Republic Act No. 10844, otherwise known as the “Department of Information and Communications Technology Act of 2015”, stipulates that DICT is mandated to ensure the security of Critical Information Infrastructure (CII), including information assets of the government, individuals, and businesses. DICT shall provide oversight over agencies governing and regulating the ICT sector and ensure consumer protection and welfare, data privacy and security, foster competition and the growth of ICT sector.
In line with this, the National Cybersecurity Plan (NCSP) 2022 was unveiled and published last May of 2017, and through this the DICT Memorandum Circulars (MCs) for the Implementation Plan have also been published in September 2017. In accordance to the NCSP, the MCs require the conduct of Security and Protection Assessment which will serve as an official reference for all CIIs.
The DICT Cybersecurity Bureau started the first phase of the Security and Protection Assessment by Recognizing Cybersecurity Assessment Providers. The scope of recognition are the following services:
1. Vulnerability Assessment and Penetration Testing (VAPT)
2. Vulnerability Assessment only (VA)
3. Penetration Testing only (PT)
4. Information Security Management System (ISMS)
5. Both services (VAPT and ISMS)
All applicant service providers are required to submit the following in order to be recognized and be listed in the Catalog:
1. Letter of Intent addressed to Director Jose Carlos P. Reyes, Cybersecurity Bureau
2. Company Profile
3. Business permit and SEC/DTI registration (Certified True Copy)
4. Relevant Accreditation either from Local or International Bodies (if any)
As of this date, the following entities are the Recognized Cybersecurity Assessment Providers by the Bureau:
- Kaspersky Lab SEA
- MIDD Consulting and Outsourcing, Inc.
- SMS Global Technologies, Inc.
- BT Global Services
- IBM Philippines Inc.
- ION Management Solutions, Inc.
- NGT Global Inc.
- SyCip Gorres Velayo & Co.
- Mantua IT Services Inc.
- Navarro Amper & Co./ Deloitte Philippines
- ARES Services
- Fibercom Telelcom Philippines, Inc. (FTPI)
- Secuna Software Technologies, Inc.
- Dimension Data Philippines, Inc.
- Indra Philippines, Inc.
- Maroev Cyber Systems, Inc.
- Red Rock Security Inc.
- R.G. Manabat & Co.
- Punongbayan & Araullo (P&A Grant Thornton)
- Isla Lipana & Co., PwC
- Pandora Labs, Inc.
- Worldtech Information Solutions, Inc.
- RIGELTECH Corporation
- Diversified Technology Solutions International(DTSI), Inc. Group
- Total Information Management Corporation
- Digital Defenders
- Pointwest Innovations Corporation
- Software Services and Integration Development
- My Busybee Inc.
- AltPayNet Corporation
- Rosehall Management Consultants, Inc.
- SoftwareONE Philippines Inc.
- Pineda Cybersecurity
- Blackpanda Philippines Inc.
- NullForge Security Inc.
- ePLDT Inc.
- TÜV Rheinland Philippines, Inc
- Securemetric Technology Inc.
- Theos Cyber Solutions
- Exceture Inc.
- Laggui & Associates, Inc.
- Bolton Labs
- Mara Linux and Business Solutions, Inc. (Maralabs)
- Sophie’s Information Technology Services
- euodoó Technologies, Inc.
The DICT Cybersecurity Bureau is still accepting applications for recognition this year. For more information, please do not hesitate to contact Engr. Sarah Mae M. Mergilino at firstname.lastname@example.org or by telephone at 920-0101 loc 1708