A CERT-In Empanelled Auditing Organization
contact@sicherten.com | Hyderabad, India
Sicherten sicherten
Get a Quote
Home/Services/CERT-In Auditor Services/CERT-In Incident Readiness
CERT-In Auditor Services

CERT-In Incident Readiness

Preparedness for CERT-In’s directions, including incident-reporting timelines, log retention and security practices.

Request this service See our approach
Overview

Ready to report — within the deadline.

CERT-In’s directions place specific obligations on organisations, including reporting certain incidents within a tight window and retaining logs for defined periods.

We assess your readiness against these directions, close gaps in your processes and logging, and ensure you can detect, report and respond within the required timelines.

What’s covered

The scope of this engagement.

Incident reporting process

Within mandated timelines.

Log retention

Meeting required retention periods.

Detection & response

Capability to identify reportable events.

Roles & runbooks

Who does what, and when.

Evidence & records

Demonstrating compliance.

Who needs this

Is this you?

The kinds of organisations that rely on this work.

Service providers & data centresCERT-In directions applicability.
Intermediaries & body corporatesReporting obligations.
VPN / cloud providersSpecific logging duties.
Regulated financial entitiesSectoral reporting overlap.
Government-facing vendorsCompliance expectations.
Any org under CERT-In directionsIncident readiness.
Regulatory drivers

Why this is required

The CERT-In Directions of April 2022 impose specific, time-bound obligations on organisations operating in India — being ready to meet them is a legal requirement, not a best practice.

CERT-In Directions 2022
Require reporting of specified cyber incidents to CERT-In within six hours of detection.
Log retention
Mandate retention of system logs for 180 days within Indian jurisdiction.
KYC & time synchronisation
Set additional obligations including synchronised system clocks and defined record-keeping.
How we work

A structured path, start to finish.

An orderly lifecycle designed for a credible, defensible result.

Scoping & current-state review

Reviewing your current incident-response capability.

Reporting workflow design

Designing reporting to meet the CERT-In six-hour rule.

Log retention & policy review

Reviewing log retention against the CERT-In directions.

Playbooks & escalation build

Building incident playbooks and escalation paths.

Tabletop exercise

Pressure-testing the plan with a tabletop exercise.

Readiness report

A report on your incident-readiness posture and gaps.

What you receive

Documentation built for every audience.

  • Incident-readiness reportYour posture against the CERT-In directions.
  • Reporting workflow (6-hour)A workflow to meet the reporting timeline.
  • Playbooks & escalation matrixIncident playbooks and escalation paths.
  • Log-retention reviewAssessment against the retention mandate.
  • Tabletop exercise resultsFindings from a simulated incident.

Standards & frameworks

This work maps to the standards and regulatory requirements relevant to you.

CERT-In DirectionsISO 27035NISTISO 27001
Checklist

Are you ready? A quick checklist

What to have in place before we begin.

Reportable incident types defined
Six-hour reporting process ready
Log sources identified
Log retention configured
Time synchronisation (NTP) set
Roles and runbooks documented
Contact with CERT-In established
Evidence-retention process
FAQ

Common questions

What’s the reporting timeline?
The CERT-In Directions of 2022 require certain categories of cyber incident to be reported to CERT-In within six hours of detection or of becoming aware of them. We assess whether your detection, escalation and reporting process can realistically meet that window, and help you put the workflow, roles and templates in place so it does.
How long must logs be retained?
The CERT-In directions require organisations to enable and securely maintain logs of their ICT systems for a rolling period of 180 days, retained within Indian jurisdiction. We assess your current logging and retention against this requirement and help you close any gaps in coverage, storage or location.
Do you help build the runbooks?
Yes. Beyond assessing your readiness, we help you build the practical machinery of incident response — the playbooks, escalation paths, roles and record-keeping — so that when an incident occurs, reporting actually happens correctly and on time. We can also pressure-test it with a table-top exercise.
Related services

Continue exploring

CERT-In Auditor Services

Web & Application Security Audit

Explore this offering in detail.

Learn more
CERT-In Auditor Services

VAPT for Compliance

Explore this offering in detail.

Learn more
CERT-In Auditor Services

Compliance Gap Mapping

Explore this offering in detail.

Learn more
Overview

All CERT-In Auditor Services

Back to the full pillar.

View pillar

Ready to get started?

Let us know your objectives, and we’ll design the engagement around them.

Request this service CERT-In Auditor Services