We enable you to demonstrate that your services, processes or systems are compliant with local or international regulations and standards, or customer defined standard, through certification. We provide certification services in Information Security Management System (ISO 27001) and Quality Management System (ISO 9001).
ISO 27001 details requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS), aiming to help organizations to protect information assets they hold.
ISO 9001 helps organizations to ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service.
We deliver audit services against specifications and standards outside our normal certification services, with major focus in Quality Management, Information Security, Service Management and Business Continuity. These can be tailored to your own specifications and delivered to assure the compliance.
- ISO 9001
- Quality Management Systems
- ISO/IEC 20000-1
- Information Technology – Service Management – Part 1: Service Management System Requirements
- ISO 22301
- Security and Resilience – Business Continuity Management Systems – Requirements
- ISO/IEC 27001
- Information Security Management Systems
- ISO/IEC 27002
- Code of Practice for Information Security Controls
- ISO/IEC 27017
- Code of Practice for Information Security Controls based on ISO/IEC 27002 for Cloud Services
- ISO/IEC 27018
- Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds acting as PII Processors
- ISO/IEC 27701
- Security Techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management – Requirements and Guidelines
- ISO 31000
- Risk Management
- ISO 29100
- Information Technology – Security Techniques – Privacy Framework
- Cloud Security Alliance (CSA)
- Security, Trust, Assurance Registry (STAR)
- EuroCloud Euro (ECE)
- Eurocloud Star Audit Certification
Cyber Security Risk Assessment
Our qualified professional work with you to design bespoken cyber security assessment, including HKSARG SRAA, Cyber Security Regulation, Web Application, Mobile Application, Network and Host Assessment, Privacy Impact Assessment and Data Protection Assessment, to mitigate vulnerabilities and risks and fulfil compliance obligations.
Open Source Testing Methodology Manual (OSSTMM)
OWASP Security Risks
Baseline IT Security Policy (S17) sets the baseline standards of IT Security Policy for Government bureau/departments. It states what aspects are of paramount importance.
IT Security Guidelines (G3) elaborates on the policy requirements and sets the implementation standard on the security requirements specified in the Baseline IT Security Policy
Practice Guide for Security Risk Assessment & Audit (ISPG-SM01) formerly known as G51，provides the practical guidance and reference for security risk assessment & audit in the Government.
Macao Cybersecurity Law
Cybersecurity Law of the People’s Republic of China
We offer cost effective and comprehensive trainings, from ISO management systems to customized training courses as your needs.
Our tutors are professional experts and are approved by PECB. Tutors share knowledge and experience during course that facilitates your learning. Through the course exercise, trainee can develop more solid knowledge through active participation and feedback from the tutors.
Nowadays, Self-Study is a flexible learning approach. Exquisite’s PECB Approved Self-Study Course allow you to arrange your study at your own pace and convenience time. We will provide you administrative support and examination arrangement.
Exquisite focuses on providing professional training courses related to ISO management systems and industrial standards. Throughout the courses, you will be able to participate in professional networks to share experience and enhance practice, as well as equip with solid knowledge in industry.
Data Control And Privacy Assessment
We offer data protection and privacy assessment to help you identify the data protection risks of personal information.
- ISO/IEC 27018
Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds Acting as PII Processors
- ISO/IEC 27701
Security Techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management – Requirements and Guidelines
- ISO 29100
Information Technology – Security Techniques –Privacy Framework
General Data Protection Regulation (GDPR)
The Personal Data (Privacy) Ordinance – PCPD