Two Things: One Often Confused for the Other
Understanding the difference protects you and sets the right expectations
| Technical Assessment (Kalasec) | Compliance Submission (Registered Assessor) |
|---|---|
| Real vulnerabilities found in live systems | Official submission handled by licensed assessors |
| Step-by-step remediation | Requires licensed vendor |
| Pre-audit preparation | Certifies compliance posture |
| Report you own and use internally | Required for license renewal |
Official regulatory filing is conducted through licensed assessors. Kalasec provides the technical assessment and preparation
Examples include OJK, MAS, BNM regulatory frameworks
What We Offer Regulated Clients
Pre-Compliance Assessment
Full technical assessment using regulatory scenarios. Remediation guide and retest included
If you have an upcoming audit, choose this — findings are mapped to regulatory clauses, not just severity.
Technical prep only. Official filing via partners
Standard Technical Assessment
Security assessment of products, cloud, or AI systems. Findings ranked by severity
Best for: ongoing security visibility
Need the Official Filing Too?
We connect you with a licensed assessor. Technical assessment runs in parallel
Output: Kalasec report + partner compliance submission
Compliance-Specific Capabilities
Regulatory Mapping
Findings aligned to POJK 11/2022, MAS TRM, BNM RMiT
Structured Findings Including Executive Impersonation Exposure
Severity-ranked with CVSS scoring
Evidence Archive
Documentation formatted for audit submission
Retest Validation
Confirmation that fixes are effective
Executive Summary
Board-ready overview of posture and risks
How It Works
Structured for regulated environments
Scope Agreement
Define assets and target regulatory framework(s)
Autonomous Simulation
AI agents test technical vulnerabilities and executive impersonation attack paths
Expert Validation
Analysts map findings to regulatory requirements
Delivery + Guidance
Report with evidence package and remediation steps (results in 1 – 2 weeks)
Technical Partnerships
We work with licensed security firms who need reliable technical execution
White-Label Execution
- ✓ White-label security testing under your brand
- ✓ Fixed cost per engagement
- ✓ You sign the compliance report
- ✓ NDA-protected engagements
Technical Collaboration
- → Collaboration with licensed assessors
- → Referral partnerships available
- → NDA-protected engagements
- → Terms discussed directly
Partner enquiries: [email protected]
Pricing
Outcome‑aligned billing · Transparent pricing
| Package | Starting Price |
|---|---|
| Product Attack | From $1k |
| Cloud Attack | From $2k |
| AI Attack | From $2k |
| Executive Impersonation Testing | From $2k |
| Phishing & Social Engineering | From $1k |
| Complete Package | From $5k |
| Pre-Compliance Add-On — applies to any package | + $1k |
Pricing in USD · IDR / SGD accepted for local clients
50% upfront · final 50% on validated findings
Why We Don't Charge Per Finding
Per-bug billing is a known loophole — firms pad reports with low-severity findings to inflate invoices. We charge per engagement, not per finding, so our incentive is your actual security posture, not report length
Strict Confidentiality
Client engagements protected by strict confidentiality
Proven Experience
Security testing experience across financial institutions and regulated sectors
Independent Testing
No vendor relationships that influence what we find or report
No Vendor Lock-In
Findings are yours — no obligation to purchase remediation services
Where To Go Next
Each page is built for a different conversation
For Buyers
Product, cloud, AI, and executive impersonation testing. Fixed scope, outcome-aligned
Explore Services →Compliance-Ready
Pre-compliance assessments with regulatory mapping and evidence packages
Compliance Page →For Partners
White-label execution, blue-team support, and integrated partnerships
Partner With Us →Let's prepare you
for what's coming
Tell us what you need — we'll respond with a clear scope, methodology, and fixed price
Request Assessment