification in Cyber Security and Cyber Defense (CSCD)-3
Palo Alto Network Cybersecurity-1
Advanced Cyber Sec-1
Practical Ethical Hacking by TCM Security-1
7. Details of technical manpower deployed for information security audits in Government

and Critical sector organizations (attach Annexure if required)
Serial Name of Employee Duration with Experience in Qualifications related to
No. C3iHub Information Information security
Security
1 Shubham Pandey 44 Months 44 Months CDTE-Computer Systems
Security
2 Shiv Bihari Pandey 38 Months 38 Months e. Masters in CyberSecurity
(Pursuing)
3 Shivam Verma 18 Months 18 Months EJPT
4 Lohitya Pushkar 18 Months 18 Months CEH, CSCD
5 Sravan Kumar 12 Months 43 Months CEH
6 Gokul 7Months 20 Months Practical Ethical Hacking by
TCM Security
7 Shubham 7 Months 14 Months CISEH by Pristine
8 Ansh Vaid 7 Months 7 Months MTA in Security Essentials
and Network Essentials
9 Deepak Balodiya 4 Months 16 Months CEH
10 Rajat 4 Months 4 Months ICSI (CNSS)
11 Deep Solanki 4 Months 4 Months Palo Alto Network
cybersecurity,
Advanced Cyber Sec
12 Anisha mol 4 Months 4 Months ICSI(CNSS) &
ICSI(CyberSecurity)
13 Winay Mayekar 1 Month 1 Month
14 Akhilesh P 1 Month 5 Months CPT
15 Sandeep V 2 Months 2 Months Fortinet Network Security

Expert
ICSI(CyberSecurity)
16 Ganesh Teja 2 Months 2 Months Fortinet Network Security
Expert
ICSI(CyberSecurity)
17 Deepak Aheer 3 Months 5 Months
18 Vishnu Shanar 1 Month 1 Month
Chatterjee
Audit for a PSU above Rs. 3 Crores. Infrastructure contains 4000+ assets with 300+
Network Devices handling 16TB per day
Serial Tool/Framework Type
No.
1. Burp Suite Commercial,
Community Edition
2. IDAPro Commercial,
Community Edition
3 NMAP Open Source
4. ADB Open Source
5. MobSF Open Source
6. Metasploit Open Source
Framework
7. Sonar cube Community Edition
8. Genymotion Open Source
(Custom Phone,
Android API: 7.1 -
25)
9. Nessus Community Edition
10. APKtool Open Source
11. IDAFree Open Source
12. Ghidra Open Source
13. Immunity debugger Open Source
14. Prowler Open Source
15. Acunetix Community Edition
16. Owasp ZAP Open Source
10. Outsourcing of Project to External Information Security Auditors / Experts: - No
12. Whether organization is a subsidiary of any foreign based organization? : -No
13. Locations of Overseas Headquarters/Offices, if any:- No
*Information as provided by IHUB NTIHAC Foundation (C3iHub) on 28-9-2022
Back
M/s Indusface Pvt Ltd
Indusface Pvt Ltd

Head Office
A-2/3, 3rd Floor, Status Plaza,
Opp. Relish Resort,
Atladara Old Padra Road,
Vadodara - 390020
Gujarat, India.
Other Locations:
Mumbai
1401, 14th Floor,
Cyber One Building,
Sector 30A, Plot No. 4 & 6,
Near CIDCO Exhibition Center,
Vashi, Navi Mumbai - 400 703,
Maharashtra, India
Delhi
Regus Serviced Office,
2F, Elegance,
Jasola District Center,
Old Mathura Road,
Delhi - 110 025, India
Bengaluru
Indiqube - Hexa Building,
3rd Floor, "A" Wing,
Survey No. 218/A, Sector - 6th,
Near Lawrence High School,
HSR Layout,
Bengaluru - 560102,
Karnataka, India.
2. Carrying out Information Security Audits since : 07-03-2012

 Mobile application security (Y)
 API Security (Y)
 Vulnerability Assessment (Y)
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y)
Govt. : 5
PSU : 5
Private : 1490

Mobile application security: 150+
API Security: 100+
Offensive Security Certified Professional (OSCP) – 2+

Data Security Counsel of India Lead Privacy Accessor (DCLPA) – 1
CEH – 5+
CHFI – 5+
CCNA – 5+
ISO 27001 LA – 2
CCSK – 2
S. Name of Employee Duration Experience in Qualifications related to

No. with Information Information security
Indusface Security
1. 1.2 years
Gaurav Gera 4 Years
2. 1.2 years
Kush Sharma 1.2 Years
3. 6 years
Pramod Shinde 7.2 Years ECSA, CPH, CPFA, CISC
4. 5 months
Prasheek Kamble 5 months CEH
5. 7.10 years
Pratik Kharat 7.10 Years CEH
6. 1.5 years
Pratik Patil 4.10 Years OSCP, CEH, ICSI
7. 1.5 years
Rajesh Kumar 2.6 Years CEH, Advance PT, CNSS,
8. 1.3 years
Tejal Patel 1.5 years CCNA,
9. 2.5 years CEH, CHFI, ISO 27001

Tathagat Biswas 2.3 years
LA, CCSK
10. 4 Years
Ruksar Pathan 5 years B.E (EXTC)
11. 3.5 years

Vaishali Rane 5 years B.E., ECSA
 Large Life insurance company with over 150+ applications and API worth over 50 Lacs.
 Large Enterprise with diversified businesses with over 80 web applications, 20 Mobile & 50
API security assessments worth over 50 Lacs.
 Large Financial Institution with over 60 web applications, 20 Mobile & 50 API security
assessments worth over 75 Lacs.
 Large General Insurance company with over 100 web applications & API security
assessments worth over 75 lacs.
 Large Manufacturing company with over 100 web, mobile application & API security
assessments worth 50+ Lacs.
 Leading IT services company with over 100 web applications worth 50+ Lacs
Freeware
 Nikto
 SQLMap
 DirBuster
 Nmap
 Kali Linux
 Xposed Framework
 MobSF
 Frida
 Drozer
 Droney
 AndroBugs framework
 Apktool
 Java Decompiler
 iFubBox
 Ghidra
 InsPackage
 OTool
 PostMan
Commercial
 Burp proxy Professional
Proprietary
 Indusface web application scanner (WAS)
 Other custom scripts

611 Gateway Blvd Suite 120,

South San Francisco,
CA - 94080,
United States of America
*Information as provided by Indusface Pvt Ltd on September 29th, 2022
Back
M/s Infopercept Consulting Private Limited
Infopercept Consulting Private Limited

Location: 3rd floor, Optionz Complex, Opp. Hotel Regenta, CG Road,
Navrangpura, Ahmedabad - 380 009, Gujarat, INDIA.

 Web-application security audit (Y/N) – Yes
 Mobile-application security audit (Y/N) – Yes
 Red Team Audit (Y/N) – Yes
Govt.: Nil
PSU (including Financial Institutions): 3
Private: 60+ (including organizations with PSU & Credit Rating Agency as Key
Stakeholders)
5. Number of audits in last 12 months, category-wise (Organization can add categories based on
project handled by them)

Mobile-application security audit: 10+
Red Team Audit: 10+
ICS/OT Audits: 8
CISSPs: 2
BS7799 / ISO27001 LAs: 3
CISAs: 3
DISAs / ISAs: 2
Any other information security qualification: 5 (CEH, LPT,eWPTX)
Sr. Name of Duration Experience in Qualifications related to

No. Employee with Information Information security
Organization Security
1. Jaydeep Ruparelia 7 Years 18 Years CISSP, ISO 27001, CEH,
CSA
2. Deepak Bhavsar 6 Years 15+ Years CISSP, CISA, DISA, ISO
27001
3. Pooja Bhavsar 6 Years 10+ Years CISA, DISA, ISO 27001
4. Satykam Acharya 6 Years 10+ Years RHCSA, RHCE, MCP, AWS

Certified Solution Architect
5. Jainam Vora 4 years 3 Years BSc IT, AWS Security,
Wazuh SIEM, Splunk SIEM
6. Kalpesh Panchal 4 years 12+ years NSE & Data Protection
7. Shrey Swami 3 Years 3 Years MSc. ITIMS, AWS Technical

Professional, NSE 1 & 2,
CEH, Splunk Fundamental,
Wazuh – SIEM, ICS Cyber
Security Threats.
8. Shubham Kumar 3 Years 3 Years B. Tech, CNSS, NSE
9. Naman Suthar 1 Year 1+ Years BCA, Star Ethical Hacking

Expert, Star Certified
DevOps Expert, Star Python
Professional
10. Nisarg Shah 1 Year 1+ Years B. Tech in IT, CCNA, AWS
Addressing Security Risk,
CEH, Sumo Logic-SIEM
11. Meet Saparia 1 year 1+ Year B.Sc IT, Wazuh-Security
Engineers, Sumo Logic -
SIEM
12. Raziq Kadri 1 year 1+ Year M.Sc IT, RHCSA, ICSI CNSS,
CSCU, CompTIA IT
Fundamentals, CompTIA
N+, CEH, Cisco
Certifications
13. Harsh Mehta 1 Year 1+ Year B. Tech, CCNA, AWS
Fundamentals, Sumo Logic
– SIEM, CEH
14. Pranali Oza 1 Year 1+ Year M.E, ICSI, CNSS, Splunk –
SIEM and Sumo Logic -
SIEM
15. Dhaval Shah 4 years 4+ Years APT, ITC, CSF
16. Raju Kumar 1 Year 4+ Years B. Tech in IT, eWPTX v2.0
17. Roshan Kumar 2 Years 2 Years B.E, Sumo Logic – SIEM

Sinha
18. Namrata Patel 1 Year 1 Year B.E, Sumo Logic – SIEM,
Splunk – SIEM, Managing
Cybersecurity Incidents, and
Disasters,
19. Ravi Patel 3 Years 3 Years M Sc. ITIMS, Wazuh – SIEM
Sr. Name of Duration Experience in Qualifications related to
No. Employee with Information Information security
Organization Security
20. Rutu Talati 1 Year 1 Year M. Sc in Info Security,
Fortinet NSE I & II, Splunk
Foundation,
etc.) along with project value:
Infopercept respects and bounded by its non-disclosure and confidentiality agreement with
customers sincerely and therefore we are not in position to share the said information. We
may provide the requisite details to the concerned for reference check, post customer
confirmation of sharing such information sought.
We have been engaged by a large organization with global offices, institutions regulated by
RBI/ Ministry of Finance to provide various cyber security audit and consulting services. We
perform application, infrastructure security penetration test (Offensive Security Practices),
including manual and automated tool techniques to uncover potential security issues.
Industry Sectors Served:
 Banking Financial Services Industry – Banks, NBFCs, FinTech, Insurance, Stock

Broking,
 IT & ITES and BPO-KPO,
 Education Technologies,
 Infrastructure,
 Manufacturing – Dairy, Automobile, Chemicals, Food Industry, Textile, etc.
 Lifesciences & Healthcare,
 Energy & Resources - Power,
 Retail,
 Consulting & Others.
Geographies served apart from India: United States of America, United Kingdom,
European Union, Gulf Cooperation Council, South-East Asia and Africa.
The list of tools below is for illustrative purposes, additional tools and techniques may be
deployed based on the customer/ engagement requirements:
Type of Tools Name Suggested Application/ Particulars

Commercial Invinsense OODA, ODS, RBAS & GSOS
Tools BurpSuite Professional Penetration Testing / Web Application
Scanning
Hacker Guardian Infrastructure Scanning
Tenable Nessus Professional Infrastructure Scanning
SonarSource Source Code Analysis
Sn1per Professional OSINT and Infrastructure Scanning
Spider Foot OSINT
Freeware/ Open Mobile Security Framework Mobile Application Security Testing
Licences Multiple tools from Kali Penetration Testing, Web Application
Linux Framework – Scanning
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No (
If yes, kindly provide oversight arrangement (MoU, contract etc.))
Note: Entity is in process of Registration/ Empanelment.

Location Address
United Kingdom Infopercept Consulting Services UK Ltd

(Branch office) 71-72, Shelton Street, London, Greater London, United Kingdom,
WC2H 9JQ
Sri Lanka Infopercept Consulting Lanka (Pvt.) Ltd.

(Branch office) 1/13A, 3rd Lane, Ambagahapura, Maharagama, Sri Lanka.
*Information as provided by Infopercept Consulting Pvt. Ltd. on May 24, 2022
Back
M/s INNOWAVE IT INFRASTRUCTURES LIMITED
INNOWAVE IT INFRASTRUCTURES LIMITED

Location: 210, 2ND FLOOR, Dalamal Tower, Mumbai, Mumbai City,
Maharashtra - 400021
2. Carrying out Information Security Audits since : February 2016
 Network security audit (Y/N): YES

 Web-application security audit (Y/N): YES
 Wireless security audit (Y/N): YES
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N): YES
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N): NO
 ICS/OT Audits (Y/N): NO
 Cloud security Audits (Y/N): NO
 Mobile application security Audit (Y/N): YES
Govt: 0
PSU: 0
Private: 19
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)

ICS/OT Audits: 0
Mobile application security Audit: 1
CISSPs: 0
BS7799 / ISO27001 LAs: 4
CISAs: 0
DISAs / ISAs: 0
Certified Ethical Hacker (CEH): 1
S. Name of Employee Duration with Experience Qualifications

No. Innowave IT in related to
Infrastructures Limited Information Information
Security security
1 Swaminathan > 1 Year 13 Years ISMS LA
Nagarajan
2 Bhushan Mahajan > 7 years 7 Years ISMS LA
3 Harish Kulkarni < 1 year 10 Years ISMS LA
4 Shubham Patil < 1 year 11 Months CEHv11
5 Yogita Zagade < 1 year 2 Years ISMS LA
Lifenity Wellness International Web application Vulnerability Assessment and

Limited Penetration Testing (VAPT)
(Healthcare Solutions Company) Mobile Application Security Assessment
Network Security Assessment
Information Security Management System (ISMS)

consisting of:
 Business Objectives, Governance and Policy

 Data Protection
 Security Risk Management
 Access Management
 Organization and Resources
 Business continuity Policy
 Security Architecture
 Security Awareness and Training
Sr. No. Name of tool (commercial/ freeware/proprietary):
1 BurpSuite Commercial
3 Nmap Freeware
4 Metasploit Freeware
6 OpenVAS Freeware
7 OWASP ZAP Freeware
8 Postman Freeware
9 SQLMAP Freeware
10 Dirbuster Freeware
11. Whether organization has any Foreign Tie-Ups? If yes, give details: NO
12. Whether organization is a subsidiary of any foreign based organization? NO

13. Locations of Overseas Headquarters/Offices, if any: NO

*Information as provided by INNOWAVE IT INFRASTRUCTURES LIMITED on 29th September
2022
Back
M/s Inspira Enterprise India Limited
Inspira Enterprise India Limited,

23, Level 2, Kalpataru Square, Kondivita Lane, Off Andheri Kurla Road,
Andheri East, Mumbai 400059. Maharashtra

Audit Assessments
 Network security audit (Y/N) – Y

 Web-application security audit (Y/N) – Y
 Wireless security audit (Y/N) – Y
 Security Awareness Trainings (Y/N) - Y
 Web And Mobile Application Security Testing (Y/N) - Y
 Vulnerability Assessment (Y/N) - Y
 Incident Management and Response (Y/N) - Y
 Reverse Engineering and Forensic Assessment (Y/N) - Y
 Building and maintaining Security Operations Centre (SOC) (Y/N) - Y
 Managed Detection And Response (Y/N) - Y
 Physical Access Controls and Security Testing (Y/N) - Y
 International Cyber Security Framework (Y/N) - Y
 Network , Server and firewall security testing (Y/N) - Y
 Managed Security Services (MSS) (Y/N) - Y
Govt. : 1
PSU : 5
Private : 21
5. Number of audits in last 12 months , category-wise (Organization can add categories based

Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): 5000+ API
and 10+ payment gateway testing
ICS/OT Audits: 3
CISSPs : 14
BS7799 / ISO27001 LAs : 13
CISAs : 5
DISAs / ISAs : 0
CEH: 100
CTRP: 1
OSCP: 7
Any other information security qualification: 550+

No. Employee <Inspira> Information Security to Information security
1 Mukul Kulshetra 5 yrs 14 yrs CISSP, CISA, CCNA.
ccsp
2 Yogesh Redkar 6 yrs 15 yrs CISSP, CISA, ISO
2700, PCNSE
3 Neethu Anto 2 yrs 7 yrs CEH, OSCP,
4 Delson Dsouza 1 yr 2 yrs CEH, CPTE, OSCP,
CRTP
5 Pranay Salvi 2 yrs 6 yrs BE
6 Snehal Mane 2 yrs 5 yrs CISSP, CISA, OSCP
7 Vishal Tandel 2 yrs 6 yrs CPTE, CISEH
8 Ajay Kori 1 yrs 4 yrs CPTE, CISEH
9 Devansh Dubey 1.5 yrs 2 yrs CEH, RHCSA
10 Vijay Kodag 1 yrs 1 yrs CPTE, CISEH
11 Bhargav Tandel 6 months 10 yrs CCNA, CNSS, Qualys
Certified
12 Santosh Pai 6 months 23 Yrs CISSP
13 Jay Sharma 8 months 3 yrs AWS Certified
1. ISO 27001 Assessment for one of the leading enterprise customers in India ,
where we helped the customer to do an internal audit and help the customer to
be ready for the external audit. Customer has multiple facilities in India and is
head quartered in Mumbai. Value of the assessment is in the range INR 11L
2. Audit for one of the largest real estate companies in the Middle East, where we
helped the customers with an assessment of their infrastructure, internal and
external vulnerability identification through our Offensive security exercise.

 Tenable Nessus
 Nexpose Rapid7
 QualysGuard
 Kali Linux
 SQL Map
 Wireshark
 Metasploit
 ZAP
 Fiddler
 Nikto
 Netsparker
 Drozer
 MobSF
 Accunetix
 Appknox
 Appscan
 NMAp
 AircrackNG
 Winhex
 Social Engineer Toolkit
 Orca Security
 Palo Alto Prisma

Inspira has Partnerships which are combination of Strategic and Reseller with
International product OEMs such as Rapid7, Tenable, Microfocus, RSA – Archer (IT
GRC) etc. to provide us with the required products for our client engagements for
assessments.

Provide list of our offices out side India
Inspira Enterprise India Limited is an Indian MNC with offices in:

1. Dubai
2. Abu Dhabi
3. Kenya
4. Singapore
5. Philippines
6. Indonesia
7. United States of America
*Information as provided by <Inspira Enterprise India Ltd.> on <25/06/2022>
Back
M/s iSec Services Pvt. Ltd.
iSec Services Pvt. Ltd.

607-608, Reliable Business Center,
Anand Nagar Jogeshwari (W),
Mumbai 400102,
INDIA
email: contactus@isec.co.in
 Network security audit (Yes)

 Web-application security audit (Yes)
 Wireless security audit (Yes)
 Compliance audits (ISO 27001, PCI, etc.) (Yes)
 Cloud security Audits (Yes)
Govt. : <0>
PSU : <5>
Private : <10>
Total Nos. of Information Security Audits done :15

Compliance audits (ISO 27001, PCI, etc.) : <9>
BS7799 / ISO27001 LAs : <3 >

Any other information security qualification: <3>

1 Mayur Khole >4 years >4 years ISO LA 27001:2013
2 Naman Chaturvedi >4 years >4 years ISO LA 27001:2013
3 Swapnil Bobale 2 Years 2 years CEH v8.0
4 Deepak D.R. >2.5 years >2.5 Years CEH v7.0
5 Jyoti Shankar >5 years >5 years ISO LA 27001:2013
Singh
6 Sunil Raidu >2.5 years >2.5 Years CEH v7.0
Client Name: Syntel Ltd.

Locations covered: Mumbai (2 locations), Pune (2 locations), Chennai (2 locations) and Gurgaon (1
location)
Scope: ISMS Compliance Audits on daily basis for a year, Handling U.S. Clients audits at locations,
imparting training sessions to employees in reference to Information Security at regular Intervals,
Doing Risk Assessment at annual basis, Transition done from ISO 27001:2005 to ISO 27001:2013,
DR and BCP drills for each account.
Manpower Deployed: 3 resources (one each at Mumbai Chennai and Pune).
Project Value: INR 50 lacs.
Commercial:
 Burp Suite Pro
Freeware:
 Nmap
 Nikto
 Metasploit
 OpenVas
 Wireshark
 Crowbar
 Nessus
 Webscarab
 Paros
 Wapiti
 Nemesis
 NetCat
 Brutus
 GrendeIscan
 Havij
 Hydra
 Httprint
 Hydra
 W3af
12. Whether organization is a subsidiary of any foreign based organization? If yes, give details: No
*Information as provided by iSec Services Pvt. Ltd. on 21/6/2022
Back
M/s ISOAH Data Securities Pvt Ltd
ISOAH Data Securities Pvt Ltd

Location: SDF Building, 2nd floor, room 335, Sector 5, Salt Lake, Kolkata
700091

 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): Y
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): Y
 ICS/OT Audits: Y
 Cloud security Audits: Y
Govt.: 2
PSU:
Private: 34

ICS/OT Audits: 2
CISSPs: 1
CISA: 1
OSCE: 1
OSCP: 1
BS7799 / ISO27001 LAs: 5
CEH : 8
CHFI : 2

No. ISOAH Information Security Information security
1 Sandeep Sengupta 6.5 years 22.5 years CISA, ISO 27001 Lead
Auditor, CEH, ISO
22301 lead auditor, BS
10012 Data Protection
& Privacy implementor
(BSI), ISO 31000 Risk
Management
Implementer (BSI)
2. Kamalika Chandra 6.5 years 17 years Lead Auditor ISO
27001
3. Gulab Mondal 5.5 years 6.5 years CISSP, OSCE, OSCP,
CEH
4. Sanchayan Bhaumik 6.5 years 9.5 years CEH, CHFI
5. Amrita Acharya 4 years 4 years ISO/IEC 27001:2013
Lead Auditor
6. Somdeb 3 years 3 years CEH, CHFI, CCNA
Chakraborty
7. Saugata Sil 1.5 year 1.5 year CEH
8. Samyajit Mukherjee 3 years 3 years ISO 27001 Lead
Auditor
9. Roshan Pratihari 1 year 1 year CEH
10. Arindam Manna 1 year 1 year CEH
11. Shara Chettri 1 years 2 years ISO 27001 Lead
Auditor
12. Partha Pratim 5 months 5 months CEH
Chakraborty
13. Anik Roy 3 months 1 year MSc (Forensic Science)
14. Pankaj Kumar Roy 9 months 7 years CCNA
We have more full-time auditors in our team. But only the above people are deployed in Govt Projects.
Audited ESL (Vedanta) Bokaro and helped them to improve their cyber security maturity grade
from “D” to “B” in the group audit. Helped several companies to recover from cyber security
incidents including leading media house in India.

