Welcome to Zanarc

Strengthening trust in the blockchain and virtual asset economy.

Trusted by the virtual asset industry and its regulators worldwide. Independent cybersecurity assurance and advisory, delivered by a recognised leader in blockchain cybersecurity.

Cybersecurity Assurance & Advisory

Marc Krisjanous founded Zanarc to provide specialist cybersecurity assurance and advisory services to the virtual asset industry. Every engagement is personally led by Marc from scoping through to final deliverables.

Marc holds both traditional information security credentials (CISSP, PCI QSA (retired), ISO 27001 Lead Auditor) and specialist blockchain security qualifications (CCSSA, CBP, CEP, NORS Readiness Assessor); few practitioners worldwide bridge both disciplines.

With Zanarc, Marc brings over ten years of cybersecurity auditing experience. He began in traditional finance before moving to the digital asset sector, auditing large international cryptocurrency custody platforms and wallet infrastructure providers against the CryptoCurrency Security Standard (CCSS).
 

Marc contributes to international standards development through the ISO TC 307 Blockchain and DLT working groups, the Singapore Standards Council blockchain and DLT security working group, and was the principal author of the cybersecurity requirements in both the Commonwealth Model Law on Virtual Assets and the Commonwealth Model Law on Stablecoins.

Zanarc clients receive continuity, senior-level attention, and the flexibility to work to their schedule. The practice is independent of any technology vendor, platform, or service provider; all advice is objective and commercially independent.

marc krisjanous

Digital Asset and Blockchain Sectors

Zanarc provides specialist cybersecurity services tailored to the digital asset and blockchain sectors. Engagements are scoped to each organisation’s systems, objectives, and risk profile.

zanarc services

CCSS Readiness Assessments and Audits

Preparation and formal audit services aligned to the CryptoCurrency Security Standard (CCSS), helping organisations assess their readiness, identify gaps, and achieve certification. Zanarc audits are conducted by the world's first accredited CCSS Auditor, with direct experience auditing large international custody platforms and wallet infrastructure providers.

Cybersecurity for Blockchain Systems

Independent cybersecurity assessments, review of governance, policies, and security control frameworks, and independent security evaluations commissioned by third-party stakeholders such as investors, insurers, or business partners. Each Zanarc engagement draws on deep experience across both traditional information security and the specialist threat landscape of blockchain and virtual asset systems.

Regulatory Advisory

Zanarc advisory support for regulators and regulated entities on cybersecurity expectations for virtual asset service providers (VASPs), including supervision frameworks, regulatory compliance, and knowledge transfer sessions for decision-makers and technical staff.

Blockchain Cybersecurity Training

Zanarc tailored training programmes for organisations seeking to build internal capability in blockchain and virtual asset cybersecurity. Sessions cover key cybersecurity concepts, threat landscapes, control frameworks, and practical risk management for both technical staff and decision-makers.

Cybersecurity Policy and Standards Development

Zanarc customised cybersecurity policies and internal standards for organisations designing or operating blockchain-based systems, including stablecoin issuers, real-world asset (RWA) tokenisation platforms, and cryptocurrency custody providers. All outputs are aligned with recognised blockchain standards and frameworks, and tailored to each organisation's operational, technical, and regulatory requirements.

Cybersecurity Education

Zanarc specialist cybersecurity education programmes for the virtual asset industry and its regulators. Content is tailored to the audience, from technical deep-dives for operational and security teams through to executive and board-level briefings on blockchain security risk, governance, and regulatory expectations.

Carity. Rigour. Results.

For every engagement, Zanarc follows a structured three-stage process, adapted to the specific service and the client’s requirements. This consistent approach ensures clarity from the outset, rigour in delivery, and outputs that are practical and actionable.

number 1 white

Understand

Every Zanarc engagement begins with a detailed understanding of the client's organisation, systems, objectives, and risk profile. This includes scoping discussions, review of existing documentation, and identification of applicable standards and regulatory expectations. The result is a clearly defined scope and approach, agreed with the client before substantive work begins.

number 2 white

Evaluate and Develop

Zanarc's core work is carried out against the agreed scope. For audits and assessments, this includes testing, evidence collection, and evaluation of controls. For policy and standards engagements, this involves drafting and alignment to the organisation's operational and regulatory environment. For training and education, content is developed and tailored to the audience, sector, and risk landscape.

number 3 white

Deliver and Support

Findings, deliverables, and recommendations are presented by Zanarc in clear, prioritised, and actionable form. Audit engagements conclude with formal reporting and a practical remediation roadmap. Policy engagements deliver finalised documents ready for adoption. Training programmes include supporting materials for ongoing reference. Where appropriate, follow-up discussion is offered to ensure outputs are fully understood.

Let's Discuss