EXPERT SERVICES

Compliance you can outsource. Evidence you keep.

Audits, certifications, VAPT, and SOC setup delivered by our CERT-In empanelled and accredited certification partner network. Every artefact is stored, versioned, and audit-ready inside DPDPA Shield.

CERT-In Empanelled Delivery·Accredited Certification Partners·ISO 27001 / 27701 / 42001·SOC 2 Type I and II·RBI · SEBI · NIST

One vendor, full lifecycle

Gap audit, remediation tracking, evidence collection, and certification all managed in one place.

Empanelled and accredited delivery

Field work is carried out by CERT-In empanelled assessors and accredited certification body partners.

Every artefact on your platform

Reports, evidence, and findings land directly in your DPDPA Shield tenant. Nothing gets lost in email.

WHAT WE DELIVER

9 services. Every compliance obligation covered.

Data Privacy Assessment

Find out exactly where personal data lives, flows, and leaks across your business.

  • Data discovery across applications, databases, SaaS, and endpoints
  • Personal data classification covering DPDPA categories and sensitive attributes
  • Cross-border transfer mapping
  • Processor and sub-processor inventory
  • Risk-scored findings with a clear remediation plan
  • RoPA auto-populated in your DPDPA Shield tenant
3 to 5 weeks SMEs and mid-market companies getting ready for DPDPA enforcement
Scope this engagement

DPDPA Gap Audit

A section-by-section review of your current posture against the DPDPA 2023 and the 2025 Rules.

  • Control mapping across Sections 4 to 11 and Rules 3 to 14
  • Consent notice and proof-of-consent review
  • Data Principal Rights workflow audit
  • Breach response readiness check
  • Retention and erasure controls
  • Significant Data Fiduciary readiness (where applicable)
  • Board-ready gap report with a step-by-step remediation roadmap
4 to 6 weeks Companies preparing for enforcement or presenting compliance status at board level
Scope this engagement

CERT-In Empanelled VAPT

Penetration testing by CERT-In empanelled partners. Reports are accepted for regulatory submission.

  • Web application VAPT covering OWASP Top 10 and business logic
  • Mobile application VAPT for Android and iOS
  • Network and infrastructure VAPT covering external and internal scope
  • API security testing
  • CERT-In compliant report formats
  • Free retesting after remediation
2 to 4 weeks per scope Companies with CERT-In reporting obligations, RBI and SEBI regulated entities, and teams doing pre-launch sign-off
Scope this engagement

Cloud Configuration Review

AWS, Azure, and GCP hardening against CIS Benchmarks with India data residency requirements in scope.

  • CIS Benchmark assessment for AWS, Azure, and GCP
  • IAM and privilege boundary review
  • Network segmentation and exposure analysis
  • Encryption at rest and KMS key hygiene
  • Logging, monitoring, and audit trail coverage
  • Data residency and cross-border transfer controls
  • Remediation playbook ranked by priority
2 to 3 weeks Cloud-native businesses, fintechs, and healthtechs with India data residency obligations
Scope this engagement

ISO 27001 / 27701 / 42001

End-to-end certification for information security, privacy information management, and AI management systems.

  • Scope definition and Statement of Applicability
  • ISMS, PIMS, or AIMS design and documentation
  • Risk assessment and treatment plan
  • Internal audit and management review
  • Pre-certification readiness check
  • Stage 1 and Stage 2 audit with an accredited certification body partner
  • Ongoing surveillance audit support
3 to 6 months depending on scope Enterprises selling to global customers, SaaS companies, and AI or ML product companies
Scope this engagement

SOC 2 Type I and II

SOC 2 attestation for SaaS companies selling to US, EU, and global enterprise buyers.

  • Trust Services Criteria scoping with Security as the required category and Availability, Confidentiality, Processing Integrity, and Privacy as optional
  • Control gap assessment and remediation
  • Evidence collection through DPDPA Shield
  • Type I readiness audit
  • Type II observation period management (typically 6 months)
  • Final report delivery
4 to 9 months SaaS companies where SOC 2 is blocking an enterprise deal
Scope this engagement

RBI / SEBI / Sectoral Compliance

Compliance work for BFSI, NBFCs, insurance companies, and capital market participants.

  • RBI IT Framework and Master Direction on IT Governance
  • RBI Cyber Security Framework for UCBs and NBFCs
  • SEBI Cybersecurity and Cyber Resilience Framework (CSCRF)
  • SAR and VAPT submissions
  • IRDAI Information and Cyber Security Guidelines
  • DPDPA overlay for BFSI data processors
6 to 12 weeks per framework Banks, NBFCs, insurers, stockbrokers, investment managers, and payment aggregators
Scope this engagement

NIST CSF Alignment

Map your controls to the NIST Cybersecurity Framework. Increasingly required by global enterprise buyers and US federal supply chains.

  • NIST CSF 2.0 maturity assessment
  • Coverage mapping across Govern, Identify, Protect, Detect, Respond, and Recover
  • Crosswalk to ISO 27001, SOC 2, and DPDPA controls
  • Maturity scorecard with a clear target-state roadmap
4 to 6 weeks Companies in US enterprise sales or defence and aerospace supply chains
Scope this engagement

SOC Setup (Managed)

Build a Security Operations Centre or extend your existing one without hiring an in-house team.

  • SIEM selection and deployment (cloud-native or on-prem)
  • Log source onboarding and parsing
  • Detection engineering and use-case library
  • 24x7 or 8x5 monitoring options
  • Incident response runbooks aligned to DPDPA Section 8(6) breach notification
  • Monthly threat reports and metrics dashboard
6 to 10 weeks for setup, then ongoing managed service Mid-market and enterprise teams that want continuous monitoring without building an internal SOC
Scope this engagement
HOW IT WORKS

From enquiry to certified in four steps.

01

Scope call

A free 30-minute call to understand your context, where you are today, and what outcome you need.

02

Proposal and timeline

A fixed-scope statement of work with a named delivery partner and a clear milestone plan.

03

Delivery

Field work by CERT-In empanelled or accredited certification partners. Progress, findings, and artefacts are visible in your DPDPA Shield tenant throughout.

04

Certification and continuity

Final report and certificate where applicable. Your compliance posture stays tracked on the platform going forward.

CERT-In Empanelled Delivery
Accredited Certification Body Partner
ISO 27001 Lead Auditors
ISO 27701 / 42001 Specialists
SOC 2 Practitioners
CISA / CISSP / CIPP/E Certified Consultants
FREQUENTLY ASKED

Common questions

SCOPE AN ENGAGEMENT

Tell us what you need.
We will respond within one business day.

Every engagement starts with a free scoping call. Share what you are trying to solve and we will come back with a delivery partner, a timeline, and a fixed-scope proposal.

No obligation. No sales pressure.
Indicative timeline shared within one business day.
NDA available on request before any scope details are shared.

Jump to a service

Data Privacy AssessmentDPDPA Gap AuditCERT-In Empanelled VAPTCloud Configuration ReviewISO 27001 / 27701 / 42001SOC 2 Type I and IIRBI / SEBI / Sectoral ComplianceNIST CSF AlignmentSOC Setup (Managed)

0/1,000

Prefer email? hello@dpdpashield.in