Read as
Why this module exists. Indian regulated workloads — banks under RBI, market participants under SEBI, insurers under IRDAI, healthcare under DPDP SDF criteria — have specific reference architecture expectations. This module covers the recurring patterns: data localisation, segregation, audit logging, and the operational architectures that meet multiple regulator expectations simultaneously.
Why this module exists. Architects designing for Indian regulated workloads navigate four to six overlapping regulator expectations. The cost of architecting for one regulator at a time is rework; the cost of architecting for all simultaneously is one-time complexity. This module is the integrated reference.
The recurring architectural requirements
- Data localisation — RBI (payment data), DPDP (SDF cross-border restrictions), sector-specific telco/insurance.
- Segregation — production from non-production; customer data from operational data; admin paths from user paths.
- Audit logging — 180+ days retention (CERT-In); regulator-accessible.
- Encryption at rest + in transit — universally expected.
- Disaster recovery with geographic separation — RBI/SEBI/IRDAI mandate.
- Continuity testing — annual at minimum.
- CISO independence + reporting line — RBI/SEBI explicit.
Want this for your team?
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.
Book team training call
Replies in 4 working hrs · India-only · Senior consultants