Islamabad, Feb 3: Pakistan’s National Computer Emergency Response Team (NCERT) has recently launched an initiative to invite qualified firms to register as approved Cyber Security Auditing Firms.
This important move aims to bolster the country’s cyber resilience by ensuring comprehensive security assessments of its ICT infrastructure.
The goal is to safeguard the digital landscape, helping businesses and public sector organizations minimize vulnerabilities and strengthen their cybersecurity posture.
Eligible firms wishing to become part of this initiative must meet strict eligibility criteria, adhering to industry standards and best practices in cybersecurity. The registration process ensures that only top-tier firms are authorized to conduct audits in key domains such as IT services, cloud solutions, hosting, and other critical infrastructures.
Read More:
PM Launches 2025 Anti-Polio Drive, Vows to Eradicate Polio Once and For All
By identifying potential risks and assessing compliance with cybersecurity protocols, these audits will play a crucial role in reinforcing the security framework of Pakistan’s digital ecosystem.
To qualify for registration, firms must meet several critical requirements. These include holding proper registration with the Securities and Exchange Commission of Pakistan (SECP), tax registration with the Federal Board of Revenue (FBR), and possessing certifications like ISO 27001.
In addition, firms must demonstrate experience in conducting cybersecurity audits and employ certified professionals who can effectively assess complex security threats.
The auditors themselves must hold recognized certifications from reputable cybersecurity bodies, such as ISACA, (ISC)², SANS, and EC-Council. Along with experience in penetration testing and cybersecurity auditing, these auditors should have a strong academic background in computer science, engineering, or information security, ensuring they possess the expertise to handle audits of critical infrastructure.
Firms seeking registration must follow NCERT’s guidelines. These include maintaining independence, avoiding outsourcing audits to foreign assessors, and aligning assessments with national cybersecurity policies, such as the National Cyber Security Policy and Pakistan Cloud First Policy.
Additionally, firms must uphold a solid reputation in the market. Any firm found blacklisted within public or private sectors will be disqualified from the registration process.
NCERT has divided the registration process into four categories: CAT-I to CAT-IV, based on firm qualifications and audit complexity. CAT-I firms can audit critical infrastructure providers, while lower categories handle less complex audits.
NCERT will regularly update and publish the final list of approved firms on its website.
This ensures transparency and allows firms to maintain their registration through periodic renewals, ensuring compliance with evolving cybersecurity standards.
