Clients Speak

Peter Theobald Author Of Cybersecurity Demystified
I have been using Security Brigade services for the past fourteen years. In my role as leading the cybersecurity Initiative at multiple national system integrators in India, I have worked with them to provide VA/PT, External Attack Surface Management, and Red Teaming services to large corporate customers. In each case they have met or exceeded expectations resulting in repeat business. I have no hesitation recommending their services for quality conscious customers wanting to enhance their security posture.
Peter Theobald, A.C.A
Cybersecurity Industry Veteran Author of Cybersecurity Demystified
Gobinda Chandra Patra - ISIT Consultants
We started working with Security Brigade as a cost effective solution for doing VAPT for applications and networks for our customers. But we have developed a great partnership with Security Brigade over the last 6+ years. They treat our customers as their own customers and provide solutions and do the activities as per agreed terms and sometimes even they don’t mind going beyond and deliver to customer. We will be happy to continue working with them and refer others as well.
Gobinda Chandra Patra
CEO and Co-Founder ISIT Consultants

Some Clients

Reference Articles

No Results Found

The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.

Our Approach to CERT-IN Security Audit

Requirement Analysis

Comprehensive Security Audit

In-Depth Gap Analysis

Risk Treatment

Mitigation Consulting

Re-Validation of Issues

CERT-In Certification

What is a CERT-IN Security Audit?

As a CERT-In Empanelled Auditor, we carry out a comprehensive security audit of your website, network & applications as per the CERT-In Guidelines for IT Security Audits. Once the audit is completed successfully and all the requirements have been fulfilled, we issue a CERT-In Security Certificate or Safe To Host Certificate as required.

Overview of the process for CERT-In Certification:

  • Step 1 – A comprehensive level 1 audit of your website, network or applications is carried out and a detailed report is provided.
  • Step 2 – Once patched, the level 2 re-testing audit is carried out and all the patches and fixes are verified.
  • Step 3 – The CERT-In Security Certificate is issued along with relevant supporting documentation and compliance reports for your customers & partners.

Who Needs aCERT-IN Security Audit?

The following are the compliance and regulatory bodies that require a CERT-In empanelled auditor to carry out audits:

  • SEBI Cybersecurity and Cyber Resilience Framework
  • Reserve Bank of India (RBI)
  • UIDAI – AUA KUA Compliance Mandate
  • National Informatics Centre (NIC)
  • Department of Telecommunications (DoT)
  • Ministry of Electronics and Information Technology (MeitY)
  • National Payments Corporation of India (NPCI)
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011
  • The Personal Data Protection Bill, 2019
  • Insurance Regulatory and Development Authority of India (IRDAI)
  • Critical Information Infrastructure (CII)

Deliverable of Our CERT-IN Security Audit?

  • Executive Presentation: provide high level executive summaries of the complete engagement, root cause analysis of the identified issues & best practice recommendations for the long-term to help leaders better understand their risk and incorporate our recommendations into their roadmap.
  • Detailed Audit Reports: The audit report will typically be a detailed document that is divided into several sections, including:
    • Introduction: This section will provide an overview of the audit, including the scope, objectives, and methodology.
    • Findings: This section will identify the areas of compliance and non-compliance.
    • Recommendations: This section will make recommendations for improvement.
    • Appendices: This section may include supporting documentation, such as interview transcripts, policies and procedures, and risk assessments.
  • Certificate of Compliance: The certificate of compliance is a formal document that is issued by the auditor to the organization. This document states that the organization has been found to be in compliance with the guidelines.
  • List of Recommendations for Improvement: The list of recommendations for improvement will identify areas where the organization can strengthen its technology risk management framework. These recommendations can be used by the organization to improve its security posture and reduce its risk of a data breach or other security incident.
  • Plan for Remediation: The plan for remediation will outline the steps that the organization will take to address any non-compliance findings. This plan should be specific and measurable, and it should include a timeline for completion.

Benefits of a CERT-IN Security Audit

Increased customer confidence

The certification process requires organizations to undergo a rigorous assessment of their information security controls. This helps to identify and mitigate vulnerabilities, and improve the overall security posture of the organization.

Reduced risk of fines and penalties

CERT-In certification demonstrates that an organization is compliant with various regulatory frameworks, such as the Indian IT Act and the Data Protection Laws. This can be a major advantage in securing government contracts or partnerships.

Enhanced reputation

CERT-In certification is a mark of trust and reliability. It demonstrates to customers, partners, and stakeholders that an organization is committed to protecting their information.

Improved operational efficiency

CERT-In certification can give an organization a competitive edge in the marketplace. It shows that the organization is taking information security seriously, and is more likely to be able to prevent and respond to cyberattacks.

Real-Time Customer Dashboard

Our Real-Time Customer Dashboard delivers transparency during our assessments and provides customers with a dynamic view of our security assessment and compliance services.

The dashboard enables customers to track all their projects through a single platform, manage timelines, track open issues, allocate responsibilities internally, learn about remediating issues etc. It also allows customers to get a real-time view into individual projects as they are being executed, track requirements, learn about identified issues, resolve tickets etc.

The dashboard allows for seamless collaboration between customer & our teams to ensure that we execute and deliver the absolute best and most comprehensive assessments.