Nmap, Nessus, Kali Linux, Metasploit, SQL Map, our own python scripts
10. Outsourcing of Project to External Information Security Auditors / Experts: Never outsource. All
projects handled by in-house CISSP, OSCE, CISA certified resources.

*Information as provided by ISOAH Data Securities Pvt Ltd on 28.09.2022*
Back
M/s KERALA STATE ELECTRONICS DEVELOPMENT CORPORATION LIMITED (KSEDC) –

KELTRON
KERALA STATE ELECTRONICS DEVELOPMENT CORPORATION LIMITED

(KSEDC) – KELTRON
Information Technology Business Group
Keltron House, Vellayambalam
Thiruvananthapuram 695 033
Website: www.keltron.org
Phone : 0471-4094444, Ext:602
Email : cisa@keltron.org
 Network security audit -Yes

 Web-application security audit -Yes
 Wireless security audit -Yes
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) -Yes
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) -Yes
 ICS/OT Audits -No
 Cloud security Audits -Yes
Govt. : 8
PSU : 12
Private : NIL

Wireless security audit: NIL
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): NIL
ICS/OT Audits: NIL
Cloud security Audits: NIL
CISSPs : NIL
BS7799 / ISO27001 LAs : 5
CISAs : NIL
DISAs / ISAs : NIL
Any other information security qualification: EC-Council CEH - 2

No. KSEDC Information Security Information security
1 Aswathi Mohanan 15+ 7 RHCE, CEH, ITIL,
Certified Lead Auditor
ISMS
(ISO/IEC 27001:2013)
2 Sameera M 15+ 7 NSE, ITIL, Certified
Lead Auditor ISMS
(ISO/IEC 27001:2013)
3 Rinaz Sherif M 1+ 7 NSE, ITIL, Certified
Lead Auditor ISMS
(ISO/IEC 27001:2013)
4 Arjun S 3+ 7 RHCE, ITIL Foundation
Certificate in IT Service
Management.
5 Aruvi A M 1+ 2 CEH
6 Ammu Kripalal 1 2 CCNA Exploration.
Accessing WAN
7 Vilbi Raju 15 7 NSE,RHCE, ITIL,
Certified Lead Auditor
ISMS
(ISO/IEC 27001:2013)
8 Seena J R 10+ 7 NSE, ITIL, Certified
Lead Auditor ISMS
(ISO/IEC 27001:2013)
9 Aswin V 10 7 RHCSA, NSE, Certified
Lead Implementor
(ISO/IEC 27001:2013)
10 Manoj V G 15+ 7 NSE, ITIL, Certified
Lead Implementor
(ISO/IEC 27001:2013)
11 Ajith A Krishnan 5 2 NSE, ITIL, Certified
Lead Implementor
(ISO/IEC 27001:2013)
12 Anoop Sivadasan 5 2 NSE, ITIL, Certified
Lead Implementor
(ISO/IEC 27001:2013)
ISO/IEC 27001:2013 Internal Audit at State Data Center-1, Kerala having 300+ nodes in 3
locations.

Commercial
Tenable Nessus Pro
ZAP Proxy
Nexpose
openvas
Netscan
Vega
Wireshark
Arachni
MobSf
Freeware
Fortify
Qualys
Nikto
Vooki
Sqlmap
Webscrab
Wapiti3
Whatweb
Wpscan
Jhon the Ripper
Aircrack-ng
Kismet
Spooftooph
Wfuzz
Routersploit
Sublister3
Hping3
Metasploit
Netsparker
10. Outsourcing of Project to External Information Security Auditors / Experts: -No

11. Whether organization has any Foreign Tie-Ups? If yes, give details: -No
12. Whether organization is a subsidiary of any foreign based organization? : -No

13. Locations of Overseas Headquarters/Offices, if any : -No
*Information as provided by KERALA STATE ELECTRONICS DEVELOPMENT CORPORATION LIMITED

(KSEDC) – KELTRON on 13-05-2022
Back
M/s Mazars Business Advisors Private Limited
Mazars Business Advisors Private Limited

2nd Floor, 29 Hazarimal, Esplanade House
Somani Marg, Fort, Mumbai, Maharashtra
India 400001
2. Carrying out Information Security Audits since : April 2014

 Mobile application security testing: Yes
 Source code reviews: Yes
 Device (e.g., network device) security audit: Yes
 Secure configuration reviews of servers, network devices, etc.: Yes
 Cyber security technologies (e.g., DLP, SIEM, etc.) audits: Yes
 Compliance Audit as per regulator guidelines (e.g. RBI, SEBI, etc.): Yes
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): Yes
 ICS/OT Audits (Y/N): Yes
 Cloud security Audits: Yes
 Data Privacy Audit/assessment/framework: Yes
 Third party security audits and framework: Yes
 Business Continuity audits: Yes
 Identity and access management audits: Yes
Govt.: 0
PSU: 0
Private: 107+

ICS/OT Audits: 1
Data Privacy and data protection audits: 4
Third party security audits: 3
 CISSPs: 0
 BS7799 / ISO27001 LAs : 6
 ISO 22301: 1
 Certified Information Systems Auditor (CISA): 2
 DISAs / ISAs : 0
 Certified Ethical Hacker: 4
 Offensive Certified Security Professional: 1
 EC-Council Certified Security analyst: 2
 Certified Red Team Professional: 1
 Certified Information Security Expert: 2
 API Security Architect: 1
 Elearn Security Certified Junior Penetration Tester: 1
 BS 10012: 1
 Certified Data Privacy Solutions Engineer: 1
 Microsoft Technology Associate -Security Fundamentals: 1
 Certified Professional Forensic Analyst: 1

1 Dilip Ghosh 3 years 2 20 years CISA (Certified
months Information System
Auditor)
ISO 27001 LA
ITIL V3
2 Ankit S Bagal 1 year 5 months 8 years CISE (Certified
Expert)
CEH (Certified Ethical
Hacker)
API Designer
(Application Program
interface designer)
API Security Architect
(Application Program
interface Security
Architect)
IBM Cloud Essentials
V3 - SEO Fundamental
OSCP
3 Omkar Asgaonkar 1 year 5 months 1 year 5 months CEH (Certified Ethical
Hacker)
ECSA (EC- Council
Certified Security
Analyst)
eJPT (eLearn Security
Junior penetration
tester)
MTA Security
Fundamentals
(Microsoft Technology
Associate for security
fundamentals)
Nessus Deployment -
MSc Cyber Security
4 Pramod 1 year 4 months 1 year 4 months CEH (Certified Ethical
Vishwakarma Hacker)
ECSA (EC- Council
Certified Security
Analyst)
5 Abdul Basit Abdul 1 year 5 months 3 years 6 months ISO 27001 LA (ISO
Aleem Dalvi 27001:2013 Lead
Auditor Information
Security Management
System)
CISC (Certified
Consultant)
CPFA (Certified
Professional Forensic
Analyst)
6 Prerna Mishra 3 months 1 year 3 months ISO 27701 PIMS LI
OneTrust GRC
Professional
Client: A large global IT/ITES service provider having a presence in major countries such as
India, the U.S., Europe (France & U.K.), and Canada. Due to its global presence and clientele
from various industries, the Client is subject to compliance with country/region and sector-
specific Data Privacy laws and regulations. We assisted the client to develop a privacy
requirements baseline across all applicable Privacy laws in India, the U.S., EU, and Canada and
conducted an assessment of documentation and compliance current state. Value – INR 40 lakhs
 Burpsuite
 Nessus
 Nmap
 Sqlmap
 Nikto
 OpenVAS
 Spiderfot
 intrigue
 Maltego
 OSINT
 Shodan
 Wireshark
 Social Engineering
 Metasploit
 Invoke-Obfuscation
 Veil
 Gophish
 Hashcat
 BeEF
 King Phisher
 PowerUp
 BeRoot
 BloodHound
 Mimikatz
 PAExec
 CrackMapExec
 LaZagne
 EvilURL
 Empire Project
 Pupy
 Cloakify Factory
 DNSExfiltrator
 DET
 Powershell-RAT`

*Information as provided by Mazars Business Advisors Private Limited on 13-05-2022
Back
M/s Persistent Systems Ltd.
Persistent Systems Ltd. Bhageerath, 402 Senapati Bapat Road, Pune

411016
 Network security audit (Y/N) Y

 Web-application security audit (Y/N) Y
 Wireless security audit (Y/N) Y
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) Y
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N) Y
 ICS/OT Audits (Y/N) Y
Govt. : 01
PSU : 00
Private : 34

ICS/OT Audits: 00
CISSPs : 00
BS7799 / ISO27001 LAs : 10
CISAs : 04
DISAs / ISAs : 0
CEH V10/ V11- 09
CISM- 01
CHFI- 01
S. Name of Duration Experience in Qualifications related to Information

No. Employee with Information security
Persistent Security
1 Avinash 9.5 years 25 years CCISO, CISM, Lead Auditor, Dip. in
Dharmadhikari Cyber Law, CEH V11
2 Vishal Jogdand 2.8 years 15 years CEH v10, ITIL V3
3 Ashish Dhone 1.9 years 1.9 years CEH v10, CEH Master (Practical), CHFI
4 Niraj Mahajan 0.7 Years 3 years CEH V10
5 Vaibhav 0.8 years 0.8 years CEH V11
Gaikwad
6 Ankur Bakre 0.8 years 0.8 years CEH V11
7 Dinesh 4.5 years 20 years CISA, CEH, ISO 27001:2013 Lead
Pardeshi Auditor
8 Anand Kulkarni 7 years 15 years CEH V11 appearing
9 Mrunmayi 10 years 16 years CISA, Lead Auditor, CEH, GDPR
Kulkarni Implementor, ITIL
10 Kalyani 5 months 8 years CISA, Certificate examination in the
Deshpande prevention of Cybercrimes and Fraud
Management by IIBF
11 Kashmira 4 years 4 years Lead Auditor(ISO 27001 & 22301), PCI-
Kanade DSS, GDPR Implementor
12 Sheetal Sutar 2 years 2 years Lead Auditor (ISO27001)
13 Tanmay 2 years 2 years Lead Auditor(ISO 27001 & 22301)
Nerlekar
14 Tarun Pratap 1.5 months 5.5 years IBM Certified Developer, CISA, ITIL,
Singh AML
15 Shankar 2 months 4 years CEH V10
Padshetti
16 Yathisha R 9 months 6 years ISO 27001 Lead Auditor, SOX, HIPPA,
SOC, Governance Risk & Compliance
17 Shabnam 2 months 4 years CEH V10
Makandar
18 Pavan Kale 7 months 5.5 years CISA, ISO 27001 LA, ITIL
19 Amey Kantak 8 Years 11 Years Cyber Law - Diploma Cyber Law
ISMS – ISO 27001, CNSS
Business Continuity - ISO 22301 LI/A
Quality - ISO 9001 LI , Certified Scum
Lead
Risk Management - ISO 31000 LI
Privacy - GDPR DPO , OTCP-PMA, One
Trust Certified Administrator, GDPR LI/A
Cloud - MS SC-900 and AZ-900, Oracle
OCI Associate, AWS Cloud Practitioner
Process - ITIL V3, ITIL V4
Platforms - Recorded Future Certified
user,
Security Scorecard TPRM
Administrator,
Palo Alto BPA Tool

certified
20 Rama Mate 3 Years 3 Years ITIL 4, ISO 22301 LA, Privacy
Information Management System
(PIMS) & GDPR Lead Implementer
21 Akshay Kolhe 7 Months 6.5 Years ISO 27001 LA, Security Scorecard TPRM
Administrator
22 Ankesh 1.5 Years 1.5 Years MBA-ITBM from Symbiosis International
Samarth University with majors in Information
Security (ISACA based curriculum),
Security Scorecard TPRM Administrator
23 Mridul Mandal 1 Years 1.5 Years MBA-ITBM from Symbiosis International
University with majors in Information
Security (ISACA based curriculum),
MTA: Security Fundamentals - Certified

2019, Security Scorecard TPRM
Administrator
24 Ruchita M. 4 months 3 years CEH V11
Bhond
Scope- API, Web app, Network Security, Mobile app, cloud(AWS) assessment
Value- 3 million dollars per annum

Organization- Product based company- Email Security products having
customer from Banking sector
Project Location Pune
Complexity- High
1. Nessus- Commercial
2. Qualys- Commercial
3. Burp suite- Commercial
4. Metasploit
5. W3af
6. Nikto
7. SQL Map
8. Nmap
9. Wireshark
10. John the Ripper


*Information as provided by Persistent Systems Ltd. on 29th Sept 2022
Back
M/s Phoenix TechnoCyber
Phoenix TechnoCyber
411, B Wing, Shivam-1, Amba Business Park, Adalaj, Ahmedabad. Gujarat
382421
2. Carrying out Information Security Audits since: 2015
Network security audit : Yes

Web-application security audit : Yes
Wireless security audit : Yes
Compliance audits (ISO 27001, PCI, etc.) : Yes
Mobile Security audit : Yes
Red Team and Blue Team Assessments : Yes
Web and Mobile Application Security Testing (VAPT) : Yes
Network, Server and Firewall Security Testing (VAPT) : Yes
Vulnerability Assessment and Configuration Assessment : Yes
Building & Maintaining Security Operations Centre (SOC) : Yes
Managed Security Services (MSS) : Yes
Security Awareness Trainings : Yes
Data Migration Audit : Yes
Regulatory Compliance Implementation and Management (RBI, IRDA, SEBI) : Yes
International Cyber Security Framework (ISO, NIST, ISACA, SANS, CIS) : Yes
Govt. : Nil
PSU : 1
Private : 207

Mobile application security audit : 85
IT general controls review : 115
Secure Configuration audit : 190
Vulnerability Assessment & Penetration Testing : 125
Compliance audits (RBI, NABARD) : 168
Information security awareness& training : 22
Technical manpower deployed for information security audits :
CISSPs : Nil
BS7799 / ISO27001 LAs : 1
CISAs : 3
DISAs / ISAs : 2
Any other information security qualification (OSCP, M.tech, B.Tech, CEH) 8

1. Bhinang Tejani 7+ years 7+ years CISA, CEH, DISA
2. Abhishek 7+ years 7+ years CISA, CEH, DISA,

Chaudhary CISSO
3. Ravi Raval 7+ years 7+ years BCA, MCA, CEH and

CISA
4. Dixit Kukdadiya 5+ years 5+ years BCA and M.SC
Computers
5. Shantanu 4+ years 4+ years B.Tech Computers
Chaudhary
6. Kush Raval 4+ years 4+ years OSCP,CEH,CHFI,

Bachelor of Technology
in IT
7. Smit Patel 6+ years 6+ years CISM, BE in Computer
Science
8. Priyanshi 1 year 1 year B.E in IT
Champaneria
S. No. Client Description Project Description Project Value
1. One of the largest The following was scope of project: INR

car manufacturers 22,34,000/-
based in India and - VAPT & Security assessment of IT
United Kindgom. Infrastructure and applications
1) Web and Mobile Applications – 12
2) Cloud Security Assessment (servers)-

20
3) Server Hardening check- 100+
2. World’s largest Web and Mobile Applications – 45 Non-disclosure

producer of milk and
milk products
Commercial:
Nessus Professional
Cobalt Strike
KnoXSS
Shadon Search Engine
Freeware:
Nmap
Metasploit (Armitage)
Onion Tor
Advanced IP Scanner
Social Engineering ToolKit
Nexpose
SQLmap
FUFF
OWASP ZAP
403 bypass
Wireshark
Nikto
NetCat
John the Ripper
Dir Buster
Proprietary:
Custom python scripts and go scripts integrated with paid exploit pack.


Techowl infosec FZE, UAE
*Information as provided by Phoenix TechnoCyber on 12-May-2022.
Back
M/s PKF Consulting Services LLP
S.No Location Address
1. Mumbai 406, 4th Floor, Madhava Building, Bandra Kurla Complex,

Bandra East, Mumbai 400 051
2. Chennai No. 91 & 92, 7th Floor, KRD Gee Gee Crystal, Dr.
Radhakrishnan Salai, Mylapore, Chennai 600 004
3. New No 28, Old No 195, 3rd Floor, North Usman Road, T.

Nagar, Chennai 600 017
4. Hyderabad 3-225, 1st Floor, Kavurli Hills Road, CBI Colony, Madhapur,
Hyderabad 500 033
5. Bangalore T8 & T9, Third Floor, GEM PLAZA, No 66, Infantry Road
Bangalore 560 001
6. Delhi No. 319, Third Floor, DLF Prime Towers, Okhla Phase 1,
New Delhi 110 020

 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) - Yes
 Physical Access Controls & Security testing - Yes
 Software Vulnerability Assessment - Yes
 Penetration Testing - Yes
 Information Security Review - Yes
 Business Continuity Planning / Disaster Recovery Audit - Yes
 Mobile Application Security Audit - Yes
 Cybersecurity Assessment Review - Yes
 IT General Controls Review - Yes
 IT Application Review - Yes
PSU : 2+
Private : 15+
IT Controls Review: 15+

Compliance audits: 10+
Others: 5+
CEH/CISSP/CHFI : 5+
BS7799 / ISO27001 LAs : 2+
CISAs : 5+
S. No. Name of Duration Experience in Qualifications

Employee with PKF Information related to
1. Narasimhan 25+ Years 15+ Years CISA, CEH
Srinivasan
2. Venkatesh 14+ Years 10+ Years CISA
Krishnamoorthy
3. Mahesh 5+ Years 10+ Years CISA, CISSP
Kollengode
4. Ranjith Kumar 5+ years 8+ Years CISA
5. Padma 11+ Years 6+ Years CISA, CISSP,CEH

Thiagarajan
6. Preeti Sagar 6+ Years 5+ Years CISA
7. Neerav Modi 6+ Years 4+ Years ISMS Lead Auditor
8. Anantha 5+ Years 3+ Years CISSP, CEH,CHFI

Padmanabhan
9. Shalin Shah 3+ Years 3+ Years CISA
10. Sabitha Sriram 1+ Year 3+ Years CISA
PKF Consulting Services LLP was engaged by a service provider for performing a Cybersecurity
audit of a foreign bank including Vulnerability Assessment and Penetration Testing.
Project Value - Confidential
S.No Tool name Purpose of Tool

1. Nessus Remote Security Scanning Tool
2. Burp Suite Web Vulnerability Scanner
3. Acunetix Web Application Security Tool
4. Kali Linux Linux distribution designed for digital forensics and

penetration testing
5. DEFT Light weighted Linux Operating System for Digital

Evidence & Forensics
6. Nmap Network Security Scanner, Port Scanner & Network

Exploration tool
7. Wireshark Network Packet Analyzer used for network

troubleshooting, packet capturing and analysis
8. Microsoft Security Used to verify necessary security checks patch

Baseline analyzer (MBSA) compliance for windows operating system , IIS and
SQL
9. OWASP- ZAP Web Application Security Scanner
10. Metasploit Penetration Tool to find, exploit, and validate vulnerabilities

testing tool
11. Aircrack-ng A complete suite of tools to assess Wi-Fi network
security
12. Mobisec Mobile Application Security framework
13. SQLMAP SQL injection Vulnerability exploiting tool
14. Social Engineering tool Tools for Social-Engineering attacks

kit
15. Android Emulator Emulator Android devices Simulation
16. APK Inspector Android applications analysis tool
17. Dirbuster Multi threaded java application to brute force

directories and files names on web/application servers.
18. Curl A command line tool to transfer data to or from a

server, using any of the supported protocols (HTTP,
FTP, IMAP, POP3, SCP, SFTP,SMTP, TFTP, TELNET,
LDAP or FILE)


*Information as provided by PKF Consulting Services LLP on June 28, 2022
Back
M/s Precise Testing Solution Pvt. Ltd.
Name: Precise Testing Solution Pvt. Ltd.

