Republic Act No. 10844, otherwise known as the “Department of Information and Communications Technology Act of 2015”, stipulates that DICT is mandated to ensure the security of Critical Information Infrastructure (CII), including information assets of the government, individuals, and businesses. DICT shall provide oversight over agencies governing and regulating the ICT sector and ensure consumer protection and welfare, data privacy and security, foster competition and the growth of ICT sector.
In line with this, the National Cybersecurity Plan (NCSP) 2022 was unveiled and published last May of 2017, and through this the DICT Memorandum Circulars (MCs) for the Implementation Plan have also been published in September 2017. In accordance to the NCSP, the MCs require the conduct of Security and Protection Assessment which will serve as an official reference for all CIIs.
The DICT Cybersecurity Bureau started the first phase of the Security and Protection Assessment by Recognizing Cybersecurity Assessment Providers. The scope of recognition are the following services:
1. Vulnerability Assessment and Penetration Testing (VAPT)
2. Vulnerability Assessment only (VA)
3. Penetration Testing only (PT)
4. Information Security Management System (ISMS)
5. Both services (VAPT and ISMS)
All applicant service providers are required to submit the following in order to be recognized and be listed in the Catalog:
1. Letter of Intent addressed to Director Jose Carlos P. Reyes, Cybersecurity Bureau
2. Company Profile
3. Business permit and SEC/DTI registration (Certified True Copy)
4. Relevant Accreditation either from Local or International Bodies (if any)
As of this date, the following entities are the Recognized Cybersecurity Assessment Providers by the Bureau:
| COMPANY | WEBSITE | SERVICE/S RECOGNIZED | VALID UNTIL | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Equitable Computer Services | https://www.equicom.com/ | VAPT | September 2021 | ||||||||||||||||||||
| Exceture Inc. | https://exceture.com/ | VAPT AND ISMS | October 2021 | ||||||||||||||||||||
| AegisOne Cyber Defense Corporation | https://www.aegisonecybersec.com/ | VAPT | October 2021 | ||||||||||||||||||||
| Reyes Tacandong & Co. | www.reyestacandong.com | VAPT AND ISMS | October 2021 | ||||||||||||||||||||
| PRAGMATIC INSIGHTS OPC | https://www.pragmaticinsights.ph | VAPT AND ISMS | October 2021 | ||||||||||||||||||||
| bneXt Inc. | https://bnext.tech | VAPT AND ISMS | October 2021 | ||||||||||||||||||||
| INGRESSUM Philippines Corp. | https://www.ingressum.com/ | VAPT | October 2021 | ||||||||||||||||||||
| Nexus Technologies, Inc. | nexustech.com.ph | VAPT | November 2021 | ||||||||||||||||||||
| SyCip Gorres Velayo & Co. | https://www.sgv.ph/ | VAPT AND ISMS | January 2022 | ||||||||||||||||||||
| Macrologic Diversified Technologies Inc. | https://www.macrologic.com.ph/ | VAPT | January 2022 | ||||||||||||||||||||
| NGT Global Inc. | www.ngtglobal.com.ph | VAPT AND ISMS | January 2022 | ||||||||||||||||||||
| Navarro Amper & Co./ Deloitte Philippines | https://www2.deloitte.com/ph/en.html/ | VAPT AND ISMS | February 2022 | ||||||||||||||||||||
| Sophie’s Information Technology Services | https://sitesphil.com/ | VAPT | April 2022 | ||||||||||||||||||||
| Infobahn Communications, Inc. | https://ibahn.net.ph/ | VAPT | May 2022 | ||||||||||||||||||||
| Secuna Software Technologies, Inc | http://www.secuna.io | VAPT | June 2022 | ||||||||||||||||||||
| Laggui & Associates, Inc. | https://www.laggui.com/ | VAPT AND ISMS | June 2022 | ||||||||||||||||||||
| J Mantua IT Services Inc. | www.mantuaservices.com | VAPT AND ISMS | June 2022 | ||||||||||||||||||||
| Moodlearning, Inc. | https://www.moodlearning.com/ | VAPT AND ISMS | June 2022 | ||||||||||||||||||||
| MULTI-FOLD Links, Inc. | http://www.multifoldlinks.com/ | VAPT | June 2022 | ||||||||||||||||||||
| Mara Linux and Business Solutions, Inc. (Maralabs) | https://maralabs.ph/ | VAPT and ISMS | July 2022 | ||||||||||||||||||||
| Bluedog Cyber Security Inc. | https://bluedog-security.com/ | VAPT AND ISMS | July 2022 | ||||||||||||||||||||
| Pointwest Innovations Corporation | www.pointwest.com.ph | VAPT AND ISMS | July 2022 | ||||||||||||||||||||
| Nullforge Security Inc. | https://nullforge.net/ | VAPT | July 2022 | ||||||||||||||||||||
| ROSEHALL Management Consultants, Inc. | www.rosehall.com.ph | ISMS | July 2022 | ||||||||||||||||||||
| EUODOO TECHNOLOGIES, INC. | WWW.EUODOO.COM.PH | VAPT | July 2022 | ||||||||||||||||||||
| Worldtech Information Solutions, Inc. | WWW.WISPHIL.COM | VAPT AND ISMS | July 2022 | ||||||||||||||||||||
| Black Bear Securities | https://blackbearsecurities.com | VAPT AND ISMS | July 2022 | ||||||||||||||||||||
| Theos Cyber Solutions, Inc. | https://theos-cyber.com | VAPT AND ISMS | July 2022 | ||||||||||||||||||||
| SMS Global Technologies Inc. | www.smsgt.com | VAPT | August 2022 | ||||||||||||||||||||
| RED ROCK IT SECURITY INC. | www.redrocksecurity.io | VAPT | August 2022 | ||||||||||||||||||||
| ALTPAYNET CORP. | https://altpaynet.com | VAPT AND ISMS | August 2022 | ||||||||||||||||||||
| TOTAL INFORMATION MANAGEMENT CORPORATION | www.timcorp.net.ph | VAPT AND ISMS | August 2022 | ||||||||||||||||||||
| Technopath Solutions Inc. | www/technopatsolutions.com | VAPT AND ISMS | August 2022 | ||||||||||||||||||||
| ePLDT Inc. | www.epldt.com | VAPT AND ISMS | August 2022 | ||||||||||||||||||||
| ION Management Solutions, Inc. | www.ion-management.com | VAPT AND ISMS | August 2022 | ||||||||||||||||||||
| R.G. Manabat & Co. | www.kpmg.com.ph | VAPT AND ISMS | August 2022 | ||||||||||||||||||||
| Maroev Cyber Systems Inc. | www.maroev.com | VAPT | September 2022 | ||||||||||||||||||||
| Fibercom Telecom Phils., Inc. | www.fibercomtelecoms.com | VAPT | September 2022 | ||||||||||||||||||||
| Microgenesis Software Inc. | www.mgenesis.com | VAPT | September 2022 |
The DICT Cybersecurity Bureau is still accepting applications for recognition this year. For more information, please do not hesitate to contact us at rcap@dict.gov.ph