UAE Information Assurance Standards
Vulnerability assessment & penetration testing for CII

Vulnerability identification and patch management

Centraleyezer continuously ingests vulnerability data from your scanners, applies the contextual six-factor risk score, and tracks remediation against documented SLAs — fulfilling IAS T7.4.1's requirement for ongoing vulnerability identification, risk-based prioritisation, and patching.

Penetration testing programme

Vulnerability findings from internal and external penetration tests can be ingested alongside scanner output, deduplicated, scored contextually, and tracked through the remediation lifecycle. The full audit trail demonstrates the IAS-required closed-loop testing programme.

Asset management and information classification

Asset criticality scoring (low → critical) maps directly to the IAS asset classification model. Group-based access control ensures vulnerability data inherits the same classification as the assets it relates to.

Strategy and governance — risk register

Contextual risk scores produce an authoritative, dynamic risk register that the ISMS can use as evidence for IAS Strategy & Governance reviews. Risk acceptances are timestamped, attributed to a named approver, and linked to compensating controls.

Communications and operations — change management

Patch deployment workflows tie remediation actions to change-management records. Every state change is logged, supporting the IAS T5 requirement for documented operational change.

Periodic IAS assessment readiness

Vulnerability records, SLA-adherence metrics, risk-acceptance registers, and remediation timelines are exportable as Executive, CISO, and Technical reports — the evidence pack your IAS assessor expects to sample. Centraleyezer does not generate the IAS compliance report itself; that remains your information-security team's output.