Big Data Analytics

ISO and Best Practice Consultancy

CASSolution provides consultancy services deliberately on cyber security, data protection, and management services.

Cyber Security and Data Protection

Data and information quality are crucial to organizations for making prompt and correct decisions. How to protect the confidentiality, integrity and availability of information is a critical management issue. CASSolution provides a wide range of data protection and cyber security-related services concerning globally recognized standards and guidelines.

CASSolution provides a varied range of data protection and information security-related services concerning globally recognized standards and guidelines.

  • ISO/IEC 27001 – Information Security Management System
  • ISO/IEC 27701 – Privacy Information Management System
  • Data Privacy / Data Protection
  • Open API
  • Cloud security
  • Penetration test
  • Vulnerability assessment
  • Security Risk Assessment and Audit (SRAA)
  • Privacy Impact Assessment and Audit (PIAA)
  • Implementation of security control measures
  • Cyber security framework and controls
  • ISO/IEC 27001 – Information Security Management Systems
  • ISO/IEC 27002 – Code of Practice for Information Security Controls
  • ISO/IEC 27017 – Code of Practice for Information Security Controls Based on ISO/IEC 27002 for Cloud Services
  • ISO/IEC 27005 Information Security Risk Management
  • ISO/IEC 27018 – Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds Acting as PII Processors
  • China Cybersecurity Law
  • Personal Information Protection Law of the PRC
  • Macau Cybersecurity Law
  • General Data Protection Regulation (GDPR)
  • Cloud Security Alliance (CSA) – Security, Trust, Assurance Registry (STAR)
  • Eurocloud Star Audit Certification
  • Open Source Testing Methodolo

IT Service

By applying service management practices such as ITIL and ISO/IEC 20000, organizations can manage their services, processes, and people in an effective manner. From the view of supply chain management, both organizations and their service providers can strengthen operations and business relationships, as well as uplifting their overall competitiveness. CASSolution helps build an effective IT governance system according to ITIL or improves the existing IT service management practices in a cost-effective way.

  • ISO/IEC 20000 – Information Technology – Service Management System
  • ITIL 4

Risk Management, Business Continuity & Disaster Recovery

Organizations shall take risk management as value creations, instead of protections and expenses. By adopting a sound risk management methodology, catastrophic risks can be identified, prevented or mitigated by minimizing the chance of occurrence and negative impacts.

Business continuity management (BCP) and disaster recovery management (DRP) aim to strengthen the organizational continuity capability and resilience with the capacity of an effective response that safeguards the interests of the organizational key stakeholders, business interruption, reputation and brand.

  • ISO 22301 – Business Continuity Management System
  • ISO 31000 – Risk Management
  • ISO/IEC 27005 – Information Security Risk Management
  • Business Continuity Plan (BCP)
  • Disaster Recovery Plan (DRP)

ISO Management Systems

CASSolution provides consultancy services in implementation of ISO standards of quality, environmental, occupation health and safety, information security, asset, energy, and social responsibility management systems.

  • ISO 9001 – Quality Management Systems
  • ISO 14001 – Environmental Management Systems
  • ISO 45001 – Occupational Health and Safety Management Systems
  • ISO/IEC 27001 – Information Security Management Systems
  • ISO/IEC 20000 – Information Technology Service Management Systems
  • ISO 22301 – Business Continuity Management Systems
  • ISO 26001 – Social Responsibility Management Systems
  • ISO 41001 – Facility Management Systems
  • ISO 50001 – Energy Management Systems
  • ISO 55001 – Asset Management – Management Systems
  • ISO 19770-1 – IT Asset Management Systems
  • FSC/PEFC Forest Certification System

Assessment and Training Service

Cassolution will help your team learn the required skills regarding the management system you want, and guide you on how to go about obtaining the qualification certificates you need. Our experts at Cassolution are always ready to help organizations who intend to optimize their company’s efficiency. We offer professional training services and independent assessment for all elements you need, including:

  • ISO/IEC 27001 Management Training Course
  • ISO/IEC 20000 Management Training Course
  • ISO/IEC 22301 Management Training Course
  • ISO9001 Management Training Course
  • ISO14001 Management Training Course
  • ISO45001 Management Training Course
  • ISO50001 Management Training Course
  • ISO/IEC 27701 Management Training Course
  • ISO/IEC 27702 Management Training Course
  • Privacy Impact Assessment
  • Security Risk Assessment 
  • Vulnerability Assessment 
  • Penetration Test

Managed Security Services (MSS)

Managed security services (MSS) is an outsourced security service provided by CASSolution to monitor and manage security devices, services and systems. Today, many companies and organizations face different security threats and vulnerabilities and business risks. Understanding these risks and responding with MSS solutions is what we do.

Security Consultation

When organizations are unsure what measures and solutions they need, CASSolution offers consulting services to make sure effective cyber security practices are implemented. We provide a broad range of cyber security advisory services, including feasibility study, security solution and product evaluation, security solution deployment and project management. Our objective is to help create protected IT systems where cyber-attack could be avoided.

Cybersecurity Assessment

Not only evaluate corporate IT systems with advanced cyber security assessment tools to reveals its strengths and weaknesses, threats and vulnerabilities, but we also check if the organizations’ systems are secure and comply with local regulations and international security standards as best practices. CASSolution offers privacy impact assessment, vulnerability assessment, penetration test, web and mobile application assessment, secure code assessment via Dynamic Application Security Testing (DAST) and Statis application security testing (SAST).