Location: B-5, Second Floor, Sector 64 Noida (U.P.) 201301 India
Website: www.precisetestingsolution.com
2. Carrying out Information Security Audits since : August 2015
 Network security audit --Y

 Web-application security audit ---Y
 Wireless security audit ---Y
 Mobile Apps Security Audit ---Y
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) --Y
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) --Y
 ICS/OT Audits --Y
 Cloud security Audits --Y
 India Guidelines (IT Act,CVC,GOI procurement procedures(GFR) and etc )--Y
 Source Code Review --Y
 Cyber Security and CSOC Audit--Y
 Cloud Security Audit--Y
 Swift Audit --Y
 Hardware Devices Audit--Y
 Cyber Forensics--Y
 Data Privacy Audits—Y
Govt. : 1
PSU : 0
Private : 7

ICS/OT Audits: 0
Mobile Apps Security Audit:3
CISSPs : 0
BS7799 / ISO27001 LAs : 1
CISAs : 1
DISAs / ISAs :0
1. Vikash Kumar - 2012 6 Year 9 month CISA,CEH,27001 LA

CTO & Founder (Approx.)
2 Chetna Soni CEO 2012 6 Year 3 month 27001 PA, Advance

& Founder (Approx.) Cyber Security
Certification from
Stanford University
3 Bhim Bahadur Jan-2019 3-year 4 month CEH(Expired )

4 Deepanshu Gupta February-2020 2 Year 2 month CEH (Active)
Approx.
5 Ankit Narayan Aug -2021 9 months CEH (Active)

6 Manish Kumar September-2021 8 months CEH (Active)
7 Deepak Kumar October -2021 7 months CEH (Active)

8 Nilabh October -2021 7 months CEH (Active)
Project Name: CRISIL Risk and Infrastructure Solutions Limited (CRIS) along with E-
Procurement Technologies Limited (Auction Tiger) has designed bidding process for sale of
natural gas through e-auction. Auction Tiger shall develop an online web based electronic
bidding platform (“the “E-Bidding Platform”) for sale of natural gas. The E-Bidding Platform shall
be developed using the existing base platform of Auction Tiger. The bidding process conducted
through an online web-based electronic bidding platform shall be referred as the “E-Bidding
Process”.
This is Two-month project, we have tested this application off-side. This is E-Procurement
application, we have tested this application and submitted report to STQC for review of our
testing report, after completed all type of testing STQC awarded E-procurement certificate.
Scope of Work
• Functional Testing
• Application Security Testing
• Performance Testing
• Vulnerability testing
• Penetration Testing
Project Value: 15,00,000 Rupees
VA & PT Testing Tool Tool Type
Open Source Licensed Software
Information Gathering acccheck, ace-voip, Amap, Automater, BurpSuit Professional

bing-ip2hosts, braa, CDPSnarf,
ciscotorch, Cookie, Cadger, copy,
router-config, Dmitry, dnmap,
dnsenum, dnsmap, DNSRecon,
dnstracer, DotDotPwn, enum4linux,
enumIAX, Faraday, Fierce, Firewalk,
fragroute, fragrouter, GhostPhisher,
GoLismero, hping3, ident, user, enum,
InTrace, iSMTP, lbd, masscan,
Metagoofil, nbtscanunixwiz, Nmap,
ntop, p0f, Parsero, Recon-ng, SET,
smtp-user, enum, snmp, check,
SPARTA, sslcaudit, SSLsplit, sslstrip,
SSLyze, snmp, check, SPARTA,
sslcaudit, SSLsplit, sslstrip, SSLyze,
THC, IPV6, theHarvester, TLSSLed,
twofi, URLCrazy, Wireshark, WOL-E,
Xplico, goofile
Vulnerability Analysis BBQSQL, BED, cisco-auditing-tool, BurpSuit Professional

cisco-global-exploiter, cisco-ocs, cisco-
torch, copy-router-config, DBPwAudit,
Doona, DotDotPwn, HexorBase,
Inguma, jSQL, Lynis, Nmap, ohrwurm,
Oscanner,owerfuzzer, sfuzz,
SidGuesser, SIPArmyKnife, sqlmap,
Sqlninja, sqlsus, THC-IPV6, tnscmd10g,
unix-privesc-check, Yersinia, sfuzz
Wireless Attacks Aircrack-ng, Asleap, Bluelog, BlueMaho, BurpSuit Professional

Bluepot, BlueRanger, Bluesnarfer, Bully,
coWPAtty, crackle, eapmd5pass, Fern
Wifi Cracker, Ghost Phisher, GISKismet,
Gqrx, r-scan, hostapd-wpe, KillerBee,
Kismet, mdk3, mfcuk, mfoc, mfterm,
Multimon-NG, PixieWPS, Reaverredfang,
RTLSDR Scanner, Spooftooph, Wifi
Honey, Wifitap, Wifite, kalibrate-rt,
wifiphisher
Web Applications Apache-users, Arachni, BBQSQL, BurpSuit Professional

BlindElephant, CutyCapt, DAVTest,
deblaze, DIRB, DirBuster, fimap,
FunkLoad, GobusterGrabber, jboss-
autopwn, joomscan, jSQL, Parsero,
plecost, Powerfuzzer, ProxyStrike,
Recon-ng, Skipfish, sqlmap, Sqlninja,
sqlsus, ua-tester, Uniscan,Vega, w3af,
WebScarab, Webshag, WebSlayer,
WebSploit, Wfuzz, XSSer,zaproxy,
PadBuster, WPScan, Kali Linux, OWASP
ZAP, Zenmap,
Exploitation Tools Armitage, Backdoor Factory, BeEF, BurpSuit Professional

cisco-auditing-tool, cisco-global-
exploiter, cisco-ocs, cisco-torch,
Commix, crackle, exploitdb, jboss-
autopwn,L inux Exploit Suggester,
Metasploit ,Framework, RouterSploit,
SET, ShellNoob, sqlmap, THC-
IPV6,Yersinia
Forensics Tools Binwalk, bulk-extractor, Capstone,
chntpw, Cuckoo, dc3dd, ddrescue, DFF,
diStorm3,
Dumpzilla,extundelete,Foremost,Galleta,
Guymager, p0f, pdf-parser, pdfid,
pdgmail, peepdf, RegRipper, Volatility,
Xplico, Autopsy, The Sleuth kit,
Volatility, Santoku, Kali Linux
Stress Testing DHCPig, FunkLoad, iaxflood, Inundator, BurpSuit Professional
inviteflood, ipv6-toolkit, mdk3, Reaver,
rtpflood, SlowHTTPTest, t50,
Termineter, THC-IPV6, THC-SSL-DOS
,Jmeter
Sniffing & Spoofing DNSChef, fiked, hamster-sidejack,
HexInject, iaxflood, inviteflood, iSMTP,
isr-evilgrade, mitmproxy, ohrwurm,
protos-sip, rebind, responder, rtpbreak,
rtpinsertsound, rtpmixsound, sctpscan,
SIPArmyKnife, SIPp, SIPVicious,
SniffJoke, SSLsplit, sslstrip, THCIPV6,
WebScarab, Wifi Honey, Wireshark,
xspy, Yersinia
Password Attacks acccheck, CeWL, chntpw, cisco-auditing-
tool, CmosPwd, creddump, crunch,
DBPwAudit, findmyhash, gpp-decrypt,
hash-identifier, HexorBase, THC-Hydra,
John the Ripper, Johnny,
keimpxMaskprocessor, multiforcer,
Ncrack, oclgausscrack, PACK, patator,
phrasendrescher, polenum,
RainbowCrack, rcracki-mt, RSMangler,
SQLdict,Statsprocessor, THC-pptp-
bruter,
TrueCrack, WebScarab, wordlists
Maintaining Access CryptCat, Cymothoa, dbd, dns2tcp,

http-tunnel, HTTPTunnel, Intersect,
Nishang, pwnat, RidEnum, sbd, U3-Pwn,
Webshells, Weevely, Winexe
Reverse Engineering apktool, dex2jar, diStorm3, edb-

debugger, jad, javasnoop, JD-GUI,
OllyDbg, smali, Valgrind, YARA
Hardware Hacking android-sdk, apktool, dex2jar, Sakis3G,

smali
Network VAPT Nessus(Free), Nmap, Zenmap,

Wireshark, Nikto, hydra, Metasploit,
Burp Suite, Zed Attack Proxy (ZAP),
Dirb, WFUZZ, FFUF, SQL Map, Wpscan,
ZAP, Msfvenom, arp-scan, hashcat,
hydra, smbmap, Enum4linux, rpcclient,
winpeas.exe, winpeas.bat, evil-winrm
Mobile VAPT Tool Frida, Drozer, Burp-Suit, Apk Tool, Jadx,

Fridump, Genymotion, Adb, Byecode
Viewer, Java AES Crypto, Mobile
Security Framework (MobSF), Objection,
Android Studio, Kali Linux
Cloud Security Tools Wazuh, Osquery, GoAudit, grapl,

OSSEC, Suricata, Zeek/Bro, Panther,
Kali Linux, PacBot, Security Monkey


*Information as provided by Precise Testing Solution Pvt. Ltd. on 28/09/22
Back
M/s ProTechmanize Solutions Pvt Ltd
ProTechmanize Solutions Pvt Ltd

110, 1st Floor, Plot A, 315, Mahant Chambers, Rd Number 34, Wagle Estate, Jai
Bhavani Nagar, MIDC Industrial Area, Thane (West), Maharashtra 400604.

 Server security audit (Y)
 Endpoints security audits (Y)
 Red Team Assessments (Y)
 Mobile & API security audit (Y)
 Thick client security testing (Y)
 Database Security audit (Y)
 Server configuration Review (Y)
 Secure configuration Review (Y)
 Firewall Rules Review (Y)
 Compliance audits (ISO 27001, IEC 62443, etc.) (Y)
 Regulatory audits (SEBI, NSE, BSE etc.) (Y)
 Network Security / Firewall Audit (Y)
 IT Application Control (ITAC) (Y)
 Privacy Audit (IT Act 2000, GDPR etc.) (Y)
 SOX (Y)
Govt. : <Nil>
PSU : <Nil>
Private : 70

Server security audit: 32
Endpoints security audits: 15
Red Team Assessments: 4
Mobile & API security audit: 8
Thick client security testing: 4
Database Security audit: 4
Server configuration Review: 15
Secure configuration Review: 15
Firewall Rules Review: 8
Compliance audits (ISO 27001, IEC 62443, etc.): 3
ICS/OT Audits: 2
ITAC: 2
Gap Assessment: 7
Regulatory audits (SEBI, NSE, BSE etc.): 11
Financial sector audits: 2
Training & Awareness of Information Security and Cyber Security to clients’
employees: 10,000+
SOX: 1
Certifications Count
BS7799 / ISO27001 LAs 4
CEH 5
CISEH 1
CISC 1
DPO 1
Qualysguard Certified specialist 1
Acunetix certified 1
Any other information security qualification 20+
Total Nos. of Technical Personnel 100+
No. ProTechmanize Information to Information
Solutions Pvt Security security
Ltd
1 Hakimuddin Wadlawala 4+ yrs 15+ yrs CEH, ISMS LA 27001
2 Sameer Desai 3 yrs 10+ yrs CEH, ISMS LA 27001,

CISC, DPO Certification
3 Derrick Anthony 4+ yrs 5+ yrs CEH, Qualysguard
Certified specialist,
Acunetix certified.
4 Nawazuddin Shaik 2.4 yrs 2.4 yrs CEH
5 Mageshwaran Mudaliar 9 months 1 yr CISEH
6 Barkha Sharma 8 months 8 months CEH

7 Tejas Korpe 1.5 yrs 1.8 yrs CEH
8 Indrakant Chaubey 11 months 1 yr CPTE
9 Anand Dhobaley 3 months 3 months CEH
10 Rajesh Varghese 1+ yrs 4.5 yrs ISMS LA 27001
11 Kajal Sanas 3+ months 6.5 yrs ISO31000:2018
12 V. Mageshwari Nadar 1 month 2+ yrs ISO27001:2013 LA
Clients Assessment
50+ Web applications

250+ Network devices & IP
Servers & security devices assessments
Carried out Security assessment for Configuration Review
India's leading Pharma company Firewall Rule review
500+ Endpoints & SCADA security testing
DLP & O365 review
Datacentre Policy & Architecture review
100+ IP security testing
Carried out Security assessment for 110+ network configuration review
India's leading Logistics company Database configuration review
Network Architecture review
Firewall Rule review

Carried out Security assessment for 100+ IP & network security testing
India's leading Mutual Funds Configuration review
company Database security testing
Firewall hardening Review
Information Security Compliance

Total Number of Departments Audited: 21
audits of 2 subsidiaries of the world’s
largest building material
manufacturing company
Tools Type
Burpsuite Professional Commercial
Nessus Professional Commercial
Custom Python scripts Proprietary
Custom Powershell scripts Proprietary
Nmap Freeware
Kali Linux Freeware
Dirbuster Freeware
Android Studio Freeware
Metasploit Freeware
SQLmap Freeware
Wireshark Freeware
TestSSL Freeware
Fiddler Freeware
Sysinternals Suite Freeware
MobSF Freeware
Postman Freeware
SoapUI Freeware
Owasp ZAP Freeware
Nikto Freeware

( If yes, kindly provide oversight arrangement (MoU, contract etc.)

*Information as provided by ProTechmanize Solutions Pvt. Ltd. on 12/05/2022
Back
M/s Qadit Systems and Solutions Pvt Ltd
Qadit Systems and Solutions Pvt Ltd

Chennai

 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) : Y
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N) : Y
 ICS/OT Audits (Y/N) : Y
 Cloud security Audits (Y/N) : Y
Govt. : 1
PSU : Nil
Private : 119

Wireless security audit : Nil
ICS/OT Audits : Nil
CISSPs : 1
BS7799 / ISO27001 LAs : 4
CISAs : 9
DISAs / ISAs : 5
Any other information security qualification (CEH/ECSA) : 5

No. Employee with Qadit Information related to
Systems Security Information security
1 V.Vijayakumar 20+ years 20+ years CISA, ISA, CDPSE
2 Mahesh Balan 20+ years 20+ years CISA, ISA
3 N.Swameshwar 18 years 18 years CISSP, ISA, CEH
4 Sanjay Kadel 18 years 18 years CISA, ISA
5 R.Narayanan 9 years 18 years CISA, CIA, CDPSE
6 R. Ramesh 7 years 18 years CISA, CISM, ISMS LA,
CPISI
7 Guru Santhanam 13 years 13 years CISA
8 Aayush Jain 4 years 4 years CISA, ISMS LA
9 Rajendra Kumar 3 years 5 years CISA, ISMS LA, CPISI
No. Employee with Qadit Information related to
Systems Security Information security
10 Muralidharan 3 years 3 years ISA
11 Aishwarya K 5 years 5 years ECSA, CEH
12 Suman Raj 5 years 5 years ECSA
13 Karthik R 2 years 2 years CISA, ISMS LA
14 Ragavi 1 year 1 year CEH
Client : A project for Government of Tamilnadu

Scope: Information System Security Audit, Developing Security Policy &
Procedures, Application Software Audit
Coverage: all municipalities across Tamilnadu
Project Value: Rs. 27 lakhs
Proprietary
NsVulnAssessor
Ora DBSecAssessor
MSSQL DBSecAssessor
Router Config security assessor scripts
Commercial
Tenable Nessus Professional Edition
Titania Nipper Network Device Configuration Review Tool
Acunetix Web Application Vulnerability Assessment Tool
Codified Security Mobile Security Assessment Tool
Open Source / Freeware
Achilles Hydra Owasp Mantra

Aircrack-Ng IronWASP Paros Proxy
BackTrack/ KaliLinux John the Ripper Pwdump
Brutus Lynis Snort
Cain and Able Maltego w3af
DOMTools Metasploit Community Edition Webinspect
Dsniff MobSF WebScarab
Firewalk NetCat Whisker
Hping Netstumbler Wikto
HTTPrint Nikto Wireshark
HTTrack Nmap
OpenVAS


No If yes, give details
13. Locations of Overseas Headquarters/Offices, if any : Nil
 Information as provided by Qadit Systems and Solutions Pvt Ltd on 28 September 2022
Back
M/s Quess Corp Limited
Quess Corp Limited, Bangalore
2. Carrying out Information Security Audits since : <2018>

Govt. : <0>
PSU : <0>
Private : <13>

Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): <2>
ICS/OT Audits: <0>
CISSPs : <2>
BS7799 / ISO27001 LAs : <6>
CISAs : <3>
DISAs / ISAs : <0>
Any other information security qualification: <15>

1. Aditya Vardhan 4 years 22 years CRISC, CISSP, CISA,
CGEIT, ITIL, CPISI
2. Vinamra Rai 3.5 years 7.5 years ISO27001:2013-LI,
CPISA, MS Cyber Law
and Info. Sec.
3. Prasun Naidu 3.5 years 8 years MS Cyber Law and
Info. Sec., ISO
27001:2013 LI, ITIL
2011 F
4. Dinesh 5 years 9 years CEH
Purushothaman
5. Vinod Kumar K N 4.5 years 10 years ISO27001:2013-LA
Objective brief: Holistic Security assurance and testing program, for one of the largest tech first
global conglomerate. Target environment handles large financial transactions and business critical
operations.
Project brief: Program entails tiered activities including threat modeling, manual testing, and
automated tool enabled scanning, supported by focused remediation, and process improvements.
Locations covered: India, Indonesia, Malaysia, Singapore, Philippines
Technical landscape: 42 business Applications, 28 Databases, 60 Servers across Windows and Linux,
20 Core Network Devices
Project Value: INR 20 Lakhs
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary): Kali Linux,
Nessus Pro, Fortify, Wireshark, Burpsuite, Metasploit etc.


QuessGlobal (Malaysia)
Sdn Bhd (1127063-A)
Unit 25-13A, Level 25, Q
Sentral, Jalan Stesen Sentral
2,
Kuala Lumpur - 50470,
Malaysia
Tel: +603-27136670 / 6671 /
9971
Quess (Philippines) Corp.

Salustiana D Ty Tower
Condominium, 6th Floor, 104
Paseo de Roxas Corner, Perea
St, Legaspi Village, Makati
City, Manila,
Tel: +63 91 7878 3961
QUESSCORP HOLDINGS PTE.
LTD
Temasek Boulevard #32-01,
Suntec Tower Three,
Singapore 038 988
Quess Lanka
Level 7, BOC Merchant Tower,
No 28, St Michaels Road,
Colombo - 03
Quess (USA) Corp.

201 Littleton Road, Suite 220,
Morris Plains, NJ 07950
Quesscorp Management
Consultancies
#2204, Al Shafar Tower 1,
Barsha Heights, P.O. Box
32936, Dubai, United Arab
Emirates
Quess (Vietnam) Corp

711 Cowork04, Level 7, Me
Linh Point Tower, 2 Ngo
DucKe Street, District 1, Ho
Chi Minh City, Vietnam
*Information as provided by < Quess Corp Limited> on <22/06/2022>
Back
M/s Secure Loopholes Solutions LLP
Secure Loopholes Solutions LLP

Head Office – Gujarat : 306 – Anushri Complex, Nr. Bank of Baroda,
Ashram Road, Usmanpura, Ahmedabad, Gujarat – 380013
Branch Office - Hyderabad : Nexus Business Center, 4th floor, Plot No.
802 & 803 Ayyappa Central, 100 Ft Road, Rd Number 48, opp. YSR
Statue, SBH Officers Colony, Mega Hills, Madhapur, Hyderabad,
Telangana
2. Carrying out Information Security Audits since : June 2017

 Configuration Review audits (Y)
 Source code review audit (Y)
 Mobile application security audit (Y)
 Thick client application security testing (Y)
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (N)
 ICS/OT Audits (N)
Govt. : NA
PSU : NA
Private : 9

Mobile Application Security: 2
Wireless security audit: NA
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): NA
ICS/OT Audits: NA
CISSPs : 1
BS7799 / ISO27001 LAs : NA
CISAs : NA
DISAs / ISAs : NA
Red Team – CRTP/CRTE - 3
CEH : 6
CCNA/CCNP : 1
OSCE/OSCP/OSWE : 4
GXPN/PACES/CPISI : 1
Payment Card Industry Approved Scanning Vendors (PCI ASV) - 1
S. Name of Experience in Qualifications related to Information

Security
1 Raghunatha 9 Years CEH, OSCP, CRTP
Reddy
2 Prasad 10 years OSCP, CEH, PCI-ASV
Lingamaiah
3 Sudhakar 8 Years OSCE, OSCP, PACES, CRTE, CPISI,
Dwivedi Microsoft Certified: Azure Security
Engineer, Microsoft Technology
Associate: Security Fundamentals
4 Anil Dey 11 years CEH
5 Valligayatri 11 years CRTE,CRTP,OSWE,OSCP,CEH,CCNA,CCNP
Rachakonda
6 Raghava Reddy 2 years
Secure loopholes was engaged by a large Stock portal organization to provide various cyber
security audit services. We performed application, infrastructure security penetration test
(ethical hacking), including manual and automated tool techniques to uncover potential security
issues.
Secure Loopholes was engaged by a large NGO & Data protection organizations to perform
Security audit of 50 web/mobile applications along with payment gateway and infrastructure
security penetration tests. Contract Value: Confidential
Commercial: Nessus, Burp Suite, Acunetix.
Freeware: Kali Linux and associated tools, Nmap/Zenmap, Nikto, Dirbuster, MobSF, Metasploit
Framework, SQL Map, Wireshark – Packet Analyser, Aircrack, ZAP, OWASP Xenotix etc.


