Skip to content
Service · Regulatory

Compliance advisory that ends in an evidence pack, not a PDF of recommendations.

We work across the frameworks Indian businesses are actually audited against, and translate each gap into something your SOC team can implement.

FrameworkWhat we assessTypical output
CERT-In Directions 2022Logging retention, incident reporting timelines, sync of system clocksReporting-readiness runbook
ISO/IEC 27001ISMS scope, Annex A control implementationStatement of Applicability + gap list
Digital Personal Data Protection Act, 2023Consent management, data fiduciary obligations, breach notification readinessData-handling gap register
Sector-specific frameworks (where applicable)Industry-specific control expectations — e.g. RBI for BFSI, SEBI for capital markets, IRDAI for insurance, HIPAA-aligned controls for healthcare clientsControl mapping for audit submission

Gap Assessment

A structured review against the framework(s) you select, scored and prioritised — usually run alongside the SOC-CMM assessment so findings carry a maturity context, not just a pass/fail flag.

Evidence Pack Preparation

We help assemble the documentation auditors and inspection teams actually ask for — policies, logs, training records and incident registers — organised against the framework's own clause structure.