Data>Nuance
All insights
Regulatory updateIncident readiness

CERT-In directions and incident readiness

A concise operational view of incident reporting and log retention obligations relevant to security and privacy teams.

Data>Nuance

The CERT-In directions under the Information Technology Act sit alongside privacy governance responsibilities. An incident may require fast technical reporting while also triggering internal personal-data assessment.

Build a joined response path

Security and privacy teams should agree how an event is detected, escalated, assessed and recorded. The response design should cover the six-hour CERT-In reporting requirement where applicable and the logs needed to establish what happened.

Practical outputs

  • an incident classification and escalation playbook;
  • contact and reporting responsibilities;
  • log-retention and access controls; and
  • a post-event evidence record.

This briefing is general information. Organisations should obtain advice for their specific incident and applicable reporting duties.

This publication is general information and is not legal advice for a specific organisation or matter.

Continue reading

DPDP Act

DPDP Act implementation roadmap for Indian businesses

A practical roadmap for Indian businesses turning DPDP Act obligations into owners, workflows, records and implementation controls.

Read insight

DPDP Act

DPDP applicability assessment for Indian organisations

How Indian organisations should test whether a workflow falls within the DPDP Act and document the resulting controls.

Read insight

Start with context

Book a focused DPDP Act consultation.

Bring an upcoming launch, notice review, data mapping question, incident readiness issue or implementation deadline. We will help identify the right next step.

Book consultation Submit a brief