Service · Cybersecurity
Security you test, not assume.
Law 21,663 is already in effect. Your company needs real protection: audits, penetration testing, and a compliance plan that holds up under inspection.
Why THINKBOX
Chilean regulation + technical execution, no middlemen.
Cybersecurity isn't just installing a firewall. Law 21,663 requires management systems, incident reports, and verifiable testing. We coordinate regulatory assessment with technical execution under a single point of contact.
Regulatory side
- →Law 21,663 (Cybersecurity Framework)
- →ISO 27001 / ISO 27002
- →NIST Framework
- →ANCI reporting
Necessary, but useless without technical testing to back it up.
Technical side
- →Ethical hacking (white, grey, black box)
- →IT/OT vulnerability analysis
- →Infrastructure hardening
- →Incident monitoring and detection
Necessary, but loses focus without Chilean regulatory context.
What THINKBOX does
- →Gap assessment with Law 21,663 criteria
- →Pentesting by certified specialists
- →Remediation plan with deadlines and priorities
- →Support for ANCI reporting
Regulation and technical execution under the same responsibility.
What we offer
From assessment to ongoing operations.
Audit & pentesting
From CLP 3M
Vulnerability assessment and penetration testing on your infrastructure. Executive and technical report with prioritized remediation plan.
- ✓Internal and external vulnerability analysis
- ✓Ethical hacking (agreed modality)
- ✓Executive report for management
- ✓Technical report with evidence and remediation
- ✓Critical configuration review
Law 21,663 compliance
CLP 4M-12M
Implementation of the compliance framework required by law: ISMS, incident reporting protocols, policies and controls aligned to ISO 27001.
- ✓Gap analysis against Law 21,663
- ✓ISMS design and implementation
- ✓Early alert (3h) and report (72h) protocols
- ✓Documented security policies
- ✓Internal team training
CISO as a Service
Monthly retainer
An external information security officer for your company. Strategic cybersecurity leadership without the cost of a full-time position.
- ✓Security strategy definition and tracking
- ✓Periodic risk and control review
- ✓Point of contact for ANCI and external audits
- ✓Vendor and technology evaluation
- ✓Monthly reports for management
How we work
Methodical, verifiable, no empty promises.
01
Assessment
We review your infrastructure, applicable regulations, and current security maturity level. No assumptions.
02
Diagnosis
We identify gaps, vulnerabilities, and real risks. We deliver a clear map of what to fix and in what order.
03
Execution
We implement controls, hardening, and policies. Pentesting with evidence. Everything documented and transferred to your team.
04
Support
Ongoing monitoring, incident review, and updates for regulatory changes or new threats.
Real company
Established consultancy with regulatory compliance experience.
THINKBOX already operates regulatory compliance services in Chile (Law 21,719 on personal data). Cybersecurity is a natural extension: the same assessment + technical implementation model, with certified specialists in offensive and defensive security.
- Tax ID
- 77.023.662-2
- Established
- 2019
- Address
- Antonio Bellet 193 of. 1210, Providencia
- Invoicing
- Electronic (SII)
FAQ
What people ask us most about cybersecurity.
It's Chile's Cybersecurity Framework Law, in effect since January 2025. It applies to essential service providers (banking, energy, health, telecommunications, transport) and vital importance operators designated by ANCI (National Cybersecurity Agency). If your company operates critical infrastructure or provides essential services, compliance is mandatory.
Question not here? Contact us. →
Security is tested before someone else tests it for you.
Tell us what you need to protect. If we can help, we'll propose a concrete scope. If not, we'll say so.