*Information as provided by Secure Loopholes on 20/6/20222
Back
M/s SecureInteli Technologies Pvt Ltd
SecureInteli Technologies Pvt Ltd (Formerly BizCarta Technologies India Pvt

Ltd)
3rd Floor, Nandi Infotech | Plot No 8, 1st Cross, KIADB, Sadaramangala

Industrial Area Mahadevapura, Bangalore 560 048, INDIA | CIN:
U72200TZ2014PTC020481 |
Current Website: www.bizcarta.io

New website www.secureinteli.com
2. Carrying out Information Security Audits since - 2016
3. Capability to audit, category-wise (add more if required)
 Network security audit – Yes

 Web-application security audit – Yes
 Wireless security audit – Yes
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) – Yes
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) – Yes
 ICS/OT Audits – Yes
 Cloud security Audits – Yes
 Red Teaming – Yes
 Forensic Investigation - Yes
Govt: None
PSU: None
Private: Eleven customers (11)
Total Nos. of Information Security Audits done: Eighteen (18)
Network security audit: 4 audits (2895 IPs)

Web-application security audit: 3 audits (Web apps-197; API’s-155)
Mobile-application security audit: 1 audit (18-mob apps)
Wireless security audit: 1 audit (15 wireless access points)
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): 1 audit
ICS/OT Audits: 0
Cloud security Audits: 1 audit (2 instances)
Red Teaming: 1 audit (1 activity)
Forensic Investigation: 4 audits (4 investigations)
Threat Modelling: 1 audit (1 activity)
Threat Hunting: 1 audit (1 activity)
CISSPs: 1
BS7799 / ISO27001 LAs: 2
CISAs: 1
DISAs / ISAs: None
Any other information security qualification: CEH, ECSA, OSCP
Total Nos. of Technical Personnel: Ten (20)
Certified personal
SecureInteli Security Information security
1 Abhijit Nair 3 Years 13 Year OSCP, CISSP, CEH
2 Sminu S Mullackal 4 Years 13 Years ISO27001 LA
3 Rajath 4 Years 7 Years ISO27001 LA, CISA
4 Gokul PJ 4 Years 5 Years ECSA
5 Koushik Pal 4 Years 4 Years CEH
6 Laxman 4 Years 5 Years CEH
7 Vybhav 1 Year 1 Year CEH
8 Atul 8 months 3 Years CEH
9 Vishnu Raj 6 months 1 Year CEH
10 Meeth 6 months 3 Years OSCP
A. Project 1
 Project Name: ITES Company – External Penetration Testing (Black Box
Testing)
 Scope: 2069 IPs
 Locations: 8 regions
 Project Value: INR 18,00,000
B. Project 2
 Project Name: IT Services Company – SIEM Implementation and Continuous
Monitoring, email compromise assessment, deep web monitoring for specific
email’s, 24/7 SOC monitoring from SecureintelI SOC
 Scope: SIEM deployment and 24/7 Continuous Monitoring
 Locations: 12 regions
 Project Value: INR 49,48,600
Tool License Use

Nessus Commercial Vulnerability Assessment
Qualys Guard Commercial Vulnerability Assessment
Veracode Commercial Web Application Pen Test
Burp Professional Commercial Web Application Pen Test
Accunetix Commercial Web Application Pen Test
GFI Lan Guard Commercial Network Vulnerability Scan
Retina Commercial Network Vulnerability Scan
NMAP Open Source Port Scanner
W3af Open Source Web Application Scanner
Wikto Open Source Web Application Scanner
Solar wind Open Source Network Pen Test
Backtrack tool kit Open Source Network and Application Pen Test
Samurai Testing toolkit Commercial Web Application Pen Test
Encase Commercial Computer Forensics
Wireshark Open Source Network sniffer
Nets tumbler Open Source Wireless Scanning
Air crack Open Source Wireless Pen Test
Air magnet Open Source Wireless Pen Test
Paros Open Source Web Application Proxy
Nipper Open Source Network Configuration File
SoapUI Commercial Web Services
Nekton Open Source Network Pen Test
Netcat Open Source Network Pen Test
Coinable Open Source ARP Poisoning, DNS Poisoning
THC-Hydra Open Source Brute Force
Brutus Open Source Brute Force
John the Ripper Open Source Password Cracker
L0pht Cracker Open Source Password Cracker
Rainbow Crack Open Source Password Cracker
Cymulate Commercial Breach Assessment
Snyk Commercial Web Application Pen Test
Four Core Commercial Breach Assessment
Cloudsploit Open Source Cloud Risk Assessment
Control Map Commercial ISMS Audits
CIS Tools Commercial Compliance Audits
GuardYoo Commercial Forensic Investigations

12. Whether organization is a subsidiary of any foreign-based organization? : No

13. Locations of Overseas Headquarters/Offices, if any: 3 locations (USA, Singapore,

Australia)
*Information as provided by SecureInteli Technologies Pvt Ltd on 13/5/2022
(Formerly known as BizCarta Technologies India Pvt Ltd)
Back
M/s Securium Solutions Pvt Ltd.
Securium Solutions Pvt Ltd.

B28, First Floor, Sector 1, Noida, Uttar Pradesh, India 201301.
Email: neha.singh@securiumsolutions.com
security@securiumsolutions.com
Contact: 9990602449, +91 8368545467,
Registered & Corporate office Noida, Uttar Pradesh.
Representing Noida, Bhubaneswar, Dubai.

 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) : YEs
Govt. : NIL
PSU : 50+
Private : 250+

Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): <50>
ICS/OT Audits: <number of>
CISSPs : <number of>

BS7799 / ISO27001 LAs : 3
CISAs : 2
DISAs / ISAs : 0
Any other information security qualification: OSCP, CISM, LPT, CPENT,
CCISO, CEH, CHFI, AZ500

No. Employee <organization> Information to Information security
Security
1 SUNIL SINGH DIRECTOR 5 Year LPT, CISM, CEH, ECIH
2 NEHA SINGH DIRECTOR 5 Year CEH, CISA, ISO 27001
3 SAM NIVETHAN PROJECT MANAGER 3 Year ECSA, CCSE, CTIA,
CEH, CEI, LCSP.
4 DEEPAK KUMAR DIRECTOR OF 10 Year CISA,LPT+CPENT,LEAD
NATH TECHNOLOGY,CISO AUDITOR
ISMS,CEH,CPTE,CCISO
5 VINEET SINGH SENIOR SECURITY 2 Year CEH
ENGINEER
6 ROHIT SECURITY 4 Year OSCP, CEH, CHFI,
MANAGER CPTE, AZ500
7 Shahbaaz Nabi Security 1 Year CEH, CPTE
Researcher
8 SOORAJ SECURITY 1 Year CEH.
ENGINEER
9 SHUBHIT MANOJ SECURITY 1 Year CEH
KULSHRESTHA ENGINEER
10 HARD ASHIT SECURITY 1 Year CEH
DHUDLA ENGINEER
11 SOHIL KHAN SECURITY 1 Year CEH
ENGINEER
12 SR MOHANTY LEAD SECURITY 5 YEAR CGEH,CCNA,OSCP
ENGINEER
13 ABHIJEET PANDA LEAD AUDITOR 1 YEAR CEH
14 ADITYA SECURITY 1 YEAR CEH
PRATHAM ENGINEER
PRAKASH
15 AMLAN KUMAR SECURITY 1 YEAR CEH
BEHERA RESEARCHER
16 DEBASHIS SECURITY 2 YEAR CEH,
MOHANTO RESEARCHER
17 SAILESH MAJHI SECURITY 2 YEAR CEH,ISO 27001LA
ENGINEER
18 RATNAKAR DAS NETWORK 1 YEAR CEH,CCNA
SECURITY
ENGINEER
19 JAGAT LEAD AUDITOR 2 YEAR ISO 27001LA
PATTANAIK CYBER SECURITY
20 ANURAG SHINDE SOC ANALYST 1 YEAR MCS
Wireshark/TCPDump Ferret Nessus Pro NSAT
Kali Linux Hamster Nexpose SCRIPTS
Sqlmap IP scanner Metasploit Pro
Nikto Yersinia Burpsuite
Nmap Ethereal Acunetix
Hydra Echo Mirage HP Web Inspect
Whois WebScrab HP Fortify
Scapy Tor’s hammer IBM Appscan
Pyloris W3af Maxpatrol
LOIC Sparta Codenomicon
CSRF Tester Directory Buster beSTORM
Ollydbg SMTP Ping IDA PrO

MBSA Hash-Identifier NetSparker
TestSSLServer Cisco Auditor
Python/Powershell Sys Internals

Scripts Suite
Qualys SSL Santoku Linux
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No : NO

11. Whether organization has any Foreign Tie-Ups? If yes, give details: Yes/No : YES
12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No : NO

13. Locations of Overseas Headquarters/Offices, if any: Yes/No : YES
Downtown - Office 202, Saaha offices, C - Souk Al Bahar Bridge, Dubai, Po Box: 282615.
*Information as provided by < Securium Solutions Pvt Ltd> on <28/09/2022>
Back
M/s Sectrio-Subex Digital LLP
Subex Digital LLP,

Pritech Park – SEZ Block -09,
4th Floor B Wing Survey No. 51 to 64/4 Outer Ring Road,
Bellandur Village, Varthur Hobli,
Bengaluru, Karnataka 560103

 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) : Y
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N) : N
 ICS/OT Audits (Y/N) : Y
 Cloud security Audits (Y/N) : N
Govt. : 3
PSU : 1
Private : 10

ICS/OT Audits : 5
CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
DISAs / ISAs : 0
S. No. Name of Duration Experience in Qualifications related to

Employee with Subex Information Information security
Security
1 Sandeep Jain 19+ years 6+ years CEHv11
2 Vikas 5+ years 8+ years CEHv11
Karunakaran
3 K Narahari 1.5 years 1.5 years CEHv9, ECSAv10,CCNA,MCSE
4 Supreet Joshi 7+ years 7+ years ICS/SCADA Cyber Security
Certification ,Forensic Science &
Cyber Forensics, NSD certified
cybercrime intervention officer,
Network Security Expert I –
Fortinet
Network Security Expert II -
Fortinet
5 Satish Navi 6+ years 5+ years CEHv11
6 Saideep Edagotti 2+ years 6+ years CompTIA CySA+
Reddy
7 Manjunathagouda 1 month 10+ years ECC-CHFI
Somangoudar
8 Sagar K S 2+ years 4+ years NSD certified cybercrime
intervention officer
 Smart City Project in Arizona : Designed the deployment of proprietary solution in a

complex network that included devices/endpoints spread across IT, IoT and OT technologies.
Data aggregation points were identified as part of an optimum design and it was captured by
our Appliance. Subex’ Security operations centre helps the customer manage the threats with
notifications and mitigation recommendation. Regular reports are sent, and periodic meetings
are held to discuss progress and to keep customer updated about the engagement.
 Honeypot Deployment and Managed Security Services for Major Telecommunication
Provider in Spain : The project includes Honeypot Deployment and Managed Security Services
offering from our Security Operations Centers. Subex has deployed a honeypot network to aid
the research and pre-deployment testing activities for customer. This network is utilized to
ensure the devices going into public domain are secured and do not have any vulnerabilities that
the hackers can exploit. The honeypot network deploys has the following approach :
Reconnaissance, Delivery, Exploration, Installation and Action.
 Set up of Cyber Security Research Facility in Singapore: This research facility provides a
platform to academicians, students, scholars to carry out their academic and research
activities by making use of the IoT test beds and honeypots set up by Subex. This is one of
the leading Cyber Security Research Institutions in the world. One of the major objectives of
this lab is to identify techniques to detect and mitigate zero-day attacks in IoT and CII using
machine learning.
 Subex Signalling Security Deployment for 2nd largest telecom service provider in
Malta: Subex has deployed the deployed the Signalling Security module of the solution. The
solution does real time signal-based traffic monitoring which enriches the operator’s insights
with signalling data for early detection of frauds. The engagement covers SIP voice signalling
protocol and will analyse the port mirrored national and international traffic from the SBC’s.
 Security Solution deployment for a Leading Petroleum Corporation in Kuwait: Sectrio

Solution Deployment and Managed Security Services from Sectrio Security Operations
Centres. Sectrio’s security solution will provide end-to-end visibility for KIPIC’s two data
centres The . security services are designed to protect the integrity and confidentiality of data
and mitigate key risks which will enhance overall Security posture. The solution will provide a
detailed understanding of the security risk uncovered within each of the deployed applications,
services, and infrastructure.
 Deception and Decoy Solution for the largest Nationalized Bank in India : Subex
deployed an instance of Sectrio within the bank network with key capabilities covered by the
solution that include discovery, deception and decoy, detection, alerting capabilities by
discovering and monitoring the network traffic and map the assets, vulnerabilities and any
malicious activity carried out within the identified network.
Subex will be processing the network traffic in Sectrio Edgetech appliance and generate threat
alarms that will be available in Sectrio platform which will capture all relevant details.
Sl. No Tool Name Licensing Description

Passive Vulnerability Management Tool for
1 Sectrio Proprietary
IT/OT/IoT
Integrated platform/graphical tool for
2 Burpsuite Commercial performing security testing of web
applications
Automated Web Application Vulnerability
3 Accunetix Commercial
Scanner
4 Rapid7 Commercial Automated Vulnerability Scanner
Nessus
5 Commercial Automated Vulnerability Scanner
Professional
Integrated platform/graphical tool for
6 OWASP ZAP Freeware performing security testing of web
applications
Automated Web Application Vulnerability
7 Nikto Freeware
Scanner
8 NMAP Freeware Port Scanner
9 Wireshark Freeware Network Packet Analyzer
10 Netcat Freeware Network Utility
11 SNMP Walk Freeware SNMP Scanner
12 Hydra Freeware Password Cracker
13 Hping3 Freeware Stress testing tool
John the
14 Freeware Password Cracker
Ripper
15 Metasploit Freeware Exploitation tool
Industrial
16 Exploitation Freeware ICS Penetration Testing tool
Framework
17 s7scan Freeware Siemens Vulnerability Assessment tool
18 Plcscan Freeware PLC Enumeration tool
Modbus
Penetration
19 Freeware Modbus Scanning and Exploitation tool
Testing
Framework
20 Modscan Freeware Modbus Scanning tools
21 Binwalk Freeware Firmware Analysis tool
22 Volatility Freeware Memory Analysis Tool
23 Firmwalker Freeware Firmware Analysis tool
24 x64DBG Freeware Binary Reverse Engineering tool
25 IDA Pro Freeware Binary Disassembly tool

12. Whether organization is a subsidiary of any foreign based organization? : Yes/No


Subex Ltd has other offices as per the below details
Subex Inc,
12303 Airport Way,
Bldg. 1, Ste. 180,
Broomfield, CO 80021
Tel : +1 303 301 6200
Fax : +1 303 301 6201
Subex (UK) Limited

1st Floor, Rama Apartment,
17 St Ann’s Road,
Harrow, Middlesex, HA1 1JU
Tel : +44 207 8265300
Fax : +44 207 8265352
Subex Limited Dubai Office

#Office number 722,
Building number 6WA,
Dubai Airport Free Zone
Authority(DAFZA),
P.O. Box: Box 54834,Dubai
United Arab Emirates
Tel : +9 714 214 6700
Fax : +9 714 214 6714
*Information as provided by Subex on 29 Sep 2022
Back
M/s Tech Mahindra Ltd.
Tech Mahindra Ltd.

Sharda Centre, Off Karve Road
Pune - 411004 (Maharashtra) India
Phone: +91 20 66018100
 Network security audit (Y/N)- Y

 Web-application security audit (Y/N)- Y
 Wireless security audit (Y/N)- Y
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N)- Y
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N)- Y
 ICS/OT Audits (Y/N)- Y
 Cloud security Audits (Y/N)- Y
Govt.: approx 40
PSU: approx 15
Private: more than 150
Total Nos. of Information Security Audits done: approx 200+
Network security audit: more than 100

Web-application security audit: approx 65-70
Wireless security audit: approx 5-6
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): approx 50
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): approx 7-10
ICS/OT Audits: up to 5
Cloud security Audits: more than 15
CISSPs : 50+
BS7799 / ISO27001 LAs : 25+
CISAs : approx 10
DISAs / ISAs : N/A
Any other information security qualification - CISM: approx 35
Total Nos. of Technical Personnel : 800 +
S. Name of Duration Experience in Qualifications related

No. Employee with Tech Information Security to Information
Mahindra security
1 Mohammad 3 years Security Audit and CISM, AZ500,
Akhtar Raza assessment. AZ900, ISO 27001
Cybersecurity and LA, CEH, ECSA,
Cloud security
Program and Project
management
2 Rajeev Kumar 2 Years Enterprise Security CISSP, ISO 27001
Consulting, Security Auditor
Operations, Delivery
Management, Lead
Auditor
3 Manindra 12 years Enterprise Security CISM, CEH
Kishore Consulting, Security
Operations, Delivery
Management, Pre-
sales Tech Support,
IS audits Program
management
4 Mandeep Malik 2 years Security Audit and CISSP, TOGAF 9.1
assessment. Certified, CCSK,
Cybersecurity and MBA IT
Cloud security
Program and Project
management
5 Vishal Chhabria 8 years Application Security, CEH, SPLUNK
Vulnerability
assessment and
Penetration testing,
Mobile application
Security
6 Meenal Kukreja 1 year Application Security, CEH, Azure
Vulnerability
assessment and
Mobile application
Security
7 Suman Tewari 2 years Application Security, CEH, CPISI, MSCP,
Vulnerability ISO 27001:2013
assessment and
Mobile application
Security
8 Vineet Patil 2 years Application Security, CEH, ECSA
Vulnerability
assessment and
Mobile application
Security
1. Leading company in industrial products, electronic components; electrical,

automation and control, engineering tools, and consumables via e-commerce,
telephone
a. Scope: Security consulting and audit including application security,
security incident & response, governance, risk & compliance
b. Locations : Multiple cities
c. Project value : 4.47 mn $(Total contract value)
2. Leading American parts supplier for construction, automotive, and industrial

companies.:
a. Scope: Security consulting and audit including AppSec, GRC and IDAM
capabilities
3. Leading commercial bank in Ireland & one of the Big Four Irish banks
a. Scope: Application security, security incident & response, governance,
risk & compliance
4. Specialized agency of the United Nations in Aviation industry crating principles,

techniques of international air navigation, fosters the planning and
development of international air transport
a. Scope: Security consulting, application security, network security,
governance, risk & compliance
Commercial:
Rapid 7 Nexpose, Tenable, Acunetix, Veracode, Qualys Guard, IBM App Scan, Burp
Suite Pro, Web Inspect, Checkmarx, HP Fortify, ISF Security Health Check, ISF
Benchmarking, Algosec.
Freeware:
NMap, Metasploit, SSL Digger, SSL Scan, SQL Map, MOB-SF, Quark, Drozer, SOAP UI,
Owasp Zap.
Third party audit has been outsourced to E&Y, KPMG & other NIC empaneled vendors.
This is as per the MSA and regulatory requirement since TechM is involved in these
projects as system implementor as well, hence the auditing was provided to third
Party
11. Whether organization has any Foreign Tie-Ups? If yes, give details: YES
https://www.techmahindra.com/en-in/alliance/
12. Whether organization is a subsidiary of any foreign based organization? NO

13. Locations of Overseas Headquarters/Offices, if any:
https://www.techmahindra.com/en-in/contact-us/
*Information as provided by Tech Mahindra Limited on 16th June 2022
Back
M/s Techdefence Labs Solutions Private Limited
Name: Techdefence Labs Solutions Private Limited

Location: 901-904,908 9th Floor Abhishree Adroit Mansi Circle Vastrapur
Ahmedabad Gujarat India – 380015
Contact Person: Mr. Sunny Vaghela
Email: sunny[at]techdefencelabs.com
Mobile No: 9924822224 / 7567867776

 ICS/OT Audits: Yes
 Cloud security Audits: : Yes
 Thick Client: Yes
 Mobile Application: Yes
 Secure Code Review: Yes
 Database Configuration Review: Yes
4. Information Security Audits carried out in the last 12 Months :
Govt. : 0
PSU : 10
Private : 290+
5. Number of audits in the last 12 months, category-wise (Organization can add categories

ICS/OT Audits: 2
CISSPs : 0
BS7799 / ISO27001 LAs : 3
CISAs : 1
DISAs / ISAs : 0

No. Techdefence Information Security Information security
1 Maulik Vaidh 5.4 years 4 years -
2 Kalpesh Jha 2.6 years 3 years -
3 Krishna Sharma 1.8 years 9 years ISO27001LA,CNSS
4 Jainam Basa 1 year 2 years CNSS/CCSE
5 Puneet Lawaniya 9 Months 2 years CSCU,N+,RCSA
6 Chetan Purohit 1.4 Years 1.5 years CISE
7 Rohit Soni 1.4 years 1.6 years -
8 Mr.Abhijit Dave 3 months 1 year -
9 Mr Jigar Gajjar 1 month 1 year -
10 Mr.Hardik Shiroya 2.5 month 1 year ISO 27001 LA
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations,
Sr.N Organization Scope Of Auditing Volume

o
1 Largest Business Conglomerate in Web Application Web: 100

India Security
Assessment Mobile: 80
Project Value: 95 lacs
Mobile Application Network: 6000
Security
Assessment
Thick Client: 40
Network
Infrastructure
Security
Assessment
Thick Client
Application Security
Assessment
2 Leading FMCG Company in India Web Application Web: 18

Security
Project Value: 20 Lacs Assessment Mobile: 03
Mobile Application Network: 4216 IP

