XecureIT professionals use two primary references to deliver information security CARES services:

1. XecureIT Governance and Evaluation Framework (XGEF) as a standard framework.
2. Standar Arsitektur Keamanan Tingkat Tinggi Informasi (SAKTTI), is our standard architecture to build a digital fortress system which integrates the SAKTTI’s information security controls and principles to enforce the consistency of information security strategy.

XecureIT Governance and Evaluation Framework (XGEF) is a standard framework used by our professionals to deliver information security CARES (Consultancy, Assurance, Research & Development, Education, Solutions) services.

XGEF ensures that our professionals provide effective and efficient recommendations to reduce information IT and security related risks, increase the value of existing IT investment, and ensure compliance and conformance with regulations and standards.

XGEF has been developed as a comprehensive information security framework by XecureIT core team based on our 23 years international experiences and various information security regulations and standards, including well-known IT governance framework and security practices, such as:

• Indonesia Cyber Law (UU Informasi dan Transaksi Elektronik)
• Peraturan Pemerintah tentang Penyelenggaraan Sistem dan Transaksi Elektronik (PSTE)
• ISO 27001 Information Security Management System (ISMS)
• ISO 27035 Information Security Incident Management (ISIM)
• ISO 22301 Business Continuity Management System (BCM)
• Payment Card Industry Data Security Standard (PCI DSS)
• ISA 62443 Security for Industrial Automation and Control Systems (IACS)
• TIA-942 Data Center Standards
• Information Systems Security Assessment Framework (ISSAF)
• Open Security Architecture (OSA)
• Open Source Security Testing Methodology Manual (OSSTMM)
• Open Web Application Security Project (OWASP)
• National Institute of Standards and Technology (NIST) SP 800 Series
• Various security checklists related to specific technology or solution.