Compliance · 67 articles

Compliance

RBI, SEBI CSCRF, CERT-In, ISO 27001, SOC 2 — Indian regulatory mapping.

Compliance

Indian Healthcare Hit by Sharp Ransomware Surge in 2026, CERT-In Flags Hospitals

CERT-In's 2026 reporting indicates a steep rise in ransomware at Indian hospitals, diagnostic chains and EHR vendors, with ABDM-linked exposure.

May 12, 2026 · 3 min read
Compliance

RBI Tightens IT Outsourcing Norms: Cloud Audit, Exit Plans Mandatory from October 2026

RBI's anticipated update to the IT Governance Master Direction adds cloud DR tests, concentration risk registers and board-attested exit plans for NBFCs.

May 12, 2026 · 3 min read
Compliance

DPDP Rules Phase 2 Notified: Consent Manager, SDF Criteria, Cross-Border Negative List

India notifies the second tranche of DPDP Rules: Consent Manager registration, SDF thresholds, children's age-gating and cross-border negative list.

May 12, 2026 · 3 min read
Compliance

CERT-In Flags Microsoft May 2026 Patch Tuesday: 73 Flaws, Zero-Days Active

CERT-In advisory flags Microsoft May 2026 Patch Tuesday: 73 CVEs including exploited zero-days in Windows TCP/IP and Win32k. Patch within 72 hours.

May 12, 2026 · 3 min read
Compliance

DPDP Rules 2026 Notified — What Changed from the Draft, What Every Indian Data Fiduciary Must Operationalise Now

The DPDP Rules under MeitY notification clarified consent format, breach notification timelines, SDF criteria, and cross-border transfer regime. What changed from the…

May 8, 2026 · 7 min read
Compliance

DPDP Penalties Decoded: How the ₹250 Crore Maximum Actually Gets Calculated

The DPDP Act ₹250 crore penalty maximum is a ceiling, not a fixed amount. The Data Protection Board calculates actual penalties against…

May 7, 2026 · 9 min read
Compliance

DPDP Section 8 Decoded: The Eight Obligations Every Indian Data Fiduciary Must Meet

A practical breakdown of DPDP Act §8(1)–(8) — security safeguards, breach notification, retention, grievance redressal, child data, and SDF duties. With audit-evidence…

May 7, 2026 · 9 min read
Academy

Identity and Access Management Programme

IAM as a programme — identity sources, JML lifecycle, role design, access reviews, SoD, service accounts, metrics. Why IAM tooling fails without…

Apr 26, 2026 · 4 min read
Academy

Privileged Access Management

PAM controls — vaulting, session brokering, JIT elevation, recording, tiered admin model, PAW, cloud-native PAM. Why PAM is the highest-leverage control for…

Apr 26, 2026 · 5 min read
Academy

Federation — SAML, OIDC, SCIM in Production

SAML 2.0 vs OIDC, SP-/IdP-initiated flows, SCIM provisioning, group-claim mapping, step-up auth, conditional access. Real-world rollout sequence and operational gotchas.

Apr 26, 2026 · 4 min read
1 3 4 5 6 7