Compliance assessments
that regulators accept.
Audit-ready reports for every Indian and global regulatory framework. Trusted by 700+ organisations across BFSI, healthcare, insurance, and government.
External Attack Surface — Updated 14m ago
By Regulator
Mandatory Indian regulatory frameworks
As India's longest-serving CERT-In empanelled firm, our reports satisfy statutory requirements for all Indian regulators.
CERT-In Security Audit
Empanelled security auditor since 2008 — mandatory for critical infrastructure, government, and regulated entities under CERT-In directives.
RBI Cybersecurity Framework
Mandatory VAPT, IS audit, and cybersecurity compliance for banks, NBFCs, and cooperative banks under the RBI cyber framework.
SEBI CSCRF Compliance
Cybersecurity and cyber resilience framework compliance for stock exchanges, depositories, brokers, AMCs, and market infrastructure.
IRDAI Cybersecurity
Cybersecurity compliance for insurers and ISNPs under IRDAI guidelines — vulnerability assessment, IS audit, and incident response readiness.
Specialised Audits
Distinct-scope audits across the payments + identity ecosystem
Dedicated engagements for SAR, payment aggregators, UIDAI, NPCI, SBI VSCC, ATM/POS, and vendor risk — each with its own deliverable format and procurement intent.
SAR · System Audit Report (Data Localization)
RBI-mandated annual system audit for PA-PG, PPI, BBPOU, UPI TPAPs, and CDSL depository participants. Distinct deliverable per regulator format.
RBI Payment Aggregator (PA-PG) Audit
Annual system audit + cybersecurity audit by CERT-In empanelled auditors per RBI 2025 PA Master Direction. Merchant onboarding to escrow to settlement.
UIDAI AUA-KUA Audit
Aadhaar ecosystem security and compliance audit for AUAs, KUAs, Sub-AUAs, and Sub-KUAs. UIDAI checklist + management comments + closure validation.
NPCI / UPI Audit
Payment ecosystem audit for PSPs, TPAPs, sponsor banks, BBPS/BBPOU, and RuPay. Role-specific scope plus UPI 2.0, AutoPay, Credit-on-UPI add-ons.
SBI VSCC Audit
Vendor Site Compliance Certificate for SBI ePay / SBI payment gateway merchant onboarding. Issued by CERT-In empanelled auditor with VSCC Form C.
ATM & POS Security Audit
Payment-channel security audit covering ATMs, POS, CDMs, kiosks, microATMs, NFC tap-to-pay, payment middleware, and switch integration.
Vendor Risk Assessment (VRA)
Compliance-focused vendor / third-party risk audit for RBI, SEBI, DPDP, NPCI, M&A, and customer-questionnaire mandates. Bridges to ShadowMap VRM + TPRM.
Frameworks & Privacy
International frameworks + data protection laws
Industry-standard security frameworks for global enterprises, SaaS providers, healthcare organisations, and data-protection compliance across India and the EU.
PCI DSS v4.0
Penetration testing, segmentation validation, and secure code review aligned to PCI DSS v4.0 requirements for cardholder data environments.
ISO 27001 Certification
Annex A technical compliance assessments, gap analysis, and implementation support for ISO 27001:2022 certification readiness.
SOC 2 Compliance
Trust service criteria assessment and evidence collection for SOC 2 Type I and Type II audits — security, availability, and confidentiality.
HIPAA Compliance
Technical safeguard assessments for healthcare organisations handling protected health information — penetration testing aligned to HIPAA requirements.
GDPR Compliance
GDPR readiness for Indian companies serving EU customers, signing EU DPAs, or processing EU data subjects. Gap analysis, DPIA, RoPA, DSR, DPO advisory.
DPDP Act Compliance
India's Digital Personal Data Protection Act 2023 readiness — applicability, consent, rights workflow, breach notification, processor due-diligence.
Security assessments delivered
Organisations served
CERT-In empanelment
Framework pages · 17+ mandates
Not sure which compliance framework applies?
Our compliance specialists will map your regulatory obligations and recommend the right assessment scope.
Talk to a Compliance Expert