Data>Nuance
All insights
Regulatory updateIncident readiness

CERT-In directions and incident readiness

A concise operational view of incident reporting and log retention obligations relevant to security and privacy teams.

Data>Nuance

The CERT-In directions under the Information Technology Act sit alongside privacy governance responsibilities. An incident may require fast technical reporting while also triggering internal personal-data assessment.

Build a joined response path

Security and privacy teams should agree how an event is detected, escalated, assessed and recorded. The response design should cover the six-hour CERT-In reporting requirement where applicable and the logs needed to establish what happened.

Practical outputs

  • an incident classification and escalation playbook;
  • contact and reporting responsibilities;
  • log-retention and access controls; and
  • a post-event evidence record.

This briefing is general information. Organisations should obtain advice for their specific incident and applicable reporting duties.

This publication is general information and is not legal advice for a specific organisation or matter.

Continue reading

DPDP Act

DPDP Act readiness for technology businesses

A practical first-pass framework for product, legal and security teams deciding what to document and implement first.

Read insight

Notice and consent

Notice under Section 5 of the DPDP Act

What a Data Fiduciary should review before putting consent and notice experiences into production.

Read insight

Start with context

Book a focused DPDP Act consultation.

Bring an upcoming launch, notice review, data mapping question, incident readiness issue or implementation deadline. We will help identify the right next step.

Book consultation Submit a brief