Steve Fok

Head of ICT

Specialized in

  • ISO 27001 Information Security Management System
  • ISO 20000 IT Services Management System
  • ISO 9001 Quality Management System
  • PCI Data Security Standard
  • CSA STAR Cloud Security
  • ISO 22301 Business Continuity Management System

Career experience

  • Over 13 years experience in the Information Communications Technology (ICT)
  • Over 8 years experience in ICT auditing
  • Conducted hundreds audits for different organizations 


  • M.Sc. Communication Engineering
  • B. Sc. Information Technology
  • ISO 27001 Information Security Management System Lead Auditor
  • ISO 20000 Information Service Management System Lead Auditor
  • ISO 9001 Quality Management System Lead Auditor 
  • PCI QSA (Qualified Security Assessor)
  • CSA STAR Cloud Security Lead Assessor
  • IRCA ISMS Principal Auditor
  • IRCA QMS Lead Auditor
  • itSMF ISO 20000 Auditor

Work experience highlights

  • Lead ICT product development and ICT team in BSI Hong Kong.
  • Lead and manage information security and IT audit project.
  • Conduct certification audit against international standards (e.g. ISO 27001, ISO 20000, ISO 9001, CSA STAR Cloud Security and PCI DSS) for financial company, government bureau, telecommunication companies etc.
  • Conduct gap analysis for external companies against international standards, as well as industrial best practices.
  • Identify gaps and areas for improvements such as risk management and continuous improvement;
  • Propose security solutions for different organizations such as government, bank, financial company, data centre and international corporation.
  • Implement security project including the design and implementation of network security architecture, firewall, IDS, VPN, antivirus solution, backup solution, two-factors authentication system, encryption tool, proxy server, network management system and security monitoring system.
  • Develop security policy, guideline and procedure.
  • Conduct security awareness training.