Service · Regulatory
Compliance advisory that ends in an evidence pack, not a PDF of recommendations.
We work across the frameworks Indian businesses are actually audited against, and translate each gap into something your SOC team can implement.
| Framework | What we assess | Typical output |
|---|---|---|
| CERT-In Directions 2022 | Logging retention, incident reporting timelines, sync of system clocks | Reporting-readiness runbook |
| ISO/IEC 27001 | ISMS scope, Annex A control implementation | Statement of Applicability + gap list |
| Digital Personal Data Protection Act, 2023 | Consent management, data fiduciary obligations, breach notification readiness | Data-handling gap register |
| Sector-specific frameworks (where applicable) | Industry-specific control expectations — e.g. RBI for BFSI, SEBI for capital markets, IRDAI for insurance, HIPAA-aligned controls for healthcare clients | Control mapping for audit submission |
Gap Assessment
A structured review against the framework(s) you select, scored and prioritised — usually run alongside the SOC-CMM assessment so findings carry a maturity context, not just a pass/fail flag.
Evidence Pack Preparation
We help assemble the documentation auditors and inspection teams actually ask for — policies, logs, training records and incident registers — organised against the framework's own clause structure.