Cybersecurity Assessment Tools License (Installation and configuration)

IT systems and infrastructure security need continually enhanced and monitored to abreast of the latest technology and emerging threats. We can offer license, configuration and support services on use of the cyber security assessment tools

Acunetix is used to discover web application vulnerabilities and can be used for:

  • Finding and confirming Triaging
  • vulnerabilities
  • Researching zero days
  • Guiding devs through remediation
  • Proving compliance
  • detect 7,000+ vulnerabilities with blended DAST + IAST scanning: e.g. OWSAP Top Ten

Static application security testing (SAST), is a testing methodology that analyzes source code to find security vulnerabilities that make your organization’s applications susceptible to attack. SAST scans an application before the code is compiled.  This review is the line-by-line assessment of the code so that security flaws or backdoors left in the coding of the application can be identified and patched at the earliest.

Nessus scans cover a wide range of technologies including operating systems, network devices, hypervisors, databases, web servers, and critical infrastructure.  Nessus scans vulnerabilities and exposures

Secondment Service

Talents are the greatest asset of an organization. With over 16-year IT security service experience, we have developed a group of professionals within the industry, and we are confident to provide the right secondees to serve our customers. 

Secondment is getting common in IT industry especially for those organizations find it hard to employ a right person to tackle the IT challenges, and it could happen from multi-national enterprises to small-medium size companies. 

We can provide secondees on either full-time basis or temporary basis, and customers do not need to bother anything about the payroll works & insurance plans. We will be available to help anytime you need us. We listen, we advise, and we serve professionally. 

Awareness Campaign

Many security incidents are caused by the human beings.  Training and regular awareness campaign becomes mandatory training requirements in organizations.

We offer security awareness training to promote and arise the security protection. Through awareness campaigns, e.g. phishing email, this can test the awareness and maintain staff awareness on using email.

Security Monitoring

Our SOC provides three sets of services:

RSM is to monitor your system at our SOC.  You don’t need to change any big issue in your infrastructure, simply copy your desired system traffic to our SOC.  We will do the rest for you.

NSM is to monitor your network on-site for security related events. It could be proactive, when used to identify vulnerabilities or expiring SSL certificates, or it could be reactive, such as in incident response and network forensics. Whether you’re tracking an adversary or trying to keep malware at bay, NSM provides context, intelligence, and situational awareness of your network.

ESM takes NSM to the next level and includes endpoint visibility and other telemetry from your enterprise.


Since 2006, CASSolution assisted a hundred of customers from a variety of industries to receive internationally recognized ISO certifications

ISO/IEC 27001
Other ISO
Penetration Test / Vulnerability Assessment / Privacy Impact Assessment

Customer business areas: Government & NGOs, printing service, logistics & transportation, commercial data centre, SOC, manufacturing & engineering services.





Our Core Values


We believe in knowledge and people’s unlimited potential


We value mutual respect


We are devoted to the job and life’s rewards

Our Missions

Corporate and Security Solution Limited, or CASSolution in short, is a Hong Kong based IT security consulting firm founded in 2006, and a subsidiary was formed in Macao in 2020. Our mission is to help our customers to create sustainable growth, achieve business excellence and add value through the provision of our excellent and professional services.


Member of the Business Continuity Institute (BCI)

Certified Business Continuity Professional (DRII)

Certified In The Governance of Enterprise IT (ISACA)

Certified in Risk and Information Systems Control (ISACA)

Certified Information Security Manager (ISACA)

Certified Information Systems Auditor (ISACA)

Certified Data Privacy Solutions Engineer (ISACA)

IRCA Registered ISMS, QMS and ITSMS Principal Auditor

itSMF ISO/IEC 20000 Auditor (itSMF)

EuroCloud Professional Certification (ECSA)

Certificate of Cloud Security Knowledge (Cloud Security Alliance)

Advanced Cloud Security Auditing for CSA STAR Certification (BSI)

Certified Information Systems Security Professional (ISC)2

Information Systems Security Management Professional (CISSP-ISSMP(ISC)2)

PECB Certified ISO/IEC 27001 Lead Auditor & ISO/IEC 27032 Lead Cybersecurity Manager

Certified QMS Lead Auditor

Cisco Certified Network Professional

Practitioner Certificate in Project Management & Agile Practitioner Certificate in Agile Project Management (Prince2)



  • Became HKSARG OGCIO SOA-QPS5 Subcontractor (Category B)
  • Received “Good MPF Employer” Award  by MPFA


  • All consultants completed internationally recognized ISO 9001 QMS Lead Auditor training
  • All consultants were certified in APMG ISO/IEC 20000 ITSMS Auditor
  • All consultants completed internationally recognized ISO/IEC 27001 ISMS Lead Auditor training
    CASSolution and subsidiary certified with ISO/IEC 27001:2013


  • CASSolution subsidiary certified with ISO 9001:2015
  • CASSolution subsidiary became the supplier under Macau SAR – Financial Services Bureau supplier database
  • CASSolution subsidiary in Macao was established


  • Became HKSAR OGCIO Standing Offer Agreement for Quality Professional Services 4(SOA-QPS4) Sub-contractor


  • Became Accredited Consulting Organization of EuroCloud
  • Became Accredited Training Organization of EuroCloud


  • Certified with ISO 9001:2008
  • Became interested supplier under HKSAR OGCIO
  • Became Certified Business Continuity Professional Training Provider of DRII


  • Became one of the global partners of Minitab.


  • CASSolution was established


Hong Kong



* indicates required