PECB_silver _partner

Professional Services

Exquisite is the Accredited Certification Body of IAS & APMG


We enable you to demonstrate that your services, processes or systems are compliant with local or international regulations and standards, or customer defined standard, through certification.  We provide certification services in IT service management (ISO/IEC 20000) Information Security Management System (ISO 27001) and Quality Management System (ISO 9001).

ISO/IEC 20000 is the international ITSM (IT service management) standard. It enables IT departments to ensure that their ITSM processes are aligned with the business’s needs and international best practices. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an ITSM.

ISO 27001 details requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS), aiming to help organizations to protect information assets they hold.

ISO 9001 helps organizations to ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service.


We offer cost effective and comprehensive trainings, from ISO management systems to customized training courses as your needs.

Our tutors are professional experts and are approved by PECB. Tutors share knowledge and experience during course that facilitates your learning. Through the course exercise, trainee can develop more solid knowledge through active participation and feedback from the tutors.

Nowadays, Self-Study is a flexible learning approach. Exquisite’s PECB Approved Self-Study Course allow you to arrange your study at your own pace and convenience time. We will provide you administrative support and examination arrangement.

Exquisite focuses on providing professional training courses related to ISO management systems and industrial standards. Throughout the courses, you will be able to participate in professional networks to share experience and enhance practice, as well as equip with solid knowledge in industry.

Exquisite is the Authorized Training Partner of PECB


We deliver audit services against specifications and standards outside our normal certification services, with major focus in Quality Management, Information Security, Service Management and Business Continuity. These can be tailored to your own specifications and delivered to assure the compliance.

  • ISO 9001
    • Quality Management Systems
  • ISO/IEC 20000-1
    • Information Technology – Service Management – Part 1: Service Management System Requirements
  • ISO 22301
    • Security and Resilience – Business Continuity Management Systems – Requirements
  • ISO/IEC 27001
    • Information Security Management Systems
  • ISO/IEC 27002
    • Code of Practice for Information Security Controls
  • ISO/IEC 27017
    • Code of Practice for Information Security Controls based on ISO/IEC 27002 for Cloud Services
  • ISO/IEC 27018
    • Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds acting as PII Processors
  • ISO/IEC 27701
    • Security Techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management – Requirements and Guidelines
  • ISO 31000
    • Risk Management
  • ISO 29100
    • Information Technology – Security Techniques – Privacy Framework
  • Cloud Security Alliance (CSA)
    • Security, Trust, Assurance Registry (STAR)
  • EuroCloud Euro (ECE)
    • Eurocloud Star Audit Certification

Cyber Security Risk Assessment

Our qualified professional work with you to design bespoken cyber security assessment, including HKSARG SRAA, Cyber Security Regulation, Web Application, Mobile Application, Network and Host Assessment, Privacy Impact Assessment and Data Protection Assessment, to mitigate vulnerabilities and risks and fulfil compliance obligations.

  • Open Source Security Testing Methodology Manual (OSSTMM)

  • OWASP Security Risks

  • Baseline IT Security Policy (S17) sets the baseline standards of IT Security Policy for Government bureau/departments. It states what aspects are of paramount importance.

  • IT Security Guidelines (G3) elaborates on the policy requirements and sets the implementation standard on the security requirements specified in the Baseline IT Security Policy

  • Practice Guide for Security Risk Assessment & Audit (ISPG-SM01) formerly known as G51,provides the practical guidance and reference for security risk assessment & audit in the Government.

  • HKMA Guidelines

  • Macao Cybersecurity Law

  • Cybersecurity Law of the People’s Republic of China

Data Control And Privacy Assessment

We offer data protection and privacy assessment to help you identify the data protection risks of personal information.

  • ISO/IEC 27018

    Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds Acting as PII Processors

  • ISO/IEC 27701 

    Security Techniques Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management Requirements and Guidelines

  • ISO 29100 

    Information Technology Security Techniques Privacy Framework

  • General Data Protection Regulation (GDPR)

  • The Personal Data (Privacy) Ordinance – PCPD

Supplier Assessment

Supplier Assessment service helps company determine the competence and potential of the supplier to ensure compliance with the legal regulations and contractual requirements in terms of quality, social responsibility, health and safety, information security, and business continuity.

It is a service to audit supplier performance through document review & on-site review by looking at practical information, evaluation of supplier’ s legal status, organizational chart, staff competence, capability of facilities, and ability of internal control. This ensures the business operates with safety, quality, and reliability and low risks before contract engagement.

In the highly competitive market today, retailers and buyers evaluate the supplier performance in fulfilling the relevant product and industry requirements from service design to delivery.

  • How do retailers or buyers select sellers as their new partner?
  • How can monitoring report evaluate the growth of existing sellers?
  • How effective is it to work with the seller to maintain the quality goal all the time?



  • Reservation for supplier assessment service of Exquisite.
  • Evaluation of supplier is an assessment of the operation process and operation capability including quality of inputs.  
  • Custom-made supplier assessment questionnaires.
  • Supplier Assessment summary report. 
  • Understanding the ability of a potential seller
  • Identification of strength and weakness of sellers in the seller list
  • Providing independent assessment on quality and information security to improve service
  • Mitigation of purchasing risk
  • Reducing potential risk of unethical conduct or causing harm to the environment
  • Not necessary to arrive at the site in person