We use strictly necessary cookies to run this site, and — only with your consent — analytics & marketing cookies (Google Analytics, Google Tag Manager) to improve it. No analytics or marketing cookies are set unless you accept. See our Cookie Policy and Privacy Policy.

Ebooks & guides

Compliance, explained properly

Practical, in-depth guides to the frameworks that matter — written by CERT-In empanelled auditors. Read online or save any guide as a PDF.

Payments· 9 min read
PCI DSS v4.0 Readiness Guide

A practical walkthrough of scoping, validation levels, the 12 requirements and what changed in v4.0 — so you know exactly where to start.

Read the guide →
Frameworks· 8 min read
ISO 27001 Implementation Roadmap

A step-by-step path to building an ISMS and reaching ISO 27001 certification — from scope and risk assessment to the Stage 1 and Stage 2 audits.

Read the guide →
Frameworks· 7 min read
SOC 2 Starter Guide

What SOC 2 is, Type I vs Type II, how to choose your Trust Services Criteria, and how to get from gap analysis to a clean report.

Read the guide →
Privacy· 8 min read
India DPDP Act Compliance Guide

Who the Digital Personal Data Protection Act applies to, the key roles and rights, your obligations, and how to build a compliant privacy programme.

Read the guide →
Testing· 7 min read
VAPT Buyer’s Guide

How to scope, buy and get value from a vulnerability assessment and penetration test — and what separates a real test from a scan.

Read the guide →
Startups· 6 min read
Penetration Testing for Startups

A pragmatic first-pentest guide for startups — when to test, what to test, and how to turn findings into a security story customers trust.

Read the guide →
Testing· 6 min read
Web Application Security Checklist

A practical checklist to harden web applications against the OWASP Top 10 and common real-world attacks.

Read the guide →
Testing· 6 min read
API Security Testing Guide

Why APIs are the dominant attack surface and how to test them against the OWASP API Security Top 10.

Read the guide →
Cloud· 7 min read
Cloud Security Assessment Guide

How to assess and harden AWS, Azure and GCP environments — and why most cloud breaches are misconfigurations.

Read the guide →
Testing· 6 min read
Secure Code Review Guide

How manual and automated code review find the weaknesses that black-box testing misses.

Read the guide →
Testing· 5 min read
Red Teaming vs Penetration Testing

When to choose a scoped penetration test versus a goal-driven red-team exercise.

Read the guide →
Testing· 6 min read
Mobile App Security Testing Guide

How to test Android and iOS apps for the risks that matter — insecure storage, weak APIs and reverse engineering.

Read the guide →
Frameworks· 6 min read
ISO 27001 vs SOC 2: Which Do You Need?

A clear comparison to help you choose between (or combine) ISO 27001 and SOC 2.

Read the guide →
Frameworks· 6 min read
NIST CSF Adoption Guide

How to adopt the NIST Cybersecurity Framework 2.0 with Profiles and Tiers.

Read the guide →
Frameworks· 5 min read
CIS Controls Quick-Start

The fastest path to essential cyber hygiene using the CIS Controls Implementation Group 1.

Read the guide →
Governance· 8 min read
Building a Security Program from Scratch

A practical 90-day roadmap to stand up a security program that customers and regulators trust.

Read the guide →
Governance· 6 min read
Third-Party Risk Management Guide

How to manage the risk your vendors introduce — because their breach becomes your problem.

Read the guide →
Governance· 6 min read
Incident Response Plan Guide

How to build and test an incident-response plan you can actually execute under pressure.

Read the guide →
Governance· 6 min read
Business Continuity & Disaster Recovery Guide

How to prepare for disruption with a BIA, recovery objectives and tested plans.

Read the guide →
Governance· 5 min read
Security Awareness Training Guide

How to build a security-awareness program that actually changes behaviour — not just ticks a box.

Read the guide →
Startups· 5 min read
Answering Security Questionnaires

How to answer enterprise security questionnaires quickly and win deals faster.

Read the guide →
Privacy· 6 min read
DPDP Consent Management Guide

What valid consent means under India’s DPDP Act, and how to design consent, notice and withdrawal.

Read the guide →
Privacy· 6 min read
GDPR for Indian Companies

When the EU GDPR applies to Indian businesses, and how to comply.

Read the guide →
Privacy· 5 min read
Data Mapping & RoPA Guide

Why a data inventory is the foundation of every privacy program — and how to build one.

