Professional Services

Certification

We enable you to demonstrate that your services, processes or systems are compliant with local or international regulations and standards, or customer defined standard, through certification.  We provide certification services in Information Security Management System (ISO 27001) and Quality Management System (ISO 9001).

ISO 27001 details requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS), aiming to help organizations to protect information assets they hold.

ISO 9001 helps organizations to ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service.

Audit

We deliver audit services against specifications and standards outside our normal certification services, with major focus in Quality Management, Information Security, Service Management and Business Continuity. These can be tailored to your own specifications and delivered to assure the compliance.

  • ISO 9001
    • Quality Management Systems
  • ISO/IEC 20000-1
    • Information Technology – Service Management – Part 1: Service Management System Requirements
  • ISO 22301
    • Security and Resilience – Business Continuity Management Systems – Requirements
  • ISO/IEC 27001
    • Information Security Management Systems
  • ISO/IEC 27002
    • Code of Practice for Information Security Controls
  • ISO/IEC 27017
    • Code of Practice for Information Security Controls based on ISO/IEC 27002 for Cloud Services
  • ISO/IEC 27018
    • Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds acting as PII Processors
  • ISO/IEC 27701
    • Security Techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management – Requirements and Guidelines
  • ISO 31000
    • Risk Management
  • ISO 29100
    • Information Technology – Security Techniques – Privacy Framework
  • Cloud Security Alliance (CSA)
    • Security, Trust, Assurance Registry (STAR)
  • EuroCloud Euro (ECE)
    • Eurocloud Star Audit Certification

Cyber Security Risk Assessment

Our qualified professional work with you to design bespoken cyber security assessment, including HKSARG SRAA, Cyber Security Regulation, Web Application, Mobile Application, Network and Host Assessment, Privacy Impact Assessment and Data Protection Assessment, to mitigate vulnerabilities and risks and fulfil compliance obligations.

  • Open Source Testing Methodology Manual (OSSTMM)

  • OWASP Security Risks

  • Baseline IT Security Policy (S17) sets the baseline standards of IT Security Policy for Government bureau/departments. It states what aspects are of paramount importance.

  • IT Security Guidelines (G3) elaborates on the policy requirements and sets the implementation standard on the security requirements specified in the Baseline IT Security Policy

  • Practice Guide for Security Risk Assessment & Audit (ISPG-SM01) formerly known as G51,provides the practical guidance and reference for security risk assessment & audit in the Government.

  • HKMA Guidelines

  • Macao Cybersecurity Law

  • Cybersecurity Law of the People’s Republic of China

Training

We offer cost effective and comprehensive trainings, from ISO management systems to customized training courses as your needs.

Our tutors are professional experts and are approved by PECB. Tutors share knowledge and experience during course that facilitates your learning. Through the course exercise, trainee can develop more solid knowledge through active participation and feedback from the tutors.

Nowadays, Self-Study is a flexible learning approach. Exquisite’s PECB Approved Self-Study Course allow you to arrange your study at your own pace and convenience time. We will provide you adminstrative support and examaination arrangement.

Exquisite focuses on providing professional training courses related to ISO management systems and industial standards. Throughout the courses, you will be able to practicipate in professionl networks to share experience and enhance practice, as well as equip with solid knowledge in industry.

Exquisite is the Authorized Training Partner of PECB

Data Control And Privacy Assessment

We offer data protection and privacy assessment to help you identify the data protection risks of personal information.

  • ISO/IEC 27018

    Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds Acting as PII Processors

  • ISO/IEC 27701 

    Security Techniques Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management Requirements and Guidelines

  • ISO 29100 

    Information Technology Security Techniques Privacy Framework

  • General Data Protection Regulation (GDPR)

  • The Personal Data (Privacy) Ordinance – PCPD