Practical guidance on cybersecurity, audits and India’s evolving compliance landscape — from the team that does the work.
Some organisations must appoint a DPO under the DPDPA; many others benefit from one. Who needs it, what the role does, and how to resource it.
Mobile apps run on devices you do not control - which changes everything. What mobile pen-testing covers, and why web testing alone misses it.
The Rules that operationalise the DPDP Act are notified and the clock is ticking to 13 May 2027. Here is the phased timeline - and what to do in 2026.
The GDPR reaches beyond Europe. When it applies to Indian companies, what it requires, and how it overlaps with your DPDPA work.
The simplest, highest-impact AI governance step: a clear acceptable-use policy. What to put in it, and how to make it stick.
Who the Act applies to, the obligations that matter, the penalties at stake, and a practical six-step plan to get ready.
ISO 27701 turns your security management system into a privacy one too. What it adds, who it suits, and how it maps to GDPR and DPDPA.
The DPDP framework introduces a new intermediary - the Consent Manager. Here is what it is, who can be one, and how to get your systems ready.
Cloud breaks differently from on-prem - usually through configuration, not code. What cloud pen-testing examines, and where the real risk sits.
The industry reference for web application risk, in plain English - what each category means and why it still catches teams out.
California privacy law gives consumers real rights and businesses real duties. Who is covered, what it grants, and what compliance takes.
These three terms get used interchangeably, but they solve different problems. Here is how to tell them apart and choose the right one.
Every privacy programme starts here: knowing what personal data you hold and where it flows. How to build a data map and records of processing.
APIs quietly became the backbone of modern apps - and a favourite target. Why they need dedicated testing, and the flaws we see most.
Both simulate attackers, but they answer different questions. How red teaming differs from pen-testing - and which one you actually need.
Both prove you take security seriously - but they work differently and suit different buyers. A practical guide to choosing, or doing both efficiently.
AI carries risks a standard assessment misses - bias, drift, explainability, new security exposure. How to assess and manage them.
The financial regulators have raised the bar on cyber resilience. A high-level map of what RBI, SEBI and IRDAI expect - and how to stay current.
The RBI has raised the bar on IT governance for NBFCs. A high-level primer on the expectations - and how to meet them without drowning in circulars.
Heading into your first ISO 27001 certification audit? A plain-English readiness checklist covering the ISMS, evidence and what auditors look for.
The SoA is the document that ties your whole ISMS together - and the one auditors scrutinise. What it must contain, and how to get it right.
CERT-In requires certain cyber incidents to be reported within six hours of detection. What that means in practice - and how to be ready.
Privacy law does not stop at customers - your employees are Data Principals too. What the DPDPA means for HR and the data it holds.
SOC 2 comes in two flavours, and buyers care which one you have. A short, practical guide to Type I vs Type II - and how to choose.
Once a year? After every release? The honest answer is it depends - here are the factors that set the right cadence for your organisation.
The grace period is over - since March 2025 every PCI DSS v4.x requirement is enforceable. What changed, and what card-handling businesses must do now.
Serve US healthcare clients? You may be a HIPAA business associate. What that means, the safeguards required, and how to prove them.
Your staff are already using AI tools you may not know about. What shadow AI is, the risks it creates, and how to bring it into the light.
Generative AI brings its own risks - hallucination, leakage, IP, prompt injection. A practical governance checklist for leaders rolling it out.
The EU AI Act can reach organisations well beyond Europe. What it is, why it might apply to you, and how its phased, risk-based rules work.
The first management-system standard for AI has arrived. What an AIMS is, who needs one, and how organisations that use AI can begin.
The DPDPA requires you to report breaches - to the Board and to affected people. What a response plan needs so you can act in time.
Ransomware and outages make continuity a board issue. What ISO 22301 covers, and how to build a continuity plan that works when it is needed.
Occasional updates on regulatory changes, security research and compliance deadlines. No noise, no spam.
We use your email only to send these updates. Unsubscribe anytime.