Security Audit Firms Categorization
Security Audit Firms Categorization
Keeping in view rapidly increasing security threats, PTA Authority issued Critical Telecom Data and Infrastructure Security Regulations (CTDISR) on 8th September 2020 and directed all PTA licensees to implement CTDISR controls by July 2021, to give licensees sufficient time to allocate budget and deploy necessary security controls for compliance. Similarly, PTA directed all licensees to conduct 3rd Party Audits from PTA’s approved Cyber Security Audit Firm.
Since audit companies have grown to a reasonable number therefore, there was need to standardize the audit firms. PTA in this regard prepared Cyber Security Audit Firms Criteria after going through extensive due-deliberation and consultation process with Telecom operators and Security Audit firms. Upon which, several security firms had submitted applications to PTA. Upon assessment of documents in the light of the approved Cyber Security criteria appropriate categories were assigned.
Following is the list of firms listed in accordance with their categories. This list will be constantly updated, as new firms are approved, or categories of existing firms are elevated:
| Category Allocated | Security Audit Firm | Email Address | Point of Contact | Registration Status |
| Cat-I | Ebryx | syed.talal@ebryx.com | Mr. Syed Talal Hassan Bukhari | Active |
| Cat-I | EY | Bilal.Saleem@pk.ey.com | Mr. Bilal Saleem | Active |
| Cat-I | Risk Associate | kashif.hassan@riskassociates.com | Mr. Kashif Hassan | Active |
| Cat-I | Trillium | aniqa.fareed@infosecurity.com.pk | Ms. Aniqa Fareed | Active |
| Cat-I | SGS Pakistan | waqas.awan@sgs.com | Mr. Waqas Awan | Active |
| Cat-I | BDO | sshah@bdo.com.pk | Mr. Shoukat Shah | Active |
| Cat-I | A. F. Ferguson & Co. (PwC) | m.bilal@pwc.com | Mr. Muhammad Bilal | Active |
| Cat-II | Compliance wing | syed.saad@compliancewing.com | Mr. Syed Muhammad Saad | Suspended till 30th August 2024 |
| Cat-II | Eunomatix | farooq@eunomatix.com | Mr. Muhammad Farooq | Suspended till submission of updated profile |
| Cat-II | Mutex Systems | samihaider@mutexsystemsltd.com | Mr. Sami Haider | Active |
| Cat-II | Veiliux | safina@veiliux.com | Ms. Safina | Suspended till submission of updated profile |
| shahmeer@veiliux.com | Mr. Shahmeer | |||
| Cat-II | YLinx | muhammad.kashif@ylinx.pk | Mr. Muhammad Kashif | Active |
| Cat-II | Horizon Tech | pmo@horizon.com.pk | Horizon Tech | Suspended till submission of updated profile |
| Cat-II | Security Experts | info@securityexperts.com.pk | Mr. Hasnain Sultan | Active |
| Cat-II | Xcelliti | kashif.jamil@xcelliti.com | Mr. Kashif Jamil | Active |
| Cat -II | Cansol Consulting | azfarbaig@cansolconsulting.com | Mr. Azfar Baig | Suspended till 25th June 2024 |
| Cat-III | Catalyic Consulting | info@catalyic.com | Catalyic Consulting | Active |
| Cat-III | Cyberisk | atif@cyberisk.com.pk | Mr. Atif Abro | Active |
| Cat-III | Kualitatem (Private) Limited | touqeer.afzal@kualitatem.com | Mr. Muhammad Touqeer Afzal | Active |
| Cat-III | 360 Technologies (Private) Limited | nomaniqbal@360technologies.net | Mr. Noman Iqbal | Active |
| Cat-IV | CyberShell | tayyaba_nafees@cybershellsol.com | Ms. Tayyaba | Suspended till submission of updated profile |
| Cat-IV | Lynx Information Security | info@lynx-infosec.com | Ms. Maliha Safdar | Active |
| Cat-IV | Delta Dynamics (Private Limited) | tariq@deltadynamics.consulting | Mr. Tariq Jamil | Suspended till submission of updated profile |
| Cat-IV | IT SecurityWall | founder@securitywall.co | Mr. Babar Khan | Suspended till submission of updated profile |
Cyber Security Licensee Categorization
Following is the list of audit firms mapped in accordance with their respective categories:
|
S. No. |
Categories |
Licensee Type |
Licensee/ Telecom Operators |
Cyber Security Audit Experience (in years) (Minimum) |
No. of Permanent Technical Resources (Minimum) |
No. of Technical Resources Certification (Minimum) |
|
1. |
Cat-I |
CMOs & Large Operators with multiple Licenses | Ufone, Telenor, JAZZ, ZONG, PTCL, TWA, SCO, NTC |
6 |
7 |
7 |
|
2. |
Cat-II |
Large Operators | Brain Telecom, Comsats Internet Services, Connect Communications, Cyber Internet Services, Fariya, KK networks, LinkDotNet, Master Communication, Multinet, Nayatel, REDtone, Wateen Telecom, Web Concepts, Wi-Tribe |
4 |
5 |
5 |
|
3. |
Cat-III |
Medium and LDI Operators | DV Com Data, 4B Gentel, 7 Star telecom, ADG LDI, Aero Communication, Apex Internet, Apollo Telecom, AT & T Global, Circle Net, Cube Xs Weatherly, Dancom, East Tel AJK, Ebone Network, Equant Pakistan, Eureka Net, Evamp & Sanga, FDI Fast Developers, Fiber Beam, Fiber Link, Fiber2home, Future Networks, Galaxy Technology, Gemnet Enterprises, Geo IT, Gerry's, Hajwari Net Zone, Hazara Communication, Helium Communication, IJ Internet Services, Infostructure, Instacom, Khyber Internet Services, Micronet Broadband, Multan Cable and Internet, Multi City Broadband, Nexlinx, Optix , Orient Expressldi, Pak Datacom, Paragon Telecom, Prime Vision Communications , QuBees/Sharp Com, Satcomm, Sharp Tel, Sky Telecom, Smart telecom, Soft Ends AJK, Superior Connections, Supernet Limited, Telecard , Telenex, The Professional Communication, Tufa Telecommunication, Vision Telecom, WanCom, Waylink, Wideband Communication, WiseCom, Zeta Technologies |
3 |
3 |
3 |
|
4. |
Cat-IV |
Small operators | Rest others… |
1 |
2 |
2 |
It is imperative to mention here that, as per approved Cyber Security audit criteria, audit firms can perform audit of their respective categories or downward in the hierarchy as per Annexure A. For instance, firms qualifying for Cat-I, can also perform audit of licensees falling under Cat-II to Cat-IV. Similarly, firms qualifying for Cat-II, can also perform audit of Cat-III and Cat-IV, however, firms qualifying for Cat-IV cannot perform audit of licensees upward in the hierarchy i.e. Cat-III to Cat-I.