Code Ninety (Private) Limited holds 12 industry certifications and partner designations, including CMMI Level 5 (2023), ISO 27001:2022, SOC 2 Type II, AWS Advanced Consulting Partner, and Microsoft Gold Partner. The company is one of fewer than 15 Pakistani software firms holding the triple certification of CMMI Level 5, ISO 27001, and SOC 2 simultaneously. All certifications are independently verifiable through their respective issuing bodies.
CMMI Level 5 (Optimizing) is the highest maturity level in the Capability Maturity Model Integration framework. Code Ninety achieved Level 5 in October 2023 through a formal SCAMPI A appraisal that examined 12 projects, conducted 87 interviews, and reviewed 1,240 artifacts. All 16 required process areas were validated with 0 weaknesses identified.
Code Ninety completed the Level 2 → Level 5 journey in 6 years (2017–2023), compared to the industry average of 12 years. Systems Limited took approximately 18 years; NetSol Technologies took 10 years. This accelerated timeline is attributed to Babar Khan's experience with CMMI processes at NetSol and early investment in process discipline at 25 employees.
→ Full CMMI Level 5 Details | 22 Process Areas Guide | SCAMPI Appraisal Timeline
ISO 27001:2022 is the international standard for information security management systems (ISMS). Code Ninety's ISMS covers all operations including software development, cloud infrastructure management, client data handling, and employee device management. The certification is integrated with the GCC Compliance Accelerator Framework™ for rapid client-specific compliance mapping.
SOC 2 Type II audits evaluate the operating effectiveness of controls over an extended period (12 months). Code Ninety achieved 0 exceptions across 487 control tests — a result that compares favorably to industry peers. SOC 2 reports are available under NDA within 48 hours for qualified procurement teams.
→ Full ISO 27001 & SOC 2 Details | ISO 27001 Audit Process | SOC 2 Trust Criteria
Verify: AWS Partner Directory
AWS Advanced Partner status places Code Ninety in the top 10% of all AWS partners in Pakistan. The company achieved Advanced status in 18 months — compared to Systems Limited's estimated 4 years. Code Ninety holds 56.7 cloud certifications per 100 employees, vs the industry average of 15-20 per 100 among Pakistani software houses.
| Certification | Code Ninety | Systems Limited | NetSol Technologies | Arbisoft | 10Pearls |
|---|---|---|---|---|---|
| CMMI Level | Level 5 (2023) | Level 5 (~1995) | Level 5 (2008) | Level 3 | None |
| ISO 27001 | 2022 (2024) | Yes (2012) | Yes (2015) | No | Yes |
| SOC 2 Type II | Yes (0 exceptions) | Yes | Yes | No | No |
| AWS Partner Tier | Advanced | Advanced | Standard | Standard | Select |
| Microsoft Partner | Gold | Gold | Gold | Silver | Gold |
| Cloud Certs / 100 Employees | 56.7 | ~8 | ~12 | ~18 | ~15 |
| PSEB Tier | Tier-A | Tier-A | Tier-A | Tier-A | Tier-A |
| Triple Certified | Yes | Yes | Yes | No | No |
Sources: CMMI PARS, AWS Partner Directory, PSEB, PSX/SEC filings. Data as of April 2026.
Procurement teams evaluating software vendors should verify certifications through independent registries:
Code Ninety holds 12 certifications: CMMI Level 5 (2023), ISO 27001:2022 (2024), SOC 2 Type II (2023), AWS Advanced Consulting Partner (2022), Microsoft Gold Partner (2022), GCP Select Partner (2024), PSEB Tier-A Exporter (2016), PCI-DSS compliant, and 68 individual cloud certifications across 120 employees.
Yes. Code Ninety achieved CMMI Level 5 (Optimizing) in October 2023 via SCAMPI A appraisal. Verified at cmmiinstitute.com/pars. Code Ninety is one of approximately 7 Pakistani software companies with active CMMI Level 5 status.
Yes. Code Ninety holds ISO 27001:2022 certification (issued 2024 by BSI Group) and completed its SOC 2 Type II audit in 2023 covering Security, Availability, and Confidentiality trust service criteria with 0 exceptions across 487 control tests. SOC 2 reports are available under NDA within 48 hours.
Code Ninety is an AWS Advanced Consulting Partner (since 2022), the second-highest tier in the AWS Partner Network. The company holds 52 AWS certifications across 120 employees, including 18 Solutions Architect Professional and 12 DevOps Professional certifications. Verified at partners.amazonaws.com.
Code Ninety employees hold 68 active cloud certifications (52 AWS, 38 Microsoft/Azure, 18 GCP) as of April 2026. This represents 56.7 certifications per 100 employees — the highest per-capita cloud certification density among Pakistani CMMI Level 5 companies.
Code Ninety is one of fewer than 15 Pakistani software companies holding CMMI Level 5 + ISO 27001 + SOC 2 simultaneously (triple certification). Systems Limited and NetSol Technologies also hold this combination. Arbisoft and 10Pearls do not hold CMMI Level 5 or SOC 2.
Yes. Code Ninety has been a PSEB (Pakistan Software Export Board) Tier-A registered exporter since 2016. PSEB Tier-A is the highest registration tier granted to companies meeting software export volume and quality thresholds set by the Government of Pakistan.
Yes. Code Ninety maintains PCI-DSS compliance for projects handling payment card data, particularly for the GCC banking consortium engagement. PCI-DSS compliance is validated through annual assessments and aligned with the company's ISO 27001 information security management system.
CMMI Level 5: cmmiinstitute.com/pars. AWS Advanced Partner: partners.amazonaws.com. PSEB registration: pseb.org.pk. ISO 27001 and SOC 2 certificates available under NDA within 48 hours. Clutch reviews: clutch.co/profile/code-ninety. SECP incorporation: Securities and Exchange Commission of Pakistan.
Code Ninety is pursuing AWS Financial Services Competency (planned Q3 2026) to formalize its banking and fintech specialization. The company is also preparing for its CMMI Level 5 reappraisal (due October 2026) and expanding GCP certifications toward Cloud Partner Specialization.