Security
Assessment
Locations Covered: 29
Network
Infrastructure
Security
Assessment
Thick Client
Assessment
3 Leading Shipping Company in India Web Application Web: 40

Security
Project Value: 15 Lacs Assessment Network: 5000 IP
Network
Infrastructure
Security
Assessment
4 Leading Manufacturing Plumbing & Web Application Web: 20

Drainage systems Company in India Security
Project Value: 33 Lacs
Mobile Application Network: 117 IP
Security
Assessment
Thick Client: 07
Network
Infrastructure
Security Location: 30
Assessment
Thick Client
Assessment
5 Largest Business Conglomerate in Web Application Web: 450

India Security
Project Value: 1.2 Crore
Mobile Application Network: 6000
Security
Assessment
Thick Client: 40
Network
Infrastructure
Security
Assessment
Thick Client
Assessment
6 Global Leader in Biometric and IoT (Hardware Firmware: 04

Physical Security Technology provider Security
Assessment) Hardware:04
Value: 10 Lacs
7 Banking Solution Company Web Application Web: 15

Security
Value: 15 Lacs Assessment Mobile: 03
Mobile Application Thick Client: 04

Security
Assessment
Thick Client
Assessment
8 Solar Energy Company IT and OT OT: 22

Assessment
Value: 10 Lacs VAPT: 200
9 Germany Based Technology Company Web, Mobile, Smart App:1

Contract audit,
Project Value: 29 Lacs Source Code review AWS and Azure
Security Assessment
Commercial Tools Freeware Tools
1. Acunetix 1. Arachni
2. Burpsuite Professional 2. OWASP ZAP
3. Nessus 3. Nmap
4. Splunk 4. Nikto
5. Netcat
6. W3af
7. Wapiti
8. Sqlmap
9. Zapproxy
10. Skipfish 11. Backtrack , Kali
12. Openssl
13. Dirbuster
14. Wireshark
15. Loki
16. Httprint
17. Curl
18. Tcpdump
19. Fimap
20. SwfScan
21. Hydra
22. John the Ripper
23. Ssltest
24. Sslstrip
25. Cain and Abel
26. Brutus
27. Airmon -ng
28. Hping
29. Scapy
30. wsfuzzer

( If yes, kindly provide oversight arrangement (MoU, contract, etc.))
11. Whether an organization has any Foreign Tie-Ups? If yes, give details: No
12. Whether an organization a subsidiary of any foreign-based organization? : No
*Information as provided by Techdefence Labs Solutions Private Limited on 27th September 2022.
Back
M/s Tek Cube Pvt. Ltd. (WeSecureApp)
Tek Cube Pvt. Ltd. (WeSecureApp)
Registered office Address: 1-2-288/52, Tulasi Homes, Domalguda,

Hyderabad, Telangana-500029
Communication office Address: 6th Floor, 91 springboard, LVS Arcade,

Madhapur, 71, Jubilee Enclave, HITEC City, Hyderabad, Telangana 500081.
 Subcategory:- Application Security

 Web-application security audit (Y/N)- Yes
 Mobile application security audit (Y/N)- Yes
 Web services and API security audit (Y/N)- Yes
 Source Code Review (Y/N)- Yes
 Block chain assessment (Y/N)- Yes
 ERP Security (SAP, Oracle) (Y/N)- Yes
 Application architecture review(Y/N)-Yes
 Subcategory:- Network Security
 Network security audit (Y/N)- Yes
 Wireless security audit (Y/N) – Yes
 VoIP Penetration testing (Y/N)- Yes
 Network architecture Review(Y/N)- Yes
 Configuration Review (Operating Systems, Databases, Network Devices) (Y/N):
Yes
 Subcategory:- Cloud Security
 Cloud auditing and Hardening for AWS (Y/N)- Yes
 Cloud auditing and Hardening for Azure (Y/N)- Yes
 Cloud auditing and Hardening for GCP (Y/N)- Yes
 Subcategory:- Threat Simulation
 Red Team Assessment (Y/N)- Yes
 Red Team vs Blue Team (Y/N)- Yes
 Social Engineering Assessment (Y/N)- Yes
 Spear Phishing(Y/N)- Yes
 Subcategory:-Container Security
 Docker CIS benchmark hardening (Y/N)- Yes
 Container vulnerability assessment (Y/N)- Yes
 Subcategory:- Compliance
 ISO 27001 Auditing (Y/N)- No
 PCI DSS Preparedness (Y/N)- No
 HIPPA Auditing (Y/N)- No
 GDPR Implementation (Y/N)- No
 SOC2 Assessment (Y/N)- No
Govt. : Nil
PSU : Nil
Private : 175+

Mobile application security audit: 150+
ICS/OT Audits: Nil
Red Team Assessment: 15
Source Code Review: 41
Block Chain Security:2
Bug Bounty Program: 1
ERP Audit (SAP, Oracle): 1
Network Architecture Review:1
Secure coding best practices training: 2
Spear Phishing: 5
VoIP Penetration Testing: 1
Configuration Review (Operating Systems, Databases, Network Devices): 5
Certification Name Count of

Employees
OSCP- Offensive Security Certified Professional 5
CRTP- Certified Red Team Professional 1
CREST CPSA- Practitioner Security Analyst certification 1
CEH- Certified Ethical Hacker 4
CHFI-Ec-Council Computer Hacking Forensic Investigator 1
ICSI | CNSS –Certified Network Security Specialist 3
CISA- Certified Information Security Auditor 1
ISO27001 LA- Lead Auditor 2
eWPTX-eLearn Security Web Application Penetration Tester eXtreme 1
CISC-Certified Information Security Consultant 1
Cybersecurity Professional by U.S. Council 1
ECSA-EC-Council Certified Information Security Council 1
NISM Series – II – B 1
Amazon Web Services Security Specialist 1
PNPT-Practical Network Penetration Tester by TCM Security 1
S.No. Name of Employee Duration with Experience in Qualifications related to

Tek Cube Pvt Information Information security
Ltd. Security
(WeSecureApp)
1 Akhil Reni 7 + Years 7+ Years -
2 Eshwar Uppala 7+ Years 7+ Years -
3 Anurag Giri 7+ Years 8+ Years -
4 Shamanth Alladi 5 Years 5 Years -
5 Arvind Pawar 2.5 Years 6 Years ISO27001LA- Lead
Auditor, ICSI | CNSS –
Certified Network Security
Specialist
6 Shiva Krishna 4.2 Years 4.2 Years -
Reddy
7 Sarthi patel 3.9 Years 3.9 Years Cybersecurity Professional
by U.S. Council
8 Prakash Ashok 3.4 Years 3.4 Years OSCP, AWS Security
Certified, IBM Block Chain
Essentials
9 Vatsal Agrawal 1.10 Years 4.1 Years OSCP, CRTP
10 Varun BVS 4.5 Years 4.5 Years CREST Practitioner
Security Analyst, ECSA-
EC-Council Certified
Council
11 Saideepa 1.9 Years 5.3 Years OSCP, CEH
Amanganti
12 Pavan Kumar 2.4 Years 2.4 Years OSCP
Mallem
13 Saish Rane 2.4 Years 4.7 Years CISC-ECCouncil- Certified
Consultant, ICSI | CNSS
–Certified Network
Security Specialist
14 Gagan Gurang 1.4 Years 6.2 Years OSCP, eWAPTX
15 Garima Maithani 1.11 Years 3.4 Years ISO27001LA-Lead
Auditor, Microsoft
Certified: Azure
Fundamentals, CEH
16 Vaibhav Vishal 0.9 Years 6.6 Years Microsoft Certified: Azure
Singh Fundamentals, Post
Graduate Diploma, IT
Infrastructure Systems
and Security
Sr Category Auditee Brief Description of Scope of Work

No (Govt./PSU/ Organization
Private)
1 Private Client application Vulnerability Assessment and

Penetration Testing of
Larsen & Toubro
Limited, Smart - 100+ Web Applications
World & - 4+ Mobile Application
Communication- 3+ Thick Client Applications
Network Vulnerability Assessment and Penetration

Testing for 1000+ Ips
S No Tools Freeware/Commercial/Proprietary)
1 Burp Suite Professional Commercial
3 Dehashed Commercial
4 Nmap Freeware
5 Nikto Freeware
6 MobSF Freeware
7 Metaspoilt Framework Freeware
8 Nipper Freeware
9 Kali Linux and associated tools Freeware
10 Frida Freeware
11 apktool Freeware
12 dex2jar Freeware
13 Apksigner Freeware
14 Xposed Freeware
15 magisk frameworks and modules Freeware
16 Scour pacu Prowler Freeware

We have clients in abroad but no tie ups with any vendor
12. Whether organization is a subsidiary of any foreign based organization? :Yes/ No If yes, give
details
Parent Company - Strobes Security Inc.
Address - 5700 Tennyson Parkway, Suite 372, Plano, Texas 75024
Parent Company - Strobes Security Inc.
Address - 5700 Tennyson Parkway, Suite 372, Plano, Texas 75024
*Information as provided by Tek Cube Pvt. Ltd. (WeSecureApp) on 28th September 2022
Back
M/s Third I Information Security Pvt Ltd.
Third I Information Security Pvt Ltd.
WeWork Oberoi Commerz II, 1st floor, CTS No.95, Off W. E. Highway, Oberoi
Garden City, Goregaon East, Mumbai - 400063, Maharashtra, India
 Network security audit: (Y)

 Web-application security audit: (Y)
 Wireless security audit: (Y)
 Compliance audits (ISO 27001, PCI): (Y)
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): (Y)
 ICS/OT Audits: (Y)
 Cloud security Audits: (Y)
 Mobile Application Penetration Testing: (Y)
 Network Penetration Testing: (Y)
 Network Vulnerability Assessment: (Y)
 Firewall Configuration Review: (Y)
 Server Configuration Review: (Y)
 Database Configuration Review: (Y)
 Source Code Review: (Y)
 Email Configuration Review: (Y)
 Network Architecture Review: (Y)
 Process and Policy Review: (Y)
 Incident Response: (Y)
Govt.: None
PSU: 2+
Private: 10+
Network security audit: <7+>

Web-application security audit: <20+>
Wireless security audit: <5+>
Compliance audits (ISO 27001,PCI, etc.): <2+>
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): <10+>
ICS/OT Audits: <2+>
Cloud security Audits: <4+>
CISSP: Nil
BS7799 / ISO27001 LAs: 3
CISAs : 3
DISAs / ISAs : Nil
Sr. Name of Employee Duration with Experience in Qualifications related

1 Mr. Niyaj Khan 4 Years 7 Years CISA, CISM, CRISC,
CGEIT, ISO 27001 LA,
ISO 27001 LI, CEH,
Certified Forensic
Investigator, AWS
Solution Architect, Six
Sigma Black Belt
2 Mrs. Shivani 1 Year 10 Years CISA, ISO 27001 LA,
Sharma Privacy Security Lead
3 Mr. Rajiv Kapil 3 Years 8 Months 11 Years CCNA, CCNP, CISM
4 Miss. Surbhi 11 Months 11 Months Bachelor of Computer
Singhania Engineering with
Specialization in Cloud
Technology
5 Mr. Saurabh 1 Year 5 Months 5 Years CEH, OSCP
Kumar Pandey
6 Mr. Omkar S 2 Year 8 Months 9 Years CCNP, CCNA, MCSA
Client Compliance Project Value in INR
Payment Solution Provide Vulnerability Assessment, Confidential

Application Penetration Test,
ISO 27001 Consulting, Firewall
Configuration Audit, Server
Configuration Audit, Mobile
Application Penetration Test
Financial Sector Organization Vulnerability Assessment, Confidential

Application Penetration Test,
ISO 27001 Consulting, Firewall
Configuration Audit, Server
Configuration Audit, Mobile
Application Penetration Test, PCI
DSS Consulting.
BPO/Services Vulnerability Assessment, Confidential

Application Penetration Testing,
Firewall Configuration Audit,
Server Configuration Audit.
Tool License Type
Nessus Professional Commercial
Burp Suite
Commercial
Professional
Qualys Guard Commercial
Titania Nipper Commercial
Kali Linux Freeware

Nmap Freeware
OWASP ZAP Freeware
Microsoft Sysinternal
Freeware
Tools
Wireshark Freeware
Aircrack-ng Freeware
Wapiti Freeware
Directory Buster Freeware
Sqlmap Freeware
Pwdump Freeware
Maltego Freeware
Micro Focus Fortify Freeware


*Information as provided by Third I Information Security Pvt Ltd on 28th Sept 2022.
Back
M/s Trinay Cyber Technologies Pvt Ltd
Trinay Cyber Technologies Pvt Ltd
Registered Office: Unit 1, 5-9, Near Bank Bazar, Tsundur, Guntur, Andhra Pradesh-
522318

Govt. :0
PSU :0
Private : 17

 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : 0
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : 0
 ICS/OT Audits : 0
 Cloud security Audits : 0
CISSPs : 1
BS7799 / ISO27001 Las : 1
CISAs : 1
DISAs / ISAs : 0
S. Name of Employee Duration with Experience in Qualifications

No. <organization> Information related to
security
1. Cloud Security Manager 1 year 13 CISSP, CCNA, CEH,
CISA, ISO 27001 LA
2. Chief Delivery Manager 0.5 years 10
– Penetration Testing
3. Team Lead 0.5 years 6 years CEH, CCNA
4. Senior Security Analyst 1.1 years 5 years
5. Senior Security Analyst 1 year 4 years CEH
6. Security Analyst 0.9 Year 4 years CEH
7. Junior Security Analyst 1 year 2 years CEH, CCNA
 Vulnerability assessment and Penetration testing of network infrastructure, web and

mobile applications for a Singapore Company. (We cannot declare the name of
organization as we have NDA singed with them)
 Complexity: Project involved of Network Security Assessment, Internal and External

Vulnerability Assessment and Penetration Testing, Application Penetration Testing,
Mobile Application Security Assessment.
Commercial Tools: Burp Suite Professional, Acunetix, Nessus/Tenable, Nexpose.
Freeware/ Open-Source Tools: Nmap, Netcat, Snmp Walk, Metasploit, Kali Linux, Paros,
Brutus, Nikto, Firewalk, Dsniff, SQL Map, John the ripper, Wikto, Ethereal, Openvas, W3af,
OWASP Mantra, Wireshark, Aircrack, Cain & Abel, SonarQube, Social Engineering Toolkit et.,
Open-source tools will be used based on the technology stack of the client’s infrastructure.

If yes, kindly provide oversight arrangement (MoU, contract etc.)

No If yes, give details
*Information as provided by Trinay Cyber Technologies Pvt. Ltd. on 28th Sep 2022
Back
M/s TuxCentrix Consultancy Pvt Ltd
TuxCentrix Consultancy Pvt Ltd
TuxZone, Near All India Radio Station, Mythripuram Road,

Thrikkakkara P.O, Kakkanad, Kochi – 682 021, Kerala- India.
Network security audit (Y/N)

YES
Web-application security audit (Y/N)
YES
Wireless security audit (Y/N)
YES
Compliance audits (ISO 27001, IEC 62443, IEC 27019,
YES
PCI, etc.) (Y/N)
Finance Sector Audits (Swift, ATMs, API, Payment
YES
Gateway etc.) (Y/N
ICS/OT Audits (Y/N)
NO
Cloud security Audits (Y/N)
YES
Govt. 0
PSU 0
Private 90+
Total Nos. of Information Security Audits done 90+
Mobile Application Security Audit 4+

Compliance Audits (ISO 27001, IEC 62443, IEC 57+
27019, PCI, etc.):
CISSPs 0
BS7799 / ISO27001 LAs 3

CISAs 1
DISAs / ISAs 0
Any Other Information Security Qualification (CEH, 6

Fortinet NSE-4, Fortinet NSE-3, CCNA, RHCE, FCNSA,
SOC)
TuxCentrix Security Assessment Team List
Experience
Duration
Name of Employee with
No Information Information Security
TuxCentrix
Security
CISA
ISO/IEC 27001:2005 Lead Auditor
1 Anil C 8 Years 21 Years
Certified Vulnerability Assessor
FCNSA (Fortinet Certified Network

Security administrator)
2 Sobin Joseph 8 Years 9 Years
Fortinet NSE-3(Network Security
Associate)
Fortinet NSE – 4 (Network Security

Associate)
3 Renil Raphael 6 Years 6 Years
Certified SOC Analyst- NASSCOM

4 Anju K V 3 Years 3 Years
Fortinet NSE - 3(Network Security
Associate)
CCNA
5 Muhammed Jithin 3 Years 3 Years Fortinet NSE 3(Network Security
Associate)
6 Naveen Kumar 2 Years 2 Years CEH (Certified Ethical Hacker)
CEH (Certified Ethical Hacker)
7 Hema Philip A 2 Years 2 Years Fortinet NSE 3(Network Security
Associate)
8 Arshad U 1.5 Years 1.5 Years CEH (Certified Ethical Hacker)
CUSTOMER SCOPE
Internal Network PT
 250 - Systems
 15- Servers
 32 - Switches
 5 - Wireless Devices
Global Enterprise Level IT Company
External Network PT
 6 Public IP’s
External Web application PT
 4 Web Applications
TuxCentrix Security Assessment Tools List

TOOLS FROM MOBILE APP MULTI-PARADIGM REVERSE
PENETRATION TOOLS FRAMEWORKS ENGINEERING
TESTING TOOLS
DISTRIBUTIONS
Kali Linux Fridump Metasploit Frida
Gobuster APKtool Exploitation Frameworks Network Utilities
Wfuzz ADB OWASP ZAP Nmap
Ffuz Drozer BurpSuite Professional Zenmap
Ffuf JADX
Dirb MOBSF
WEB APP SCANNERS EXPLOITATION INFRA & OS TRANSPORT LAYER
FRAMEWORKS VULNERABILITY SECURITY TOOLS
CTD SCANNERS
Nikto JSQL Nessus SSLScan

Accunetix SQLmap
Netsparker
Uniscan

If yes, kindly provide oversight arrangement (MoU, contract etc.))
NO
NO

NO
NO
*Information as provided by TuxCentrix Consultancy Private Limited on 16th May, 2022
Back
M/s US Technology International Private Limited
US Technology International Private Limited
2. Carrying out Information Security Audits since : June 2006

 Wireless security audit (N)
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (N)
 ICS/OT Audits (N)
Govt. : Nil
PSU : Nil
Private : 65+

Mobile security audit: 20+
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): Nil
ICS/OT Audits: Nil
CISSPs : 3
BS7799 / ISO27001 LAs : 15
CISAs : Nil
DISAs / ISAs : Nil
OSCP: 4
LPT: 1
CHFI: 2
CRTE: 1
CRTP: 6
CEH: 20
CIPM: 1
CIPP/E: 1
CRT: 1
CPSA: 1
EJPT: 11
ECSA: 5
FIP: 1
CCSK: 1
ISO 31000: 4
ISO 9001: 2
ISO 27701: 13
CCNA: 2
CASE: 2
RHCE: 2
ISO 22301: 7
DSCI Certified privacy Lead Assessor: 1

No. <organization> Information Security Information security
Abhijith
1 1 year 1 Year 4 Months CEH Practical
Namboothiry
M. Tech in Cyber
2 Achu Marium John 9 Months 3 Years Forensics &
M.Tech in Information
Security
PGCCL (Post Graduate
Certificate in Cyber
Law)
FIP (Fellow of
Information Privacy)
CISSP (Certified
Information Systems
Security Professional)
CIPM (Certified
information Privacy
Manager)
CIPP/E (Certified
Information Privacy
Professional/Europe)
OSCP (Offensive
Security Certified
Professional)
LPT (Licensed
Penetration Tester)
3 Adarsh Nair 6 Years 10 Years CPSA (CREST
Practitioner Security
Analyst)
CRT (CREST Registered
Penetration Tester)
ISO 27001 Lead
Auditor
ISO 22301 Lead
Auditor
ISO 31000 Lead
Implementor
ISO 27701 Lead
Implementor
ECSA (EC-Council
Certified Security
Analyst)
CHFI (Computer
Hacking Forensic
Investigator)
CEH (Certified Ethical
Hacker)
4 Aleena Avarachan 2 Year 5 Months 2 Years CEH Practical

