Read as
Why this module exists. RBI, SEBI, IRDAI, and CERT-In each conduct cyber audits of regulated entities, each with their own framework, evidence expectations, and follow-up cycle. This module is the practitioner navigation of Indian regulator-specific cyber audits.
Why this module exists. Indian regulated entities are audited by their sector regulator (RBI, SEBI, IRDAI, TRAI, etc.) on a different cadence and framework than ISO 27001 or SOC 2. Treating these as the same as international audits leads to surprise findings. This module covers what differs.
The regulators and their cyber audit programmes
| Regulator | Framework | Cadence |
|---|---|---|
| RBI | Cyber Security Framework (2016 + revisions) | Annual self-assessment + 2-yearly RBI inspection |
| SEBI | CSCRF (Cyber Security and Cyber Resilience Framework) | Annual self-assessment + 2-yearly independent audit |
| IRDAI | Information & Cyber Security Guidelines | Annual |
| TRAI / DoT | UASL/UL conditions, telecom cyber-security rules | Annual + ad hoc |
| CERT-In | 2022 Directions + CII designations | Ongoing — incident-driven |
| NCIIPC | CII protection guidelines | Annual for designated CII |
DPDP Act in your stack?
Get a DPDP gap assessment
Free 30-minute call. We map your data flows against DPDP §8 obligations and tell you exactly which gaps to fix first. Auditor-defensible output.
Book DPDP scoping call
Replies in 4 working hrs · India-only · Senior consultants