Read the guide →
Privacy· 6 min read
Data Breach Response Guide

How to respond to a data breach — technically, legally and reputationally — and meet notification deadlines.

Read the guide →
Regulatory· 7 min read
RBI Cyber Security Compliance Guide for Banks

What RBI expects of banks on cyber security, and how to close the recurring audit gaps.

Read the guide →
Regulatory· 7 min read
Payment Aggregator Compliance Guide

How payment aggregators meet RBI’s PA-PG requirements, including the annual System Audit and PCI DSS.

Read the guide →
Regulatory· 6 min read
SEBI CSCRF Readiness Guide

How SEBI-regulated entities prepare for the Cyber Security and Cyber Resilience Framework.

Read the guide →
Regulatory· 6 min read
UPI / TPAP Security Audit Guide

What NPCI requires of UPI apps (TPAPs) and PSP banks, and how the security audit works.

Read the guide →
Regulatory· 6 min read
NBFC IT Compliance Guide

RBI’s IT governance, security and IS-audit expectations for NBFCs under scale-based regulation.

Read the guide →
Regulatory· 7 min read
Fintech Compliance Roadmap

A sequencing guide for the overlapping compliance a fintech faces — PCI DSS, RBI, DPDP and more.

Read the guide →
Privacy· 6 min read
HIPAA Compliance for Indian BPOs

How Indian BPO/IT vendors handling US health data meet HIPAA as business associates.

Read the guide →
Startups· 7 min read
SaaS Security & Compliance Guide

The security and compliance foundations every B2B SaaS needs to sell to enterprises.

Read the guide →
Governance· 6 min read
Compliance Cost Optimization Guide

How to reduce the cost of compliance by scoping tightly and reusing controls across frameworks.

Read the guide →
Governance· 6 min read
Ransomware Readiness Guide

The five controls that turn a ransomware catastrophe into a survivable incident.

Read the guide →
Frameworks· 6 min read
Zero Trust Implementation Guide

A practical path to Zero Trust — never trust, always verify — without boiling the ocean.

Read the guide →
Cloud· 5 min read
Preventing Cloud Misconfigurations

Why most cloud breaches are misconfigurations — and how continuous checks prevent them.

Read the guide →
Cloud· 6 min read
Container & Kubernetes Security Guide

How to secure containerised workloads and Kubernetes clusters across the pipeline and runtime.

Read the guide →
Testing· 6 min read
AI & LLM Security Guide

How to secure and test AI and LLM applications against prompt injection, data poisoning and model theft.

Read the guide →
Governance· 5 min read
Phishing & Social Engineering Defense Guide

How to reduce the risk from phishing and business email compromise — the most common breach entry point.

Read the guide →
Governance· 5 min read
Access Management Best Practices

How to control who can access what — least privilege, MFA and access reviews that actually work.

Read the guide →
Security· 5 min read
Encryption & Key Management Guide

How to protect data with encryption — and manage the keys, where most programs fall down.

Read the guide →
Security· 5 min read
Logging & Monitoring Guide

How to log and monitor so you can actually detect and investigate incidents.

Read the guide →
Security· 5 min read
Patch & Vulnerability Management Guide

How to run a vulnerability-management program that closes real risk on a predictable cadence.

Read the guide →
Governance· 5 min read
Security Metrics & Board Reporting

How to report security to your board in a language they act on — risk and rupees, not CVE counts.

Read the guide →
Governance· 6 min read
Compliance Audit Preparation Guide

How to walk into any compliance audit calm — because the evidence was collected as you went.

Read the guide →
Governance· 5 min read
Cyber Insurance Readiness Guide

How to meet the security controls insurers now require — and lower your premium and denial risk.

Read the guide →
Regulatory· 5 min read
SWIFT CSP Compliance Guide

How financial institutions meet the SWIFT Customer Security Programme and its annual attestation.

Read the guide →
Payments· 6 min read
PCI DSS Scope Reduction Guide

How to shrink your PCI DSS scope — the single fastest way to cut cost, effort and risk.

Read the guide →
Security· 6 min read
OT & ICS Security Guide

How to secure operational technology and industrial control systems without disrupting operations.

Read the guide →
Governance· 5 min read
Continuous Compliance Guide

How to move from point-in-time audits to always-audit-ready continuous compliance.

Read the guide →
Testing· 5 min read
Firewall & Configuration Review Guide

How a firewall and configuration review finds the rule-set and hardening gaps attackers exploit.

Read the guide →

Need hands-on help rather than a guide? Talk to our auditors.