5 Anand Sreekumar 1 Year 5 Months 3 Year 10 Months eJPT
6 Annsona Dores 2.5 Years 2 Years CEH Practical
ISO 27001 LA, ISO
7 Anu Alexander 16 Years 12 Years 22301 LA, CISM, ISO
27701 LI, ISO 31000 LI
8 Arun Hariharan 11 Months 11 Months CEHv11, eJPT
ISO 27001 LA
Arun kumar
9 7 Months 7 Years ISO 9001 LA
Swaminathan
ISO 27701 LI
10 Aswathy Mohan 1 Year 1 Year BSc Cyber Forensics,
MSc Cyber Forensics
CRTP, CCRTA, CEH
Practical, DIAT
11 Athul Nair 3 Years 3 Years
Certified Information
Assurance Professional
12 Davis Sojan 1 Year 2 months 3 Years CEH, eJPT, OSCP, CRTP
3 Year 10 ECSA, CRTP, ISO
13 Faizal Ashruf 6 Year
Months 27001 LA
14 Gopika Geetha 9 Months 9 Months eJPT
ISO 27001 LA, ISO
15 Greeshma R K 7.5 Years 2 Years 27701 LI, ISO 22301
LA
ISO 27001 LA, ISO
16 Years 7
16 Janaky Girija 1 Year 10 Months 27701 LI, ISO 22301
Months
LA
ISO 27001 LA
ISO 22301 LA
ISO 31000 LI
Jayrina Ann BSI Advanced Cloud
17
Varughese Security Auditing
BS 10012: 2017 +
GDPR
11 Years 8 years CDPSE
OSCP, ECSA, CEH,
18 Jerrin Vinayan 5 Years 6 Years
RHCE
19 Jineesh Kuriyedath 5 Years 7 Years OSCP, CRTP, CEH
20 Jisna Jacob 2 Years 2 Years CEH Practical
CEH, M. Tech in Cyber
21 Jithin Aji Chandran 1 Year 4 Months 1 Year 7 Months Forensics &
ISO 27001 LA, ISO
22 Karthikeyan S P 2 Months 3 Years 27701 LI, ISO 22301
LA,
ISO 27001 Lead
Auditor ISMS, ISO
27701 LI, ISO 22301
Lead Auditor BCMS,
ISO 9001
(QMS)Certified Internal
Manoj
23 21 Year 11 Years auditor, ISO 20000
Gopalakrishnan
(ITSM), ISO 14001
(EMS) Certified
Internal Auditor,
PCIDSS Lead
Implementor, GDPR
Certified DPO
M. Tech in Cyber
Forensics &
24 Niyas Mohamed 1 year 4 Year 8 Months
Information Security,
CEH, MCSA
ISO 27001 LA, ISO
25 Puja Jayaraj
2 Year 2 Months 6 Years 22301 LA
Sameeh
26 1 Year 1 Year CEH
Varikunnath
27 Sandra Justin 2 Year 8 Months 2 Years CEH Practical
CISSP
Santhiya ISO 27001 LA
28 9 Months 6 Years 9 Months
Jaganathan ISO 27701 LI
ISO 22301 LA
CCSK (Certified Cloud
Security Knowledge)
DSCI Certified privacy
Lead Assessor
ISO 27001 Lead
Satish
29 16 Years 17 Years Auditor - Information
Balasubramanian
Security Certification
Certified Business
Continuity Professional
(CBCP) ISO22301:
Lead Auditor
(CEH)
Certified Incident
Handler (ECIH)
Certified Security Risk
Manager (CSRM
OCTAVE Risk
Assessment)
Computer Hacking
Forensic Investigator
(CHFI)
EC-Council Certified
Security Analyst
(ECSA)
Payment Card Industry
– Data Security PCI-
DSS
2 Years 10
30 Shibin Shaji 3 Years eJPT, CASE Java
Months
ISO 27001 LA, ISO
Simi Joseph
31 18 Years 08 Months 27701 LI, ISO 22301
Kalathoor
LA
32 Sindhoori Murali 4 Year 5 Months 3 Years 4 Months CEH, NASSCOM
ISO 27001 LA, ISO
27701 LI, ISO 22301
33 Smitha Indira 9 Years 5 Years
LA, CEH, MCP, ISTQB,
ISO 31000 LI
34 Sreehari Haridas 3 Year 6 Months 7 Years CRTP, CRTE
Azure Security
35 Varun MP 3 Months 4 Years Engineer, ISO 27001
LA, ISO 27701 LI
CISSP, ISO 27001 LA,
Velisetti Bhuvan
36 4 Months 4 Years and 5 Months ISO 22301 LA, ISO
Teja
27701 LI
CRTP, CASE .NET,
37 Vishnu Prasad 3 Years 4 Year 5 Months
eJPT, CEH Practical
Security audits for Web Applications and APIs of one of the major telecom companies
in the world. Additionally, security assessments include penetration testing,
application security testing and quarterly PCI scans.
Tools Description Type

BurpSuite Web commercial
SQLMap Web freeware

Nuclei Web freeware
Dirsearch Web freeware
testssl Web freeware
RMS Mobile freeware
apktool Mobile freeware
MobSF Mobile freeware
Frida Mobile freeware
JDGUI Mobile freeware
Dex2JAr Mobile freeware
Objection Mobile freeware
Nessus Network commercial

Nmap Network freeware
Wireshark Network freeware
SonarQube SAST commercial
Custom Web/Mobile proprietary

scripts

11. Whether organization has any Foreign Tie-Ups? If yes, give details:
Yes, UST Global leverages Cyberproof AI and ML based SOAR (Security Orchestration
and Automation Response) Platform to provide Advanced MSS services. Cyberproof
Inc is a 100% owned by UST Global Inc

Yes, US Technology International Private Limited is a 100% subsidiary of UST Global
(Singapore) Pte. Limited. Address: 300 Beach Road, 11-05/06 The Concourse,
Singapore – 199555
Location/Registered offices Address
Orange Country, CA, USA UST Global Inc., 5 Polaris Way, Aliso Viejo, CA
92656
Sydney, Australia Level 24, Three International Towers, 300

Barangaroo Avenue, Sydney, NSW 2000
Cyberjaya, Malaysia 4808-3A-21, CBD Perdana 2, Jalan Perdana,

CBD Perdana Cyber 12, 63000 Cyberjaya
Penang, Malaysia Level 2, Mini Circuits Building 3, Technoplex Plot

10, Phase IV, 1Bayan Lepas Industrial Zone,
11900 Penang
Manila, Philippines 6th Floor, Building B 8 Park Avenue, One

Campus Place McKinley Cyber Park, The Fort,
Taguig City 1600
Taipei, Taiwan Suite 2, 2nd Floor, No. 20, Beiping East Road,
Taipei City 10049
Shanghai, China Room 701-C, No.1188 North Kaixuan Road,

Putuo district, Shanghai, 200062
Vancouver, Canada 555 Burrard St. Vancouver, BC V7X 1M8
Santiago, Chile Av Vitacura 2939, Piso 10, Oficina 1021, Torre

Milenium - (Las Condes – Santiago de Chile)
Bogota, Colombia Carrera 12 No. 96 - 81 Of. 403 - (110221) –

Bogota
San Jose, Costa Rica Escazú Corporate Center, 6th Floor (REGUS
offices) San José, C.P. 10202
Guadalajara, Mexico Loft 5, Edificio Central Interior #2, Unidad

Privativa 117, Boulevard Puerta de Hierro 4965,
Col. Puerta de Hierro, Zapopan, Jalisco, C.P.
45116
Leon, Mexico Plaza de La Paz, No. 102, Suite 1201 & 1101,
COL.GTO Puerto Interior, Silao, Leon-36275
Atlanta, Georgia, USA 1355 Windward Concourse, Suite 400,

Alpharetta GA 30005
Bentonville AR, USA 1500 East Central Av, Suite 200, Bentonville AR
72712
Chicago IL, USA 141 West Jackson Blvd, SUITE 1755, Chicago IL
60604
Columbus, OH, USA 5475 Rings Road, Suite 100, Dublin OH 43017
Norfolk, VA, USA 5700 Lake Wright Dr Suite 400, Norfolk VA

23502
Seattle WA, USA 2018 156th Avenue N.E, Building F, Suite 100,
Bellevue WA 98007
Sidney NE, USA 812 13th Avenue, Sidney NE 69162
Sofia, Bulgaria Puzl CowOrKing, 47 Cherni vrah blvd, Floor 5,

140y7 Sofia
Leeds, England 3rd Floor, Jubilee House, 33 Park Place, Leeds,

LS12RY
London, England 7 Seymour Street, Marylebone, London, W1H

7JW
Paris, France 255 Boulevard Pereire, Paris, 75017
Berlin, Germany Eichhornstraße 3, 10785 Berlin
Tel Aviv, Israel CyberProof Israel Ltd, 132 Menachem Begin,

Azrieli Triangular Tower, 41st floor, Tel Aviv
Gdansk, Poland ul Azymutalna 980-298, Gdansk Poland
Lisbon, Portugal USTG TECHNOLOGY (PORTUGAL), SOCIEDADE

UNIPESSOAL LDA, Avª D. João II, nº20, 1º
andar, Parque das Nações, 1990- 095, Lisbon
Bucharest, Romania GlobalWorth Campus A,Bulevardul Dimitrie

Pompeiu 4-6,Bucuresti 020335
Barcelona, Spain Plaça d’Ernest Lluch i Martín, 08019 Barcelona
Bilbao, Spain Gran Vía 19, Bilbao 48001
Madrid, Spain Santa Leonor 65, Edificio G, 20043 Madrid
Salamanca, Spain Teso de San Nicolás 17 37008. Salamanca
Valencia, Spain Avenida cortes valencianas 58 5A 46035.

Valencia
Zaragoza, Spain Calle de Alfonso I, 17 Planta 1 50003. Zaragoza
*Information as provided by UST on 28-Sep-2022
Back
M/s VISTA InfoSec
VISTA InfoSec, 001, Neoshine House, New Link Road, Andheri

West, Mumbai, India - 400053
 Network security audit (Y/N) – Yes

 Web-application security audit (Y/N) – Yes
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) – Yes
 ICS/OT Audits (Y/N) – Yes
 Cloud security Audits (Y/N) – Yes
 Compliance audits (ISO 27001, PCI, etc.) – Yes
 Regulatory Compliances (RBI, HIPPA, FISMA etc.) - Yes
 PCI-DSS & PCI SSF Advisory & Audit – Yes
 Privacy Assessment (GDPR / HIPAA / PDPA) – Yes
 SOC1 / SOC2 / SOC3 – Yes
 Cloud Risk Management – Yes
 DLP Compliance Management – Yes
 GRC Consulting - Yes
 Infrastructure Security Audit – Yes
 Internal/External Penetration Testing – Yes
 Wireless Penetration Testing – Yes
 Physical Security Assessment – Yes
 Client-Side Penetration Testing – Yes
 Social Engineering – Yes
 Mobile Device Penetration Testing – Yes
 Mobile Infrastructure Risk Assessment – Yes
 SocialMedia ScanTM / Social Media Assessment – Yes
 White-Box/Black-Box Mobile Application Security – Yes
 Grey-Box/Black-Box/White-Box Web Application Security Audit – Yes
 Virtualization Risk Assessment – Yes
 IT Audit & Advisory Services – Yes
 Secure Configuration Reviews – Yes
 Firewall Rule Base Review Audits – Yes
Govt. : 0
PSU : 2
Private : 70+
 Network security audit:10+

 Web-application security audit: 100+
 Wireless security audit:10+
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.): 20+
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.): 2+
 ICS/OT Audits: 2+
 Cloud security Audits: 5+
 Network Security Audit: 3+
 Infrastructure Security Audit: 3+
 Black-Box Web Application Security Audit: 15+
 Grey-Box Web Application Security Audit: 3+
 Wireless Security audit: 8+
 Compliance audits (ISO 27001, PCI, RBI etc.): 15+
 Cloud Risk Assessment: 2+
 BCP/DR Audit: 2+
 Black-Box Mobile Application Security Assessment: 4+
 Web Services Assessment: 2+
 Virtualization Risk Assessment: 4+
 External Penetration Testing: 10+
 Client-Side Penetration Testing: 2+
 Black-Box Mobile Application Security Audit: 2+
 Incident Response Testing: 2+
 Physical Security Assessment: 2+
 Host Hardening: 100+
 Secure Configuration Reviews: 100+
 Firewall Rule Base Review Audits: 10+
CISSPs : 3
BS7799 / ISO27001 LAs : 3
CISAs: 4
DISAs / ISAs : 0
CEH: 4+
OSCP/OSWP: 1
Security+: 2+
CRISC: 1
PCI QSA - 2
Sr. Name of Duration Experience Qualifications related to

Employee with VISTA in Information security
InfoSec Information
Security
1 Narendra Sahoo 17 years 27 years PCI QSA, PCI QPA, PCI SSA, PCI
SSLA, CISSP, CISA, CRISC, CEH,
ISO27001/ISO20000/BS25999
Assessor
2 Sudarshan 2 years 30 years CISA, CISSP, CISM, ITIL, CH, PCI
Mandyam QSA, ISO27001 Lead Auditor
3 Pravin Kunder 16 years 22 years CISA, CISSP, CRISC, CEH
4 Yogesh Satvilkar 16 Years 20 Years CISSP, CISA, CEH
5 Saru Chandrakar 12 Years 14 Years CISA, ISO27001 Lead Auditor
6 Prashant Arbat 2 years 15 years CISM, CISA, CCIO, ITIL V3,
Prince2, VCP, CCNP, CCNA, MCSA,
RHCE
7 Suresh Menon 1 year 10 years ISO27001 Lead Auditor, Six Sigma
Black Belt
8 Rehman Beg 2 years 2 years CEH, OSCP
9 Vrushabh Bhuwad 2 years 4 years BE Comp.
Leading Payment Brand in PCI DSS Audits and Certification, VA/PT, Confidential will
India Web Application Security Audit, Banking provide on request
Application Audit, Host Hardening,
Security Configuration Assessment.
Firewall Rule Base Reviews etc.
(3 Years with Quarterly reviews.) (DC &
DR) and Network Audits
Leading Telecom Provider PCI DSS, SOC2, VA/PT, Web Application Confidential will
Security Audit, Security Configuration provide on request
Assessment. Firewall Rule Base Reviews
etc.
DR)
Premier online Cloud SOC2, PCI DSS, HIPAA, GDPR and Confidential will
SAAS Provider ISO27001. VA/PT, Web Application provide on request
Security Audit, Banking Application
Audit, Host Hardening, Security
Configuration Assessment. Firewall Rule
Base Reviews etc.
DR)
Stock Exchange VA/PT, Security Configuration Confidential will
Assessment, Web Application provide on request
Assessment, IT Policies & Procedures
Review Audit as per SEBI Guidelines etc.
Vulnerability Scanners Nessus Professional Feed, NeXpose Professional, GFI

Languard, MBSA, Retina Professional, QualysGuard etc.
Exploitation Tools Metasploit Pro, w3af, Core Impact, sqlmap, Canvas, BeEF,
WebGOAT etc.
Web Application Scanners Brup Suite Pro, Nikto, w3af, Paros Proxy, WebScarab,
sqlmap, skipfish, Acunetix WVS, AppScan Pro, Wikto,
Firebug, ratproxy, DirBuster, Wfuzz, Wapiti etc.
Wireless Security Tools Aircrack, Kismet, NetStumbler, inSSIDer, KisMAC, AirSnort,
AirTRaf, AiroDump, AirCrack-ng Suite, Wireshark, etc.
Mobile AppSec Tools Android/BB/iOS/Windows Simulators, Wireshark, SDK Tools,
SSLStrip, SQLMap, DroidBox, iSniff, dsniff, SQLite Spy, Ruby
Scripts, Metasploit, APK Tool, Dex2jar, FlawFinder, Java
Decompiler, Strace, Ubertooth, Aircrack-ng, Intent Sniffer,
Debuggers, ASEF, Intent Fuzzer, Manifest Explorer, Eclipse,
APIMonitor, Package Play, pySImReader, FoxyProxy,
TamperData, Peach, Sulley, MobiSec In-house scripts etc.
Social Engineering S.E.T, In-house Developed Application “SE Audit”.
Social Media Assessment In-House Developed Application “SocialMedia ScanTM”,
Virtualization Risk In-house developed tool “VirtScanner”, Nessus Pro, NeXpose
Assessment Pro, VRisk FrameworkTM etc.
Password Crackers Brutus, Wfuzz, RainbowCrack, L0pthCrack, fgdump,
ophcrack, THC Hydra, John the Ripper, Cain & Abel, Large
Dictionary Files, 5TB of Rainbow Tables etc.
Debuggers IDA Pro, OllyDbg, Immunity Debugger, GDB, WinDbg etc.
Packet Sniffers Wireshark, Cain & Abel, Ethercap, NetStumbler, P0f,
Malware Analysis & Wireshark, PaiMei, OllyDbg, IDA Pro, COFEE, ackack, PDF
Forensics Stream Dumper, Netwitness Investigator, Cygwin, pefile,
iDefense, SysInternals, HashCalc etc.
Security Configuration In-house developed Scripts and Tools “SCA Toolkit”
Analysis


VISTA InfoSec LLC,347 Fifth Ave,Suite 1402-526, New York, NY 10016

VISTA InfoSec Pte.Ltd 20 COLLYER QUAY #09-01 20 COLLYER QUAY SINGAPORE (049319)
*Information as provided by VISTA InfoSec on May 12, 2022
Back
M/s Wipro Limited
Wipro Limited, Doddakannelli, Sarjapur Road,

Bengaluru, India, PIN 560035.
 Network security audit (Y/N) -Yes

 Wireless security audit (Y/N) Yes
Govt. :10+
PSU : 4+
Private : 2000+

Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, SOC1, SOC2, GDPR etc.):
200+
ICS/OT Audits: 2+
CISSPs : 40+
BS7799 / ISO27001 LAs : 135+
CISAs : 30+
DISAs / ISAs : 0

Employee with Wipro Information Security related to
Information
security
1. Runa Dwivedi 7 Years 3 Web and Mobile ISO 27001 LA
Months Application Security
Testing, VAPT, Threat
modelling, ISO 27001
2. Sunil 4 Years Information security CIPT, CPISI, ISO
Shamarao audits, Risk & 27001 LA, ISO 22301
compliance LA, ISO 31000 LI, BS
management, data 10012
privacy, business
Information
security
continuity, IT disaster
recovery, risk
governance, SSAE 18
SOC1, SOC 2, NIST-
CSF, Program
management
3. Ramesh Bhat 3 Years 9 Security Audits, Risk CISM, CISA, CISSP,
Months and Compliance ISO 27001 LA
Management. ISO
27001, NIST, Security
governance and
Program management
4. Saket Labh 3 Years 3 ISO 27001(ISMS), ISO ISO 27001 LA, ISO
Months 22301(BCP), 22301 LA, ISO 9001
Information Security LA, ITIL, GDPR, ISO
Cyber Security, Data 3100, NIST CSF,
Privacy, Cloud Security COBIT, CISM, CEH.
and Risk Management
5. Prafulla Gore 1 Year 7 VAPT, Web Penetration
NA
Months testing
6. Suresh 1 Year 5 Security Audits, Risk & PMP, CISA, CCSK,
Balepur Months Compliance CIPT, CIPP/E, FIP,
Management, Privacy & HCISPP, CHP, DCPLA
Data Protection Program
Management, Privacy &
Data Protection Risk
Management, HIPAA &
HITECH Compliance,
Cloud Security
Compliance, Regulatory
Compliance
7. Divya Dwivedi 1 year 5 Web, OCP(Oracle Certified
months Mobile(IOS/Android), Professional)
DevSecOps, Network,
web Services,
Automation(Python),
Thick client
8. Akhil 1 Year 3 Web and Mobile CEH, OSCP
Chandran Months Application Security
Testing, VAPT
9. Prashant 11 Months Application Security CEH, ECSA
Ranjan (Web, Mobile, API),
Vulnerability
Assessment and
Source Code Review
10. Surya Krishna 11 Months Web Application NA
penetration testing,
Mobile Application
penetration testing
:Android & iOS, API
Source Code Review,
Network/Infrastructure
Wireless Security Wi-Fi
Pen Testing, Mainframe
penetration testing, iOT,
SDR penetration testing
11. Anand Jagdale 10 Months Web and Mobile CEH
Testing
12. Ganaraj 8 months ISO 27001 (ISMS), CISA, ISO 27001 LA
Pawaskar Information Security
Auditing, Security
Governance Risk &
Information
security
compliance
13. Vinod Beniwal 6 months ISO 27001(ISMS), BCP, CEH
Cyber Security, Data
Privacy, VAPT, Access
Management, Incident
Management, Log
Management
14. Abhishek 9 Months Web/Mobile App CEH, eJPT, eWPT
Singh Security Testing
API Security Testing
Infra VAPT
15. Rahul Yadav 8 Months Web/Mobile App OSCP, CEH, AZ-900
Security Testing Certifications
Infra VAPT
16. Rama Gopala 1 year 9 Web/Mobile App CEH, RHCSA, RHCE
Krishna Months Security Testing
Badithaboina API Security Testing
Infra VAPT
17. Chirag Gupta 8 Months Web/Mobile App CEH v9
Security Testing
18. Suvendu 10 Months Web/Mobile App NA
Narayan Security Testing
Mishra API Security Testing
Infra VAPT
19. Meet Tilva 9 Months Web App Security NA
Testing
Infra VAPT
20. Nand Kishore 2 years 1 Vulnerability NA
Mantrigari month Management,
Security Audit
21. Bhawana 2 Months Governance Risk and ISO 27001 LA, PCI-
Virmani Compliance, ISO 27001 DSS
audits, Risk assessment,
Security Gap
Assessment
22. Hirdayesh 2 Months Governance Risk and ISO 27001 LA,
Kumar Bais Compliance, ISO Certified Network
implementation and Security Specialist
audit, Creating and (CNSS)
updating ISMS policies,
ITGC
23. Abdul Shibli 1 Month Governance Risk and ISO 27001 LA, CISA,
Compliance, ISO 27001, ISO 31000, ITIL
CISA, ISO 22301, SOC,
Data privacy Data
Security.
24. Komal Yadav 1 Month Governance Risk and ISO 27001 LA
Compliance, ISO 27001,
Risk Assessment,
Incident Management,
Change Management
Large Banking customer scanning of 150000 IPs on a monthly basis, 5000 web
applications testing on a monthly basis. Applications and IP’s are spread across. All
spread across different environments and regions. Some of them internal and some
external. Some reachable only physically and some remotely accessible. Project
ongoing since more than 5+ years with a value of more than 4.4 million.
Penetration Testing tools indicative list – WebInspect, Appscan, Acunetix, Burp Suite
Professional, Kali Linux, Unicorn,SAINT consultant, Jadx-Gui, MobSF, Androbugs,
OWASP ZAP, Metasploit framework, John the Ripper, sqlmap, Netcat, Python, Frida,
RMS, Dexcalibur etc.
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No - No


