National Cyber Emergency Response Team (NCERT) has decided that only registered cybersecurity audit firms will be authorised to conduct official audits of national IT infrastructure systems.
The registration framework requires firms to demonstrate at least three years of professional cybersecurity auditing experience before becoming eligible to apply for official registration.
Applicants must hold valid registration with the Securities and Exchange Commission of Pakistan (SECP), ensuring legal compliance before submitting applications for cybersecurity audit firm registration.
Maintaining a strong market reputation is mandatory, while firms involved in legal or professional misconduct, or blacklisted in public or private sectors, will be disqualified.
Cybersecurity audit firms must employ certified professionals, with each expert required to possess at least three years of relevant professional experience in cybersecurity auditing practices.
Foreign companies maintaining registered local branches inside Pakistan may also apply for registration, provided they meet all eligibility requirements outlined by National CERT.
National CERT reserves authority to conduct unannounced and complete reviews of registered firms at any time, ensuring compliance with established standards and operational authorisation requirements.
Every registered firm must formally renew its National CERT registration once every two years, with updated compliance checks conducted to maintain continued eligibility and operational approval.
The approved list of registered cybersecurity audit firms will be published on the official platform of National CERT and updated regularly to reflect ongoing compliance and authorisation.
