AAA Technologies Limited has secured two major cyber security audit mandates from NICSI and Punjab & Sind Bank. Valued collectively over ₹40 lakh, the contracts require the CERT-In empanelled firm to conduct rigorous application compliance assessments for the EPFO and extensive enterprise-wide vulnerability testing across the bank's digital networks.
MUMBAI, India — Mumbai-headquartered IT security firm AAA Technologies Limited has formally announced the acquisition of two major cyber security audit mandates from prominent Indian public sector entities. In dual regulatory disclosures filed with the National Stock Exchange of India (NSE) and the BSE Limited, the company revealed it has secured critical application and network security contracts to protect highly sensitive citizen data and banking architecture.
The consecutive contract wins underscore the intensifying regulatory pressure on government bodies and financial institutions to upgrade their defensive postures against sophisticated cyber threats. As compliance mandates tighten under the supervision of India's Ministry of Electronics and Information Technology (MeitY), public infrastructure bodies are aggressively deploying specialized third-party auditors to identify vulnerabilities before they can be exploited by malicious actors.
NICSI Tasks AAA Technologies With EPFO Security Overhaul
According to an official disclosure filed by AAA Technologies under Regulation 30 of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, the first major contract was awarded by the National Informatics Centre Services Incorporated (NICSI). The state-backed enterprise, operating under MeitY, issued Work Order on July 7, 2026, totaling ₹11,23,360.
The mandate directs AAA Technologies to execute a Comprehensive Security Assessment (CSA) alongside application security audit and compliance services for the Employees' Provident Fund Organisation (EPFO). The EPFO holds the personal identities, financial records, and retirement savings of tens of millions of Indian citizens, making its digital perimeter a matter of national security.
The specific parameters of the NICSI agreement outline a rigorous, time-bound operational window:
Duration & Timeline: The audit spans a fixed 68-day period, commencing retrospectively on July 6, 2026, and scheduled for completion by September 11, 2026.
Execution Location: Technical deployment and application testing will center at the EPFO Complex near the National Data Center in Dwarka, New Delhi.
Performance Guarantees: In accordance with standard public procurement protocols, AAA Technologies must maintain a Performance Bank Guarantee (PBG) equivalent to 3% of the total order value. Delayed submission of this guarantee carries a daily fiscal penalty of 0.1%.
Punjab & Sind Bank Mandates Enterprise-Wide VAPT Auditing
Simultaneously, AAA Technologies clinched a separate commercial mandate from New Delhi-headquartered public sector lender Punjab & Sind Bank. The engagement letter and purchase order , finalized on July 7, 2026, values the baseline contract at ₹28,99,400, excluding statutory taxes.
The financial institution has retained AAA Technologies as its primary Indian Computer Emergency Response Team (CERT-In) empanelled auditor for the entire 2026-27 financial year. The exhaustive Vulnerability Assessment and Penetration Testing (VAPT) framework will probe the bank's entire consumer-facing and backend digital infrastructure.
The extensive scale of the banking audit involves evaluating:
Core Applications: 18 critical IT and security systems, along with 35 secondary high-to-low risk corporate applications.
Digital Endpoints: 125 external and internal URLs alongside mobile banking software (spanning 9 Android APKs and 2 iOS installations).
Network & Cloud Architecture: 3 dedicated data centers, 2,000 internal and external internet protocol (IP) addresses, 140 core network configurations, 360 public IPs, and isolated cloud hosting platforms.
Integration Systems: 250 distinct Application Programming Interfaces (APIs) alongside the source code of 40 in-house developed software portals.
Security & Consumer Hardware: 25 security tools (including SIEM, DLP, and EDR systems) alongside sample testing of 100 active automated teller machine (ATM) network IPs.
The bank's strict operational terms dictate that AAA Technologies must deploy personnel directly across various branches and regional offices. Furthermore, the technical project must launch on-site within five working days of the order issuance.
Official Sources Section
The information contained in this report is derived directly from official corporate disclosures submitted by AAA Technologies Limited to the National Stock Exchange of India Limited and BSE Limited. Additional transactional specifics originate from the statutory work orders issued by the National Informatics Centre Services Incorporated (NICSI) and the executive procurement committee at Punjab & Sind Bank's Head Office Inspection and Audit Department.
Executive Statements
In statutory filings authenticated by AAA Technologies, the company verified its compliance readiness under SEBI guidelines.
"According to officials, AAA Technologies Limited has received the work order from National Informatics Centre Services Incorporated for providing Application Security Audit and Compliance Services, which has been duly taken on record," stated Sagar Shah, Company Secretary and Compliance Officer, in the regulatory transmission.
Regarding the financial sector deployment, procurement documentation signed by the Deputy General Manager of Punjab & Sind Bank confirmed that the commercial selection followed a rigorous open bidding process initiated in May 2026.
"Organizers stated that the bank reserves the right to vary the indicated scope of the audit by up to 10% based on operational evolution during the fiscal year 2026-27, with the vendor bound to adhere to strict timelines and liquidated damages clauses," the bank's technical mandate detailed.
Why It Matters
For everyday banking consumers and workforce members enrolled in the state provident fund, these technical evaluations act as a crucial line of defense against data breaches and financial fraud. Regular VAPT audits force large institutions to patch software loopholes before ransomware gangs can exploit them. For institutional investors tracking AAA Technologies (NSE: AAATECH; BSE: 543671), these dual public sector wins solidify the company’s revenue runway for the mid-2026 fiscal periods and emphasize its strong standing as an empanelled CERT-In security vendor.
Key Facts at a Glance
Dual Mandates: AAA Technologies bagged back-to-back cybersecurity contracts from NICSI and Punjab & Sind Bank.
Combined Value: The contracts represent an aggregate baseline value exceeding ₹40 lakh in pure security service fees.
EPFO Infrastructure: The NICSI project involves a focused 68-day security compliance review of EPFO digital systems.
Banking Perimeter: The Punjab & Sind Bank project covers 2,000 network IPs, 250 APIs, 3 data centers, and 125 web domains or apps.
Regulatory Stature: The contracts utilize the firm's specialized empanelment with CERT-In for advanced IT security auditing.
Frequently Asked Questions (FAQ)
What exactly is a VAPT audit?
Vulnerability Assessment and Penetration Testing (VAPT) is a technical process where cybersecurity specialists scan and intentionally attack an organization's network, applications, and servers to uncover hidden security flaws before actual hackers find them.
Why is the EPFO security assessment significant for citizens?
The EPFO holds sensitive personal data and substantial retirement funds for millions of Indian workers. A Comprehensive Security Assessment (CSA) ensures that identity theft and unauthorized financial extractions are blocked at the systemic level.
How often does Punjab & Sind Bank audit its digital banking tools?
Per government guidelines, the bank subjects non-critical information systems to annual reviews, while critical information systems and those deployed in the De-Militarized Zone (DMZ) undergo biannual half-yearly testing cycles.
Sources: AAA Technologies Limited Investor Relations, Company disclosure to Stock Exchanges