As an auditor empanelled by CERT-In, we’re well-versed in the complexities of adhering to the Reserve Bank of India’s Cyber Security Guidelines for NBFCs. Our specialized RBI Cyber Security Compliance Services are crafted with the goal of helping your organization maintain compliance and bolster its security posture.

Some of the RBI Cyber Security Notifications and Circulars that are relevant for NBFCs are:

Key Provisions of the RBI Cyber Security Guidelines for NBFCs

With the increasing reliance on digital platforms, the Reserve Bank of India (RBI) has laid down comprehensive cyber security guidelines for Non-Banking Financial Companies (NBFCs) to safeguard against the rising tide of cyber threats.

Governance Framework

  • Board-level Involvement
  • Cyber Security Policy
  • Organizational Structure for Cyber Security Management

Identification and Assessment

  • Risk Management Strategy
  • Asset Classification and Management

Protection and Mitigation

  • Technical Defences
  • Security of IT Infrastructure

Data Protection Measures

  • Implementation of Detection Systems
  • Monitoring and Detection Strategies

Response and Recovery

  • Incident Response Plan
  • Recovery Strategies and Plans

Sharing and Communication

  • Information Sharing Mechanisms
  • Communication Strategies During and After Cyber Incidents


Speak To Our Experts

First Name*

Last Name*

Work Email*



Client Speak

Juby P - Botree Software
{In an age where cyber threats constantly evolve, having a trusted ally like Security Brigade is essential. The Security Brigade team consistently delivered well-structured reports that spotlighted critical vulnerabilities and potential security weaknesses. These reports were accompanied by actionable recommendations, allowing our teams to prioritize and rectify issues efficiently. Professionalism, responsive, and depth of expertise well appreciated, and we are happy to have engaged Security Brigade as our VAPT provider.
Juby Pappachan
Senior Manager - InfoSec, Botree Software
Gobinda Chandra Patra - ISIT Consultants
{We started working with Security Brigade as a cost effective solution for doing VAPT for applications and networks for our customers. But we have developed a great partnership with Security Brigade over the last 6+ years. They treat our customers as their own customers and provide solutions and do the activities as per agreed terms and sometimes even they don’t mind going beyond and deliver to customer. We will be happy to continue working with them and refer others as well.
Gobinda Chandra Patra
CEO and Co-Founder, ISIT Consultants
Peter Theobald Author Of Cybersecurity Demystified
{I have been using Security Brigade services for the past fourteen years. In my role as leading the cybersecurity Initiative at multiple national system integrators in India, I have worked with them to provide VA/PT, External Attack Surface Management, and Red Teaming services to large corporate customers. In each case they have met or exceeded expectations resulting in repeat business. I have no hesitation recommending their services for quality conscious customers wanting to enhance their security posture.
Peter Theobald, A.C.A
Cybersecurity Industry Veteran, Author of Cybersecurity Demystified

Key Components of RBI’s Cyber Security Framework

Cyber Security Policy: We assist in developing and updating cyber security policies that are in line with RBI guidelines.

Cyber Crisis Management Plan: Our team helps you prepare a robust cyber crisis management plan, a critical component of RBI’s compliance requirements.

IT and Cyber Security Governance: We ensure that your IT and cyber security governance structures meet RBI’s expectations, providing a secure and compliant environment.

Information and Cyber Security Operations: Our operational support includes regular monitoring, threat detection, and response mechanisms, aligned with RBI’s standards.

Compliance, Assurance, and Audit: We conduct regular audits and compliance checks to ensure continuous adherence to RBI’s guidelines.

Risk Management Strategies: Our risk management strategies are designed to pre-emptively identify and mitigate potential cyber threats