Compliance insight worth reading
Sharp, practical takes on PCI DSS, ISO 27001, SOC 2, DPDP and VAPT — from CERT-In empanelled senior auditors. A few times a month, no fluff. Every edition is free to read below.
Latest editions
15 editions · updated regularlyThe DPDP deadline nobody’s ready for
India’s Digital Personal Data Protection Act is law. Most teams are treating it like a policy update. It isn’t.
Read now →Your PCI DSS scope is bigger than you think
Scope is the single biggest driver of PCI cost and risk — and almost everyone draws the boundary too small.
Read now →What auditors actually look for in ISO 27001
It isn’t the size of your policy binder. It’s whether the ISMS is alive.
Read now →SOC 2 in India: the questions US buyers keep asking
For Indian SaaS selling into the US, SOC 2 has quietly become the price of entry.
Read now →The RBI cyber audit findings that repeat every year
Regulated entities keep getting written up for the same handful of gaps. Here are the usual suspects.
Read now →VAPT vs a real attacker: where reports fall short
A clean pentest report is not the same as being hard to breach.
Read now →Why “we use AWS” isn’t a compliance answer
The cloud provider secures the cloud. Securing what you put in it is still your job.
Read now →The access review everyone fakes
Rubber-stamping a user list once a quarter is not an access review — and auditors can tell.
Read now →Vendor risk: the breach that starts in someone else’s network
Your data doesn’t care whose logo is on the door it walks out of.
Read now →PCI DSS v4.0.1: the requirements catching teams off guard
The future-dated requirements are here now. Several need lead time you may not have budgeted.
Read now →Ransomware readiness: the 5 controls that actually matter
You can’t patch your way out of every ransomware scenario. You can make one survivable.
Read now →The audit evidence you should be collecting today
The most stressful audits are the ones where evidence is reconstructed at the end.
Read now →DPDP consent: what “valid consent” actually means
A pre-ticked box and a buried privacy policy won’t clear the DPDP bar.
Read now →Cloud misconfigurations: the silent compliance killer
No exploit required. A single wrong setting is often all it takes.
Read now →How to build a security program your board will fund
Boards don’t buy fear. They fund risk they can see, measure and defend.
Read now →