CERT-In issues binding directions on cyber security incident reporting, log retention and KYC requirements for cloud and VPN providers. The Digital Personal Data Protection Act (2023) adds personal data obligations.
Service providers, body corporates, data centres and government entities operating in India. CERT-In April 2022 directions specifically include cloud service providers in their reporting and log retention scope.
Indian banks (under RBI cyber security framework), insurance carriers (under IRDAI), telecommunications operators, government departments at central and state level, and global SaaS vendors serving Indian customers.
Every India CERT-In Directions requirement mapped to the Cloudgenics technical controls that satisfy it, with traceability.
Telemetry, configuration scans and audit logs streaming into a tamper-evident evidence store with retention aligned to the framework.
Standardised auditor walkthrough materials — diagrams, run-books and policy templates — that fast-track the assessment.