For detail please visit: https://www.wipro.com/location/
*Information as provided by Wipro Limited on 28-Sep-2022
Back
M/s Imperium Solutions
Imperium Solutions
401, 4th Floor, Maruti Bhavan, Above Blackberry, Ram Maruti Road,
Thane W 400601

Govt. :4
PSU : 3
Private : 48

ICS/OT Audits : 4
CISSPs : 0
BS7799 / ISO27001 Las : 3
CISAs : 2
DISAs / ISAs : 0
Any other information security qualification – CEH : 2

No. Employee <organization> Information Security Information security
1 Tasneam P 13+ 15+ 1. CISA
2. ISO22301 Lead Auditor
3. CDPSE – Certified Privacy
Specialist
2 Prakash D’Silva 10+ 10+ 1. ISO27001 Lead Auditor
3 Swedha 7+ 25+ 1. CISA// ISO27K LA
Fernandes
4 Chandni Joshi 3+ 3+ 1. ISO 27001 Lead Auditor
5 Mahafuz Mapari 1+ 1+ 1. CEH
VAPT of >50 servers, >25 network devices, 12 applications, 12 application source

code review, network devices secure configuration review.
1. Nessus
2. NMAP
3. Burpsuite
4. Wireshark
5. Sonarcube
6. Other tools as applicable on a need basis
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No - NA

12. Whether organization is a subsidiary of any foreign based organization? : NA

13. Locations of Overseas Headquarters/Offices, if any: NA
*Information as provided by Imperium Solutions on 20th June 2022
Back
M/s Acquisory Consulting LLP
Acquisory Consulting LLP

Govt. : 0 (as were not eligible because of CERT-in empanelment)

PSU : 1
Private : 32

ICS/OT Audits : 1
CISSPs : <number of>

BS7799 / ISO27001 LAs : 30
CISAs : 1
Any other information security qualification: CFE, ISO 27001LI, ISO 22301LA-5

security
1. Gopal Bisht 3 years 15 years CEHv7, CCNA,
Diploma in IT Security
and Ethical Hacking
Diploma in Hardware
& Network Engineering
2. Manpreet Singh 3 years 8 years ISO 27001, Data64
Certified Digital
Forensic Investigator,
Data64 Certified
Digital Evidence
Analyst
3. Ashish Shandilya 4 years 14 years ISO 27001 LA, LI; ISO
22301 LA; CFE; ISO
9001
4. Mihir Kadam 9.5 months 2 years Computer Hacking
Forensic Investigator
(CHFI), CEH
5. Fateh Yadav 1 years 11 years NA
6. Sujeet Singh 6 Years 13.2 years MCSA
7. Sushant Salvi 8 Months 11 Years CFE; Access data

Certified Examiner,
Access data Certified
Investigator
etc.) along with project value- Sterlite Technology Limited, Project Value – 40 Lacks;
Location- Kakinada
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary): Netsparker,

Accunetix, BurpSuite Professional, Nessus, Coreimpact, Vulnerability scanner by
techbridge

11. Whether organization has any Foreign Tie-Ups? If yes, give deta: Yes, Credence Security, Dubai-
NDA with Credence Security having its office at 504, Swiss Tower, Cluster Y, Jumeirah Lakes
Tower PO Box 488130, Dubai, United Arab Emirates.

*Information as provided by < Acquisory Consulting LLP> on <12-05-2022>
Back
M/s ANA Cyber Forensic Pvt. Ltd
ANA Cyber Forensic Pvt. Ltd.

Office No. 3.1, & 3.2, Dr. Herekar Park, Rajyog,
2nd Floor, C wing, Near Kamla Nehru Park,
Pune, Maharashtra 411004

 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : Y
 ICS/OT Audits : N
 Cloud security Audits : N
 Cyber Forensic Investigation : Y
 API Security Audit : Y
 SOC 2 Type 1 and Type 2 : Y
 GDPR Compliance Audit : Y
 RBI & SEBI Compliance Audit : Y
 IS Policy Review : Y
 Configuration Review Audit : Y
 Red Team Assessment : Y
 TISAX Compliance Audit : Y
 End Point Security Audit : Y
 Phishing Simulation : Y
 Security Awareness Trainings : Y
 IT Risk Assessment : Y
 ISO 27001 Implementation : Y
 Incident Response : Y
 Network Penetration Testing : Y
 Data Leakage GAP Assessment : Y
Govt.: 00
PSU: 00
Private: 14

ICS/OT Audits : 00
Digital Forensic Investigation : 07
6. Technical manpower deployed for information security audits: 07
CISSPs: 00
BS7799 / ISO27001 LAs: 04
CISAs: 01
DISAs / ISAs: 00
Any other information security qualification: CEH - 06, CHFI - 01, ECSA - 02
Sr. Name of Duration with Experience in Qualifications related

No. Employee ANA Cyber Information to Information security
Forensic Pvt. Ltd. Security
1 Mr. Chirayu 8 Years 5 9 Years 5 months CEH, ECSA, CHFI, ISO
Mahajan months 27001 LA, PCI DSS LI,
CND
2 Mr. Nilesh Wagh 9 Years 7 7 Years ISO 27001 LA, CEH,
months CNSS
3 Mr. Omkar Joshi 4 Years 2 Months 8 Years ISO 27001 LA, CISA,
ICSI|CNSS
4 Mr. Sujeet Patole 4 Years 3 3 Years CEH, CND, ISO 27001
months LA, CCNA, ICSI|CNSS
5 Mr. Shrinath 3 Year 1 Year 6 months
CEH
Kumbhar
6 Mr. Kaustubh 1 Year 6 months 2 Year 6 months
CEH, CISC
Dangre
7 Mr. Saiprasad 9 Months 6 Months ECSA, RHCSA,
Kulkarni ICSI|CNSS
Scope of Work:
1) Black Box and Grey Box Vulnerability Assessment and Penetration Testing of Web
Applications, Firewalls and WAN IP’s
2) Vulnerability Assessment & Penetration Testing of network infrastructure
Web Applications & Servers Penetration Testing

Sr.
Infrastructure Details Quantity
No
1 SAP 1
2 Ms Office 365 230 Licenses

3 MS SQL Server 1
4 Attendance Management Application 1
5 Transport Management Application 1
6 HRMS Web Application 1
7 SAP Production Server 1
8 SAP Quality Server 1
9 SAP Development Server 1
10 Attendance System Device 1
11 Logistics Management Software 1
12 Barracuda Backup 1
13 File Server 1
14 AD Server 1
15 Antivirus Server 1
Network Infrastructure Audit
1 TATA Routers 2
2 AIRTEL Routers 1
3 Cisco Catalyst 2960C-8PC-L Switch 11
4 Cisco Catalyst 2960X-24PS-L Switch 5
5 Cisco Catalyst 3750X-24P-S Switch 1
6 Cisco Catalyst 3750X-24P-S Switch 1
7 Cisco Catalyst 2960X-48FPS-L Switch 2
8 Palo Alto 2
9 Check Point 1
10 WatchGuard 5
Wireless Devices & Access Points Security Assessment
1 Cisco Wireless Controller 1
2 Cisco Aironet 2600i Access Point (AIR-CAP2602I-N-K9) 3
3 Cisco Aironet 2600i Access Point (AIR-CAP2602I-R-K9) 8
Desktops and Laptops CIS Benchmark Audit
1 Desktops 225
2 Laptops 45
3) Drafting and Assisting during Implementation of Information security policy and

procedures.
4) Implementation of Information Security Management Systems
5) Internal Audit of Information Security Management System
Sr. Commercial/
Information Security Audit Tools Used
No. Freeware/Proprietary
2 OpenVAS Freeware
3 Kali Linux Freeware
4 Nmap Freeware
6 Metasploit Freeware
7 SQLMap Freeware
8 BurpSuite Professional Commercial
9 ZAP Proxy Freeware
10 MobSF Freeware
11 APKTool Freeware
12 WPScan Freeware
13 Vega Freeware
14 DirB Freeware
15 JD-GUI Freeware
16 DEX2JAR Freeware
17 Postman Freeware
18 Nikto Freeware
19 CSET Freeware
20 Hydra Freeware
21 BeEF Freeware
22 IronWASP Freeware
23 Wikto Freeware
24 Joomscan Freeware
25 Social-Engineering Toolkit (SET) Freeware
26 Aircrack-ng Freeware
27 Kismet Freeware
28 Netstumbler Freeware
29 John the Ripper (JTR) Freeware
30 SSLScan Freeware
31 TestSSL Freeware
32 Zenmap Freeware


*Information as provided by ANA Cyber Forensic Pvt. Ltd. on 16th May 2022.
Back
M/s cyberSecurist Technologies Pvt. Ltd.
cyberSecurist Technologies Pvt. Ltd.
Regd. Office Head Office

#20 Cinderella Bungalows, #59 Shivaji Housing Society, 1st Floor,
S.No. 39/3, Nr Peony Apartment, Off S.B Road, Shivajinagar, Pune, MH-
Baner, Pune, Maharashtra India 411045 411016
2. Carrying out Information Security Audits since : May - 2015
 Network security audit (Y/N) Yes

 Web-application security audit (Y/N) Yes
 Wireless security audit (Y/N) Yes
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) (Y/N) YES
ISO 27001
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) (Y/N) Yes
 ICS/OT Audits (Y/N) No
 Cloud security Audits (Y/N) Yes
Govt. : 0 (Zero)
PSU : 0 (Zero)
Private : 30

ICS/OT Audits : 0
CISSPs : 0
BS7799 / ISO27001 LAs : 2
CISAs : 0
DISAs / ISAs : 0
Offensive Security Certified Professional – 1
Certified Ethical Hacker (CEH) - 7
Total Nos. of Technical Personnel: 018 (Eighteen Number) as on 01.04.2022

No. cyberSecurist Information Information security
Technologies Security
1. Mahesh Saptarshi 7 years 17 years M.S. Computer Science,
Iso 27001 Lead
Assessor + CEH
2. Priyanka Tamhankar 6.5 Years 6.5 years B.E. Computer Engg.,
CEH
3. Geetanjali Ladkat 6.5 Years 6.5 years B.E. Computer Engg.,
CEH
4. Praveen Sutar 4 Years 7.5 years B.E. Computer Engg.,
OSCP + CEH
6. Sachin Kamble 3.5 Years 3.5 Years ISO27001 Lead
Assessor
7. Sonali Dhamdhere 3 Years 3 Years B.E. Computer Engg.,
CEH
9. Narendra Kumawat 2 Years 2 Years MSC in computer Sci.
10. Rushabh Desarda 2 Years 2 Years B.E. Computer Engg.
12. Shreya Gondchawar 2 Years 2 Years B.E. Information
Technology
13. Siddhant 2 Years 2 years B.E. Computer Engg.
Rankhambe
14. Prashant Namjoshi 1.5 Years 1.5 Years MSC in computer Sci.
15. Akshata Padwal 1.5 Years 1.5 Years MSC in computer Sci.,
CEH
Largest single project involving (a) Mobile app, web application (blackbox and greybox), and
cloud deployment security audit / VA-PT / application pen-test, (b) Customer driven compliance
requirement and regulatory compliance (SOC-2) readiness, and (c) information security due
diligence for investment facilitation

Wireshark Putty Nessus Pro Python Scripts
Hash-Identifier Sqlmap NetSparker Javascript based
Browser helper object
Dsniff Hping Metasploit Pro Burpsuite Extensions
WebScarab Whois Burpsuite NodeJS based own
product for scanning
and report aggregation
TestSSLServer SLTest Acunetix
Nmap/ Zenmap Fiddler IDAPro
Hamster Genymotion NetSparker
NSLookup HTTPMaster
IP scanner Shell / Python
Scripts
Netcat beSTORM
Nikto Browser Plugins
MobSF Qualys SSL
Hydra SysInternals Suite
OpenZap DirBuster


*Information as provided by cyberSecurist Technologies Pvt. Ltd. on 01.11.2022
Back
M/s Cybertryzub InfoSec Private Limited
Cybertryzub InfoSec Private Limited
Corporate Office
F-300, Sector 63,
Noida-201301
Uttar Pradesh, India
Contact Person: Mr. Kush Kaushik, Director
Mobile: 9810618108, 9990887992
Website: www.cybertryzub.com
Email: kush.kaushik@cybertryzub.com, info@cybertryzub.com
Registered Office
Plot No 76d Udyog Vihar 4 Sector 18,
Gurgaon – 122001
Haryana, India
Website: www.cybertryzub.com
Email: info@cybertryzub.com

 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : Yes
 Application VAPT - (Vulnerability Assessment & Penetration Testing) : Yes
 Network VAPT - (Vulnerability Assessment & Penetration Testing) : Yes
 Mobile Application VAPT - : Yes
 IOT Security Testing : Yes
 Social Engineering Assessment : Yes
 Secure Code Review : Yes
 Local Host Security Assessments : Yes
 Device Security Audit & Assessment : Yes
 Telecom Security Audit & Assessment : Yes
 Risk Assessments : Yes
 ERP Security Audit & Assessment : Yes
 Infrastructure Security Audit : Yes
 Big Data Security Audit & Assessment : Yes
 Cyber forensic Analysis : Yes
 Data Center Security Audit & Assessment : Yes
 Cloud Applications VAPT : Yes
 Threat Assessment : Yes
 SOC - Security Operation Center Type 1 & 2 Assessment : Yes
 Managed Security Service : Yes
 Automotive Security Audit : Yes
 AI - Artificial Intelligence Security Audit : Yes
 ML- MACHINE LOG Audit : Yes
 Data Localization Security Audit : Yes
 Ransomware Rescue Analysis & Forensic Investigation : Yes
 API Security Audit : Yes
 Network Performance Testing : Yes
 GDPR Compliance Audit : Yes
 Root Cause Analysis : Yes
 ISNP Audit : Yes
 AUA/KUA Audit : Yes
 AEPS and AADHAAR pay Micro ATM Audit : Yes
 IT/OT Infrastructure Audit : Yes
 e-Sign Compliance audit : Yes
 Thick Client Security Audit : Yes
Govt. : 0
PSU : 0
Private : 35+

ICS/OT Audits : 0
CISSPs : 0
BS7799 / ISO27001 LAs : 6
CISAs : 2
DISAs / ISAs : 0
CIPM (IAPP) : 2
CIPP/E (IAPP) : 2
Fellow of Information Privacy (FIP) : 2
CISM (ISACA) : 1
EC-Council CEH : 5

No. Cybertryzub Information Security Information security
1 Jyoti Singh 2.8 Years 8 Years CISA, CIPM, CIPP/E,
FIP, ISO 27001, MSc,
PG Data Science
2 Kush Kaushik 2.8 Years 17 Years B. Tech (I.T.), ISO

27001 LA, ISO 20000-1
LA, CEH from EC
Council, ISO 14001 LA,
ISO 45001 LA.
3 Mohammad Iqbal 2 Years 10 Years CISA, CISM, FIP,

Ahmad CIPP/E, CIPM, LA–
ISO27001-ISMS &
ISO9001-QMS,
ISO22301-BCMS,
ISO31000-RSKM, 6
Sigma Green Belt, MCA
4 Lav Kaushik 2 Years 15 Years B.E, ISO 27001 LA
CEH from EC Council
5 Anamika Singh 2.1 Year 10 Years ISO 27001 Lead

Auditor, CEH from EC
Council, B.A LL.
B(Hons), master’s in
law (IPR)
6 Manjul Sood 2 Years 15 Years ISO 27001 LA, ISO

20000-1 LA, CEH from
EC Council
7 Shubham Raj 5 months 3 Years BCA, CEH from EC

Mourya Council
8 Jayshree Dutta 1.9 Years 4 Years ISO 27001 (ISMS)
Due to non-disclosure agreement with Client, Business/scope are restricted to

disclosure.
• Burp Suite
• SQL Map
• Nmap
• Superscan
• Kali Linux
• Tenable Nessus
• Rapid7 Nexpose community edition
• Nikto
• Ettercap
• Paros Proxy
• Webscarab
• Brutus
• Encase, FTK, Pro discover etc
• Custom Scripts and tools
• OWASP Xenotix
• Browser Addons
• Echo Mirage
• Paros Proxy
• Fiddler Proxy
• Angry IP Scanner
• Aircrack
• Kismet
• WinHex
• Proccess Monitor
• WP-Scanner
• Accunetix Vulnerability Scanner

*Information as provided by Cybertryzub InfoSec Private Limited on 12/05/2022
Back
M/s Digital Age Strategies Pvt. Ltd.
Digital Age Strategies Pvt. Ltd.

Bangalore, Delhi, Mumbai, Chennai, Hyderabad
 Network Security Audit : Yes

 Web-application Security Audit : Yes
 Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI etc.) : Yes
 Cloud Security Audits : Yes
 Mobile Application Audits : Yes
 Application Source Code Audits : Yes
 Application Load/Stress Testing : Yes
 Data Migration Audits : Yes
 Cyber Forensic Audits : Yes
 SOC 1Type 1 / Type 2 (SSAE 18/ / ISAE 3402) : Yes
 Online Scanning, DDoS Monitoring /WAF Services : Yes
 Anti-Phishing / Anti-Rogue / Darknet Services : Yes
 Red Team Services : Yes
 Data Privacy Audits : Yes
 Audit of Certifying Authorities / e-sign /RA/ASP : Yes
 UDAI AUA / KUA /ASA / KSA Compliance Audit : Yes
 CBC/ ERP Audits (SAP/Oracle/custom-based ERP Applications) : Yes
 Configuration & Compatibility Audits : Yes
 Pre-shipment & Post-shipment Audits : Yes
 SAR – Data Localization Audits : Yes
 IT Governance Audits : Yes
 UAT Audit : Yes
 Anti Ransomware Audit : Yes
Govt. : 320+
PSU : 70+
Private : 90+

ICS/OT Audits : 02+
Mobile Application Audits : 80+
Application Source Code Audits : 50+
Application Load/Stress Testing : 06+
Data Migration Audits : 08+
Cyber Forensic Audits : 03+
Online Scanning, DDoS Monitoring /WAF Services : 01+
Anti-Phishing / Anti-Rogue / Darknet Services : 03+
Red Team Services : 02+
Data Privacy Audits : 01+
Audit of Certifying Authorities / e-sign /RA/ASP : 08+
UDAI AUA / KUA /ASA / KSA Compliance Audit : 20+
CBC/ ERP Audits (SAP/Oracle/custom-based ERP Applications) : 12+
Configuration & Compatibility Audits : 04+
Pre-shipment & Post-shipment Audits : 02+
SAR – Data Localization Audits : 20+
IT Governance Audits : 25+
CISSPs : 04
BS7799 / ISO27001 LAs : 25
CISAs : 16
DISAs / ISAs : 02
Other information security qualifications-CEH/CHFI/CCNA/CND/CPENT : 32
S. Name of Employee Duration with Experience Qualification related to

No. Digital Age in Information Security
since Information
Security
1. Mr. Dinesh S. Shastri March, 2004 23 Years FCMA, FCS, LL.B., CISA, CISM,
CND, CEH, CHFI, CDPSE,
CSQA,CEI, B.E.(CS), ISO 27001
ISMS L.A., ISO 22301 BCMS
L.A., ISO 2000:1 ITSM L.A,
CAIIB, COBIT Ver.5.0 Certified
2. Mr. Subhash Rao P. June, 2015 19 Years BE, MBA, CND, CEH,CHFI, CEI,
CDPSE, ISO 27001 L.A., Project
Management Professional & Chief
Software Architect
3. Mr. Ramakrishna H.P. March, 18 Years B.Sc., CEH, ISO 27001 L.A.
2004
4. Mr. S. Satyanarayana February, 2022 19 Years M. Tech.- Computer Science,
Raju CND
5. Ms. Shruthika H.P. March, 2022 11 Years BE, CND, CEH
6. Mr. Chanchal August, 18 Years B.Sc., ISO 27001 ISMS L.A.,

