Level-1 certification is a base-level certification that is focused on an organization’s security practices against common cyber security resilience. This level does not require a formal assessment, instead requires keeping one GISAT Practitioner (Engineer) employed either on full time, part time or contractual basis to implement, lead and/or maintain technical security controls. GISAT certification practitioner will provide assessment reports to stakeholders which will provide assurance that all required technical controls have been implemented and maintained as per the compliance framework to safeguard the organization. Also, Organizations may qualify for cyber insurance.

Level-2 certification ensures that organization has implemented the administrative and physical controls. This level requires an internal assessment each year which should be performed by GISAT certified internal auditor. Organization can either employ an individual with GISAT certified-internal auditor certification or train and certify one of the existing employees with the same certification. GISAT Level-2 certification helps provide assurance to all stakeholders of the organization that compliance team has not only implemented all the technical, administrative, and physical security controls to secure internal and customer data, but also does periodic reviews to assess the frameworks effectiveness.

Level-3 is the highest-level certification under the GISAT certification programs. It ensures that organization has implemented technical, administrative and physical controls that is assessed annually by impartial third-party. This level requires GISAT certified external auditor to perform an audit each year. GISAT Level-3 certification provides assurance to customers and partners that organization has not only implemented all the technical, administrative, and physical security controls to secure the internal and customer data but also gets periodic reviews done by external auditor to assess the Framework’s effectiveness.