Comprehensive Information Security & Cybersecurity Compliance Solutions
We provide specialized audit and consultancy services to ensure your organization meets Indian regulatory requirements while maintaining robust cybersecurity frameworks across financial services, securities, insurance, and digital identity sectors.
Reserve Bank of India (RBI) Compliance
Cyber security in Banks
Regulation: Cyber Security Framework in Banks, dated June 2, 2016
Applicable to: All Scheduled Commercial Banks (excluding Regional Rural Banks)
IT Framework for NBFCs
Regulation: Master Direction – Information Technology Framework for the NBFC Sector dated June 08, 2017
Applicable to: Non-Banking Financial Companies (NBFCs) not covered by Reserve Bank of India (Information Technology Governance, Risk, Controls and Assurance Practices) Directions, 2023
IT Governance Framework for Regulated Entities
Regulation: Reserve Bank of India (Information Technology Governance, Risk, Controls and Assurance Practices) Directions, dated November 7, 2023
Applicable to: All Regulated Entities (Banks, NBFCs, UCBs, Payment System Providers)
Digital Payment Security Controls
Regulation: Master Direction on Digital Payment Security Controls, dated February 18, 2021
Applicable to: Payment System Operators, Banks, Payment Banks, Prepaid Payment Instrument Issuers.
Outsourcing Guidelines
Regulation: Master Direction on Outsourcing of Information Technology Services, dated April 10, 2023
Applicable to: All Banks, NBFCs, and other Regulated Entities
Data Localization Requirements
Regulations: Storage of Payment System Data Circular, dated April 6, 2018
Applicable to: All Payment System Operators, System Participants
Credit Information Reporting Directions
Regulation: Master Direction – Reserve Bank of India (Credit Information Reporting) Directions, 2025, dated January 6, 2025
Applicable to: All Scheduled Commercial Banks, Regional Rural Banks, Cooperative Banks, NBFCs, and Credit Information Companies (CICs)
Additional RBI Frameworks:
Securities and Exchange Board of India (SEBI)
Regulation: Cybersecurity and Cyber Resilience Framework (CSCRF), dated August 20, 2024
Implementation Deadline: June 30, 2025
Applicable to: Stock Exchanges, Clearing Corporations, Depositories, Market Intermediaries, Mutual Funds, Credit Rating Agencies
Coverage: Cyber risk governance, incident response, third-party risk management, compliance reporting
Unique Identification Authority of India (UIDAI)
Regulations:
Applicable to: AUAs/ASAs, Enrolling Agencies, Authentication Service Agencies, e-KYC providers
Focus Areas: Data encryption, biometric protection, audit trails, consent management
Insurance Regulatory and Development Authority (IRDAI)
Regulation: IRDAI Information and Cyber Security Guidelines, 2023
Applicable to: All Insurers, FRBs, Insurance Intermediaries, Brokers, TPAs, Web Aggregators
Coverage: Cybersecurity governance, risk assessment, incident management, security awareness
Additional Compliance Areas
Our Audit Methodology
Why Choose Us