CERT-In Mandatory Cybersecurity Audits: What Indian Companies Must Do Now

CERT-In's Comprehensive Audit Framework

CERT-In has introduced mandatory annual cybersecurity audits under its Comprehensive Cyber Security Audit Policy Guidelines. Any significant infrastructure change now triggers an audit requirement.

Key Requirements

• Annual third-party audits covering IT, OT, cloud, and supply chain
• 6-hour incident reporting to CERT-In
• 180-day log retention within Indian jurisdiction
• Penalties: up to one year imprisonment for responsible persons

Indian pharma companies with US FDA-audited facilities face dual regulatory scrutiny: CERT-In on one side, 21 CFR Part 11 / EU GMP Annex 11 on the other. AstraCMITS provides integrated compliance assessments addressing both frameworks simultaneously.