Frequently Asked Questions

VAPT (Vulnerability Assessment and Penetration Testing) is a security testing process that identifies weaknesses in your systems before attackers can exploit them. Businesses need VAPT to protect sensitive data, meet compliance requirements (ISO 27001, PCI DSS, RBI guidelines), and avoid costly data breaches.

A standard web application VAPT takes 5–10 business days depending on the application's size and complexity. Network infrastructure assessments typically take 3–7 days. We provide a detailed timeline during the scoping phase.

Yes. All our VAPT engagements include a complimentary re-test within 30 days to verify that identified vulnerabilities have been properly remediated.

We coordinate carefully to minimise disruption. Testing is typically conducted in a controlled manner, and for critical production systems we can schedule testing during off-peak hours. We always obtain explicit written authorisation before beginning any testing.

We support ISO 27001:2022, SOC 2 Type II, PCI DSS, GDPR, RBI Cyber Security Framework, SEBI Cyber Security Circular, DPDP Act (India), HIPAA, and NIST CSF.

From initial gap analysis to certification, the process typically takes 6–12 months depending on your organisation's current maturity, size, and the certification body. Infilux provides end-to-end support through every stage.

No. We work with organisations at all maturity levels — from those just starting their security journey to those maintaining existing certifications.

Our SOC as a Service provides 24/7 threat monitoring, log management, incident detection and response, threat intelligence feeds, monthly security reports, and a dedicated security analyst team — without the capital investment of building an internal SOC.

Our SLA for critical incidents is 15 minutes. For high-severity incidents, we respond within 1 hour. All alerts are triaged and escalated according to a pre-agreed incident response playbook.

Pricing is scoped per engagement based on the asset count, complexity, and type of assessment. We offer one-time project-based pricing and annual retainer models for ongoing managed services. Contact us for a custom quote.

Absolutely. We serve organisations of all sizes — from early-stage startups needing their first security assessment to large enterprises with complex compliance requirements.

For VAPT: the number of applications/URLs, type (web/mobile/API), and testing environment. For compliance: company size, industry, and target framework. We typically provide a quote within 24 hours of receiving scope details.