Certifications & Accreditations

Independent, third-party-verified evidence of methodology, quality, and competence — the foundation on which our regulated-industry clients place reliance.

Firm-Level Accreditations

TSE Class A — Penetration Testing Firm

Accredited by the Turkish Standards Institution (TSE) under TS 13638/T2, Certificate Number TSE-STF-065. The TSE Class A accreditation is the highest tier defined by the Turkish information security testing scheme, awarded only to firms whose methodology, quality assurance, governance, and personnel competence have been independently audited and demonstrated to meet rigorous criteria. Class A status is a prerequisite for participation in many Turkish public-sector penetration testing engagements.

CREST International Member

Nesil Teknoloji is a member of CREST International, the global accreditation and certification body for the technical information security industry. CREST membership obliges adherence to a defined code of conduct, methodology framework, quality management system, and complaint and dispute resolution process — and is widely referenced by financial regulators (including under the EU DORA TIBER-EU framework) as evidence of competent penetration testing.

Management System Certifications

  • ISO/IEC 27001 — Information Security Management System
  • ISO/IEC 27701 — Privacy Information Management System
  • ISO/IEC 20000-1 — IT Service Management System
  • ISO 22301 — Business Continuity Management System

All management system certifications are issued by IAF-accredited certification bodies and maintained through annual surveillance audits.

Industry & Standards Body Memberships

  • CREST International — full member firm
  • OWASP Foundation — corporate supporter
  • SiberKüme — Turkish cybersecurity industry cluster
  • KVKK Veri Sorumluları Sicili (VERBIS) — registered data controller

Reference Framework Alignment

Our methodology, deliverables, and governance are aligned with — and routinely audited against — the following references:

  • NIST Cybersecurity Framework 2.0
  • NIST SP 800-53 Rev. 5, SP 800-115, SP 800-171, SP 800-218 (SSDF)
  • ENISA Threat Landscape and good-practice guidance
  • OWASP Application Security Verification Standard (ASVS), Web/Mobile/API Security Testing Guides
  • PTES — Penetration Testing Execution Standard
  • BDDK, SPK, TCMB, BTK technical communiqués (Türkiye)

Request Certificate Copies