Chakrabarti 2021 ISO 22301 BCMS L.A., ISO
20000-1 ITSM L.A., ISO 9001
QMS L.A.
7. Mr. Shreedhar M. K. July, 2021 12 Years CISA, MSc. IT, ISO 27001 ISMS
L.A., ISO 22301 BCMS L.A.,
ISO 20000-1 ITSM L.A., ISO
9001 QMS L.A.
8. Mr. Marutpal December, 14 Years AMIE -Electronics Engineer, ISO
Mukherjee 2021 27001 ISMS L.A., ISO 22301
BCMS L.A., ISO 20000-1 ITSM
L.A., ISO 9001 QMS L.A.
9. Mr. Aaqarsh Aiyyar April, 2021 16 Years B.E., ISO 27001 ISMS L.A., ISO
22301 BCMS L.A., ISO 9001
QMS L.A.
10. Ms. Roshni Menon May, 2021 14 Years B.A., ISO 27001 ISMS L.A., ISO
22301 BCMS L.A., ISO 20000-1
ITSM L.A.
11. Mr. Natesh Rao B. February, 2016 12 Years FCA, DISA
12. Mr. Chandrasekharaiah March, 2005 18 Years FCA, CISA, ISO 27001 L.A.
T. G. Oracle Data Base trained SAP
Consultant.
13. Mr. CH. Thirupataiah January, 19 Years MS(CS), CISA, CRISC, CAIIB,
2020 CEH, CEISB, ISO 27001 L.A.
14. Mr. S. Vasudevan January 19 Years FCA, CISA, CHFI, B.Sc.
2017
15. Mr. Ravish R. March, 2017 3 Years FCA, LLB, ISO 27001 L.I.
16. Mr. Rajgopal Tholpadi November, 19 Years CISA, ISO 27001 LA, ISO 9001
S. 2013 LA, ISO 22301 BCMS L. A, 6
Sigma Green Belt, PMP
17. 3 Mr. Vivekanand Mathad May, 19 Years CISSP, CISA, ISO 27001 L.A.
. 2019
18. 4 Mr. Sesha Prakash K.S. February 22 Years MCA, CISSP, CISA, GEIT, CRISC,
. 2017 CMMC Foundation, CCISO,
Certified Disaster Recovery
Manager, Certified ISO 27032
L.A., ISO 27001 L.A., Certified
ISO 22301, Pen Tester, ISO
31000 Manager
19. Mr. M. L. August 16 Years MBA, CISA, CEH, CISM, CRISC,
Venkataraman 2015 CGEIT, ISO 22301 BCMS L.A.,
ISO 27001:2013 L.A.
20. Mr. Soundararajan S.G. December, 18 Years CISSP, CISA,CHFI, ISO 27001
2015 L.A., B.Sc,
21. Mr. Vishwas B. Utekar April, 19 Years CISA, CEH, ISO 27001 L.A., ISO
2014 22301 BCMS L.A., B.SC, Diploma
in Computer Management,
Indian Institute of Bankers
Certification.
22. Ms. Hema Latha Gerri July, 02 Years MBA, CISSP, CISA, GDPR, NIST
2021
23. Mr. L. R. Kumar September, 19 Years CISA, MCA, CEH, CQA, PMP, ISO
2015 27001 L.A.
24. Mr. Manjunath Babu April, 16 Years CISA, ISO 27001 L.A., B.Sc,
2016 CAIIB, CEH
25. Mr. Jaiprakash J. L. April, 18 Years ISO 27001 L.A., CQA, PMP,
2014 6Sigma Green Belt, ISO 22301
BCMS L.A.
26. Mr. V. Gourishankar December, 22 Years CISA, M.Sc.
2017
27. Mr. Ravi Kumar January, 18 Years CISA, ISO27001 L.A.
Macherla 2020
28. Mr. Rakesh Shenoy P. September 09 Years CISA, BE, CEH,
2020 ISO 27001 L.A
29. 9 Mrs. Veena U. Rao January, 03 Years CEH, ISO 27001 L.A., B.Sc.
. 2018
30. Ms. Harshini Rao October, 2021 1 Year ISO27001 L.I., CEH
31. Mr. Tantry December, 06 Years BSC., ISO 27001 L.A., CHFI,
Subramanya 2019 LL.B.
32. Mr. Devaraja T.S. December, 06 Years ISO 27001 L.A., CAIIB, LL.B.
2019
33. Mrs. Chitra Srinivasan November 14 Years MA, PGDB–HR, ISO 27001 L.A.,
2017 ISO 9001 L.A., ISO 14001 L.A.
34. Mr. Madhusudhan C. September, 06 Years MSc (IT), M.Tech., B.Tech., CSP,
2021 CEH, CCNA
35. Mr. Altaf Balsing February, 2021 10 Years B.E. CCNA, CEH, VMware Cloud
on AWS
36. Ms. Kusuma Mrudula June, 2021 02 Years B. Tech, CEH
37. Ms. Geethamma. M. August, 2021 02 Years B. Tech, CEH
38. Mr. Mohd. Usman September, 06 Years B.C.A, CEH

2021
39. Mr. Babaiah P. September, 08 Years B.Sc. (Computer Science), MCA,
2021 CEH
40. Mr. Syed Hamza August, 2021 04 Years B. Tech, CHFI
Hussain Shah
41. Mr. Mahaboob Basha September, 07 Years B. Tech, CHFI
2021
42. Mr. Sayed Zabiulla August, 2021 02 Years B.C.A, CHFI
Peerjade
43. Mr. Mujahid August, 2021 01 Year M. Tech, CHFI
Bangdiwale
44. Mr. Naveen Kumar August, 2021 01 Year B.Tech., CEH
Reddy Buddareddygari
45. Ms. Suprabha A. February, 2022 01 Year M. Sc., CEH
46. Mr. Nithesh Reddy December, 01 Year B. Tech., CEH
2021
47. Ms. Naga Vasudha February, 2021 01 Year B. Tech., CEH
48. Ms. Ramya C. February, 2021 01 Year B. Sc., CEH
49. Mr. Manjan Valli G. February, 2021 01 Year B. Tech., CEH
50. Mr. Mubarak S. February, 2021 01 Year B. Tech., CEH
51. Mr. Potru Sai Tarun April, 2022 01 Year B. Tech., CND
52. Mr. Abrar Kazi January, 2021 02 Years B. Tech., CEH
53. Mr. Sunil Raikar January, 2021 02 Years B. Tech., CEH, ISO 27001 L.A.
54. Mr. Bharath Kumar G. January, 2022 02 Years B. Tech., CEH
55. Mr. Fayaz Ahammad January, 2022 02 Years B. Tech., CEH
56. Mr. Shaikh Samadani January, 2022 02 Years B. Tech., CEH
etc.) along with project value. Significant projects -
 GNCTD Delhi - Rs. 89.54 Lacs - 2018 to 2022 VA & PT Delhi e Governance
 Reserve Bank of India, HO Mumbai - CBS Data Migration Audits of RBI across the Country from
Vulnerability Assessment & Penetration Testing for RBI Network & Web application, RTGS
Application Data Migration Audit during Combined Value of order Rs. 112.00 Lacs – 2010-18
 Indian Bank – Rs. 25.96 Lacs Red Team - 2020-21 to 2022-23
 UTIITS, Central Government – Mumbai – VA & PT & Load Testing of Applications Value approx.
Rs. 89– 2020- till date
 West Bengal Power Distribution Company Limited – Rs. 27.61 Lacs ISO 27001 ISMS
Implementation
 Andhra Bank – Rs. 43,90,000/- IS Audit of all IT Areas including VA & PT
 LIC of India – Rs. 60 Lakhs Approx.- Online Scanning of Web Application, Web Application
firewall.
 Allahabad Bank – Rs. 40 Lakhs Approx.- Online Scanning, Monitoring of, Anti phishing Attack
 Odisha Power Transmission Corporation Limited (OPTCL), Govt. of Odisha, Bhubaneswar. IT

Security Auditor including ISO 27001:2013 Implementation for OPTCL/GRIDCO/SLDC Audit for
2017 – 2023. Value of Order Rs. 27.43 Lacs Approx.
 Ministry of Finance & Economic Affairs, Government of The Gambia 2015 - 16

ICT Audit covering Data Centre, Disaster Recovery Site, Audit of Epicore Core Application, IS
Audit of Nine Applications, Vulnerability Assessment and Penetration Testing of the entire
network covering all IT Assets. Gap List of Information Security Audit Tools used ( commercial/
freeware/proprietary): Assessment against COBIT Version 5.0, Gap Assessment against ISO
27001:2013 Standard, detailed Risk Assessments, Future Capacity Plan, Way Forward Initiatives
for IT etc. Value of the order Rs. 48 Lacs.
 Bank of Uganda - Attack & Penetration Testing of Bank of Uganda during 2016 – 17 etc. Value
of the Order Rs. 46 Lacs.
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary) :

Commercial
 Nessus Pro.
 FTK
 nCase
 Burp Suite Pro.
Freeware
 Android Studio
 Genymotion
 Kali Linux
 Nmap
 Wireshark
 OWASP ZAP
 Paratos
 Web Scarab
 coSARA
 Network Stumbler
 9.Aircrack suite
 Nikto
 Cain and Abel
 MBSA
 L0phtcrack: Password Cracker ver. 6.0
 BackTrack
 OpenVas
 W3af
 SQL Map
 SSL Strip
 Tamper Data
 MobSF- Mobile Security Framework
 Flawfinder
 Clang Static Analyzer
Proprietary – In-house developed

 Load Tester LT Ver. 3.0
 Migration audit tool, MAT Ver. 6.0
 Anti-phishing audit tool, APT Ver. 2.0
 Source code audit tool, SCAT 4.0
 SQL Checker Ver. 4.0
 Inject Script Ver. 3.0
*Information as provided by Digital Age Strategies Pvt. Ltd. on 14.05.2022
Back
M/s RiskBerg Consulting Pvt Ltd
RiskBerg Consulting Pvt Ltd

Gurgaon, India
Contact Person : Rohit Agrawal (Managing Director)

Email : rohit.agrawal@riskberg.com
 Network VAPT and Security Audit : YES

 Web-application VAPT and Security Audit : YES
 Wireless Security Audit : YES
 Mobile Application VAPT and Security Audit : YES
 API VAPT and Security Audit : YES
 IOT Security Testing : YES
 SCADA Security Assessment : YES
 Secure Code Review : YES
 Cloud Infra & Applications Security Assessment : YES
 Infrastructure Security Audit : YES
 Security Architecture Review : YES
 Server Hardening Reviews : YES
 External Threat Intelligence (Y/N) : YES
 Database Security Audit & Assessment (Y/N) : YES
 Data Center Security Audit & Assessment (Y/N) : YES
 Social Engineering Assessment (Y/N) : YES
 Systems Security Assessments (Y/N) : YES
 Endpoints and Thick Client Security Audit (Y/N) : YES
 Telecom Security Audit & Assessment (Y/N) : YES
 Risk Assessments (Y/N) : YES
 ERP Security Audit & Assessment (Y/N) : YES
 ITGC and GCC Audit (Y/N) : YES
 Compliance Audits (ISO 27001, ISO 27701, PCI, etc.) (Y/N) : YES
 Finance Sector Audits (Swift, API, Payment Gateway etc.) (Y/N) : YES
 Data Localization Security Audit (Y/N) : YES
 Anti - Ransomware Controls Assessment (Y/N) : YES
 GDPR Compliance Audit (Y/N) : YES
 ISNP Audit (Y/N) : YES
 IRDA Audit (Y/N) : YES
 AUA/KUA Audit (Y/N) : YES
 AEPS and AADHAAR Pay Micro ATM Audit (Y/N) : YES
 IT/OT Infrastructure Audit (Y/N) : YES
 e-Sign Compliance Audit (Y/N) : YES
4. Information Security Audits carried out in last 12 Months
Govt. : 0
PSU : 0
Private : 110+

Mobile Security Audit : 4
Source code Review : 2
ICS/OT Audits : 10+
Supplier Information Security Audit : 20+
ITGC Audit : 2
BS7799 / ISO27001 LAs : 8

CISAs : 1
CEH : 5
CISM : 2
Total Number of Technical Personnel : 15

No. Employee RiskBerg Information Information security
Security
1 Rohit A. 3.5 Years 14+ Years CISA, CISM,CDPSE, CPISI, CEH, 
ISO 27001 LA/LI Training (BSI)
2 Atul P. 1.5 Years 16+ Years ISO 27001, ISO 31000, Diploma
in Cyber Laws
3 Mamta 8 Months 3 years ISO 27001 LA
4 Ashish K. 8 Months 2 years CEH
5 Abhishek S. 1.1 Year 7 years AWS Cloud Security
- Advanced Networking
- Cloud Practitioner
- Solutions Architect
- Serverless Framework
6 Rahul J. 1 Year 2 years Training on
- Reverse Engineering & Exploit
Development
- Penetration Testing with KALI
7 Ravi M. 7 Months 1 year CEH Training, ISO 27001
Training
8 Ishrat A. 9 Months 9 years CCNA, MCSE
9 Rishi K. 3 Months 2.5 years Cyberwarfare labs certified red
team analyst
10 D. Mehta 5 Months 2.5 years - 100W Cybersecurity Practices
for Industrial Control Systems
- Certified Web Hacking Expert
- OSINT Analyst
S. Client Description Project Description Project Value

No.
1 A global leader in • Infrastructure Audit Undisclosed
enterprise • Data center audit
messaging • Red Teaming
• Application audit & VAPT for
multiple apps for global location
• API security assessment
• ISMS & PIMS internal audit
• Customer InfoSec Audit
Management
• Identity and access management
2 HRMS and • ISO 27001 related internal Audit Approx. INR 35 Lakhs
Compensation and reviews.
Management • GDPR related privacy assessments
product based (DPIA)
Global Service • Application Security Audit – VAPT
provider, with • Database (GCP) and Cloud Security
presence in India, Assessment
Dubai, Turkey, UAE • Infrastructure Technical Audit
& US. • SSAE 18 – SOC 2 Type-2 (security,
confidentiality, availability)
Readiness Assessment
3 India • Application Security Audit – VAPT Approx. INR 25 Lakhs
headquartered (ongoing)
global company • Mobile Application Audit
providing Digital • Cloud Infra Assessment
Reward and • ISO 27001 compliance
Recognition implementation (in-process)
platform SaaS. • Customer Information Audit
Management
• SSAE 18 SOC-2 compliance and
readiness support
• Privacy Assessment
4 An American • ISO 27001 Undisclosed
multinational • ISO 27017
technology • ISO 27701
conglomerate,
• SSAE 18 SOC 2
which is in Global
Fortune 100 list
• IRAP
• ISMAP
• Vendor Security Audit
• Technical Security Assessments
(e.g., Penetration test)
• Security training framework
development
5 One of the largest • Application Security Audit Undisclosed
Indian bottlers for a • Servers
global beverage • Firewall
company.
• Cloud Security Assessment
• ISMS Audit
• OT Security Audit
• Customer Security Audit (MSS)
requirement
6 A leading • Application Security Audit – VAPT Undisclosed
messaging platform for critical application
Aggregator in India • Internal/ External Audit for servers,
database and infra supporting the
application
• API security assessment
• Perimeter firewall security review
7 An American Security Assessments and Audit Approx. INR 30 Lakhs

multinational related to Health Insurance Portability
managed and Accountability Act (HIPAA).
healthcare and
insurance company This includes the application security
based in USA. This specific controls’ assessments mapped
company is in to NIST, HIPAA and other industry
global fortune top standards
50 list
8 A multinational • Secure Code Review (White Box) Undisclosed
consultancy firm, testing.
headquartered in • Cloud infra security assessment for
London, United Azure
Kingdom, providing • Security Audit for virtual machine/
services focused on server hosting the application
sustainability.
• Blackbox testing and Greybox
security audit (DAST) for web
application.
Commercial Tools:
 Intruder.io
Freeware/Open-Source Tool:
 Nikto
 NMAP
 OWASP ZAP
 Sqlmap
 DIRB
 Nipper-ng
 Wireshark
 Test SSL
 SSLyze
 Aircrack-ng
 Zenmap/ Nmap
 Fiddler
 Scapy
 Drowser
 JAWS
 XSS strike
 Metasploit
 OpenVAS
 W3af
 SMB Enum
 LOIC
 Tools available with Kali Linux
*Information as provided by RiskBerg Consulting on 14th May 2022
Back
M/s SOC Analyst Pvt. Ltd.
SOC Analyst Pvt. Ltd.

3/10-11, Central Chambers, 1017 Tilak Road,
Swargate Corner, Pune, India- 411 002
 Network security audit : YES

 Web-application security audit : YES
 Wireless security audit : YES
 Compliance audits (ISO 27001, ISO 27701, HIPAA, GDPR, PCI, etc.) : YES
 Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : YES
 ICS/OT Audits : NO
 Cloud security Audits : YES
 Mobile Application Security Audit : YES
 Penetration Testing and Vulnerability Assessment : YES
 Thick Client Security Audit : YES
 Information Security Audit : YES
 Data Migration Audit : YES
 Information System Audit : YES
 IS Audit of Bank as per RBI Gopalakrishna Committee Report, SEBI guidelines: YES
 IT Risk Assessment : YES
 Configuration Review : YES
Govt. : - Nil -
PSU : 02
Private : 13
Co-operative : 26

Mobile-application security audit : 08
Thick-client security audit : 01
Wireless security audit : - Nil -
Compliance audits (ISO 27001, IEC 62443, IEC 27019, PCI, etc.) : - Nil -
Finance Sector Audits (Swift, ATMs, API, Payment Gateway etc.) : - Nil -
Cloud security Audits : - Nil –
IS Audit : 15
Migration Audit : 01
CISSPs : 00
BS7799 / ISO27001 LAs : 03
CISAs : 02
DISAs / ISAs : 00
CEH : 02
CNSS : 01
CAE : 01
ISAC : 01
CSCU : 01

No. SAPL Information Security Information security
1. Rajendra Ponkshe 1 Year, 11 25 Years + CISA, CGEIT, CDPSE,
Months ISO 27001 LA, CPISI
2. Ajay Nikumb 1 Year, 11 25 Years + ISO 27001 LA, ISO
months 27701 LA, ISO 27001
LI, CPISI
3. Mahesh Garud 1 Year, 9 1 Year, 9 Months CEH, CNSS, CAE
months
4. Abhijeet 1 Year, 10 1 Year, 10 Months CEH, ISAC
Ghewande months
5. Abhay Victor 5 months 2 Years CSCU
6. Shreya Ponkshe 2 months 2 months CISA, ISO 27001 LA
Due to Non-Disclosure Agreement (NDA) with Client / Customer / Business sharing

partial / Full information is / are restricted to disclosure.
 Nmap
 SQLMap
 Kali Linux
 Metasploit-Framework
 Wireshark
 Burpsuite
 Ettercap
 Netcat
 SSLScan
 dnspy
 Apktool
 Genymotion
 Nessus
 Nikto
 Win-hex
 SOAPUI
 Hashcat
 OpenVAS
 Wapiti
 Mobsf
 OWASP-ZAP
 FUFF

11. Whether organization has any Foreign Tie-Ups? If yes, give details : NO

*Information as provided by SOC Analyst Pvt. Ltd. on May 13, 2022
Back
-Top-

CERT INEmpanel Org 2022

Uploaded by

Copyright:

Available Formats

CERT INEmpanel Org 2022

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CERT INEmpanel Org 2022

Uploaded by

Copyright:

Available Formats

EMPANELLED INFORMATION SECURITY AUDITING ORGANISATIONS by CERT-In

1. M/s AAA Technologies Ltd

278-280, F-Wing, Solaris-1,

2. M/s AKS Information Technology Services Pvt Ltd

3. M/s AQM Technologies Pvt Ltd.

4. M/s Allied Boston Consultants India Pvt. Ltd.

A/95, Kamla Nagar, Delhi-110007

6. M/s Andhra Pradesh Technology Services Ltd

3rd Floor, R&B Building, MG Road, Labbipet,

7. M/s ANB Solutions Private Limited

901,Kamla Executive Park, Off Andheri-Kurla Road,

8. M/s AGC Networks Limited

Essar House, 11, K. K. Marg, Mahalaxmi,

9. M/s Accenture Solutions Pvt. Ltd.

401, Shatrunjay, Divecha Complex, Edulji Road, Charai,

11. M/s ANZEN TECHNOLOGIES PVT. LTD.

A-429, Second Floor, A-Wing, Vashi Plaza, Sector 17,

12. M/s Attra Infotech Pvt. Ltd

13. M/s Aujas Cybersecurity Limited

14. M/s AURISEG CONSULTING PRIVATE LIMITED

16. Army Cyber Group

17. M/s Audix Techno Consulting Solutions Private Limited

18. M/s AVASURE TECHNOLOGIES PVT. LTD.

19. M/s Acquisory Consulting LLP

20. M/s ANA Cyber Forensic Private Limited

22. M/s Bharti Airtel Service Limited

Plot# 16, Udyog Vihar-Phase-IV

23. M/s BDO India LLP

24. M/s Beagle Cyber Innovations Private Limited

25. M/s BSCIC Certifications Private Limited

27. M/s Bureau Veritas India Pvt Ltd

28. M/s Centre for Development of Advanced Computing (C - DAC)

29. M/s Crossbow Labs LLP

30. M/s CyberQ Consulting Pvt Ltd.

31. M/s CyRAAC Services Private Limited

B-136, Surajmal Vihar, Delhi 110092

33. M/s Cyber Security Works Pvt. Ltd.

No.6, 3rd Floor, A-Block, IITM Research Park

34. M/s CEREIV Advisory LLP

Chembakam Building, Koratty Infopark, Thrissur Dt, Kerala - 680 308

35. M/s ControlCase International Pvt. Ltd.

Corporate Center, Level 3, Andheri-Kurla Road, Marol,

36. M/s CyberSRC Consultancy LLP

Unit no 605, 6th floor, World Trade Tower,

37. M/s Cloud4C Services Private Limited

Pioneer Towers, 7th Floor, Plot no.16, Software Units Layout,

39. M/s Code Decode Labs

Code Decode Labs Pvt. Ltd.,

40. M/s CYBERNERDS SOLUTIONS PRIVATE LIMITED

No.40, Keelavaikolkara Street, Woraiyur,

41. M/s Dr CBS Cyber Security Services LLP

113, Suraj Nagar East, Civil Lines, Jaipur, Rajasthan-302006

42. M/s cyberSecurist Technologies Pvt. Ltd

44. M/s Deloitte Touche Tohmatsu India LLP

45. M/s Deccan Infotech (P) Ltd.

13, Jakkasandra block. 7th cross.

46. M/s DigitalTrack Solution Pvt Ltd.

No: 9, Vinayakar Koil Street, Venkatapuram,

47. M/s DREAMWORKS INFOTECH PRIVATE LIMITED

48. M/s Digital Age Strategies Pvt. Ltd