Security Audit Firms Categorization
Keeping in view rapidly increasing security threats, PTA Authority issued Critical Telecom Data and Infrastructure Security Regulations (CTDISR) on 8th September 2020 and directed all PTA licensees to implement CTDISR controls by July 2021, to give licensees sufficient time to allocate budget and deploy necessary security controls for compliance. Similarly, PTA directed all licensees to conduct 3rd Party Audits from PTA’s approved Cyber Security Audit Firm.
Since audit companies have grown to a reasonable number therefore, there was need to standardize the audit firms. PTA in this regard prepared Cyber Security Audit Firms Criteria after going through extensive due-deliberation and consultation process with Telecom operators and Security Audit firms. Upon which, several security firms had submitted applications to PTA. Upon assessment of documents in the light of the approved Cyber Security criteria appropriate categories were assigned.
Following is the list of firms listed in accordance with their categories. This list will be constantly updated, as new firms are approved, or categories of existing firms are elevated:
| Category Allocated | Security Audit Firm | Email Address | Point of Contact | Registration Status |
| Cat-I | Myson Engineering (Private) Limited |
badar@myson.com.pk |
Mr. Badar Ud Duja | Active |
| Cat-I | Ebryx | syed.talal@ebryx.com | Mr. Syed Talal Hassan Bukhari | Active until 31st December 2025 |
| Cat-I | EY | Bilal.Saleem@pk.ey.com | Mr. Bilal Saleem | Active until 31st December 2025 |
| Cat-I | Risk Associate | kashif.hassan@riskassociates.com | Mr. Kashif Hassan | Active until 31st December 2025 |
| Cat-I | Trillium | aniqa.fareed@infosecurity.com.pk | Ms. Aniqa Fareed | Active until 31st December 2025 |
| Cat-I | SGS Pakistan | waqas.awan@sgs.com | Mr. Waqas Awan | Active until 31st December 2025 |
| Cat-I | BDO | sshah@bdo.com.pk | Mr. Shoukat Shah | Active until 31st December 2025 |
| Cat-I | A. F. Ferguson & Co. (PwC) | m.bilal@pwc.com | Mr. Muhammad Bilal | Active until 31st December 2025 |
| Cat-II | Mutex Systems | samihaider@mutexsystemsltd.com | Mr. Sami Haider | Active until 31st December 2025 |
| Cat-II | YLinx | muhammad.kashif@ylinx.pk | Mr. Muhammad Kashif | Active until 31st December 2025 |
| Cat-II | Security Experts | info@securityexperts.com.pk | Mr. Hasnain Sultan | Active until 31st December 2025 |
| Cat-II | Xcelliti | kashif.jamil@xcelliti.com | Mr. Kashif Jamil | Active until 31st December 2025 |
| Cat-III | Catalyic Consulting | info@catalyic.com | Catalyic Consulting | Active until 31st December 2025 |
| Cat-III | Cyberisk | atif@cyberisk.com.pk | Mr. Atif Abro | Active until 31st December 2025 |
| Cat-III | Kualitatem (Private) Limited | touqeer.afzal@kualitatem.com | Mr. Muhammad Touqeer Afzal | Active until 31st December 2025 |
| Cat-III | 360 Technologies (Private) Limited | nomaniqbal@360technologies.net | Mr. Noman Iqbal | Active until 31st December 2025 |
| Cat-IV | Lynx Information Security | info@lynx-infosec.com | Ms. Maliha Safdar | Active until 31st December 2025 |
| Cat-IV | Zerox Innovation Pvt Ltd | waqas@zeroxinn.com | Waqas Ahmed Faroouqi | Active until 31st December 2025 |
| Cat-IV | Compliance wing | syed.saad@compliancewing.com | Mr. Syed Muhammad Saad | Active until 31st December 2025 |
| Cat-IV | Horizon Tech | pmo@horizon.com.pk | Horizon Tech | Active until 31st December 2025 |
It is imperative to mention here that, as per approved Cyber Security audit criteria, audit firms can perform audit of their respective categories or downward in the hierarchy. For instance, firms qualifying for Cat-I, can also perform audit of licensees falling under Cat-II to Cat-IV. Similarly, firms qualifying for Cat-II, can also perform audit of Cat-III and Cat-IV, however, firms qualifying for Cat-IV cannot perform audit of licensees upward in the hierarchy i.e. Cat-III to Cat-I.
