Data>Nuance
All insights
Regulatory updateIncident readiness

CERT-In directions and incident readiness

A concise operational view of incident reporting and log retention obligations relevant to security and privacy teams.

Data>Nuance

The CERT-In directions under the Information Technology Act sit alongside privacy governance responsibilities. An incident may require fast technical reporting while also triggering internal personal-data assessment.

Build a joined response path

Security and privacy teams should agree how an event is detected, escalated, assessed and recorded. The response design should cover the six-hour CERT-In reporting requirement where applicable and the logs needed to establish what happened.

Practical outputs

  • an incident classification and escalation playbook;
  • contact and reporting responsibilities;
  • log-retention and access controls; and
  • a post-event evidence record.

This briefing is general information. Organisations should obtain advice for their specific incident and applicable reporting duties.

This publication is general information and is not legal advice for a specific organisation or matter.

Continue reading

Notice and consent

Consent records under the DPDP Act

A practical guide to building consent records under the DPDP Act for product, legal, marketing and compliance teams in India.

Read insight

Notice and consent

Legitimate uses under the DPDP Act for business teams

A practical guide for Indian business teams deciding when a DPDP Act legitimate use may apply and how to record the decision responsibly.

Read insight

Start with context

Book a focused DPDP Act consultation.

Bring an upcoming launch, notice review, data mapping question, incident readiness issue or implementation deadline. We will help identify the right next step.

Book consultation Submit a brief