We don't just audit.
We comply.
Transparency is our foundation. Review our certifications, compliance status, and security policies. We hold ourselves to the same standards we audit.
Certifications & Accreditations
Industry-recognized certifications validating our security posture and operational excellence.
OSCP / OSWE
Offensive Security Certified Professional and Web Expert. Advanced penetration testing and web application exploitation.
eCPPT / eWPTX
eLearnSecurity Certified Professional Penetration Tester and Web Application Penetration Tester eXtreme.
CompTIA Pentest+ / Security+
Industry-recognized certifications covering penetration testing methodology, vulnerability management, and security fundamentals.
BSCP
Burp Suite Certified Practitioner. Specialized in web application security testing with industry-standard tools.
NIS2 Expertise
Practical experience implementing and auditing NIS2 Directive requirements for Essential and Important Entities.
GDPR / ISO 27001
Audit and implementation experience for GDPR compliance and ISO 27001 information security management systems.
Compliance Statement
GDPR Compliance: ShadowCore processes personal data only as necessary for service delivery, with explicit consent and documented legal bases under the General Data Protection Regulation (EU) 2016/679.
NIS2 Expertise: Our team has hands-on experience implementing and auditing NIS2 Directive (EU) 2022/2555 requirements, including gap analysis, policy development, incident reporting procedures, and management body accountability for Essential and Important Entities across multiple sectors.
Client Confidentiality: All engagement data is handled under strict need-to-know access. Non-disclosure agreements are standard for every engagement. Pentest reports and findings are encrypted in transit and at rest.
Security Policies
Key policies governing our operations and service delivery.
Information Security Policy
Comprehensive security framework governing all operations, data handling, and personnel.
Data Processing Agreement
GDPR-compliant DPA available for all clients. Standard Contractual Clauses supported.
Incident Response Plan
Documented IR procedures with <1h SLA for critical incidents. Tested quarterly.
Business Continuity Plan
BCP/DR procedures ensuring service continuity. RPO <1h, RTO <4h for all critical systems.
Vendor Security Policy
All third-party vendors undergo security assessment before onboarding.
Responsible Disclosure
Vulnerability disclosure program for reporting security issues. Contact security@shadowcore.io.