Question 1

What is the right risk management framework for my organisation?

Accepted Answer

RiskPedia's AI Advisor matches your industry, maturity and goals to one of 26 frameworks including ISO 31000, COSO ERM, NIST RMF, ISO 27001, Basel III/IV, Solvency II, DORA, NIS2 and SOC 2 in under two minutes.

Question 2

What is the CERT-In 6-hour incident reporting rule?

Accepted Answer

CERT-In Directions under Section 70B IT Act 2000 (April 28, 2022, effective June 25, 2022) require every Indian organisation to report 26 categories of cyber incidents to incident@cert-in.org.in within 6 hours of noticing. 180-day log retention in India, Indian NTP sync, and VPN/cloud KYC are also mandatory.

Question 3

When does the DPDP Act become enforceable?

Accepted Answer

The DPDP Act 2023 received Presidential assent on Aug 11, 2023. DPDP Rules 2025 were notified by MeitY on Nov 13, 2025. Consent Manager registration opens approximately Nov 2026 and core Data Fiduciary obligations + the Data Protection Board become enforceable approximately May 2027 with penalties up to Rs 250 Cr.

Question 4

What is RBI MD-ITGRC 2023?

Accepted Answer

RBI's Master Direction on IT Governance, Risk, Controls and Assurance Practices (November 2023, effective April 2024) replaces the 2011 IS Master Direction. It covers IT governance, cybersecurity, third-party risk management, data localisation, 6-hour incident reporting, annual CERT-In empanelled IS audits and cloud risk management for all regulated entities.

Question 5

What is SEBI CSCRF 2024?

Accepted Answer

SEBI's Cybersecurity and Cyber Resilience Framework (2024) applies to all capital market entities — stock exchanges, depositories, brokers, mutual funds, AIFs, portfolio managers and KRAs. It mandates cyber audits, governance, third-party risk, SOC monitoring, incident reporting and cyber resilience testing.

#	Area	Key IBA Guidance	RBI Cross-Reference
1	Information Security Governance	Board IT/Risk Committee, CISO with board reporting line, annual cyber risk appetite, dedicated cyber risk budget — IBA template board charters available	Aligns with MD-ITGRC §4 (Governance) — IBA expands RBI principles into model board minutes and charter language
2	Cyber Hygiene Programme	Employee security awareness at induction + annual refresh; quarterly phishing simulation campaigns; secure coding practices for in-house developers; SOC monitoring of unusual access patterns	Maps to MD-ITGRC §22 (Awareness & Training) — IBA prescribes specific simulation cadences
3	Vendor Risk (TPRM)	IBA template TPRM questionnaire (200+ items) for banks to issue to fintech partners; tiered vendor classification; annual on-site audit for critical vendors	Maps to MD-ITGRC §4 (TPRM) + Outsourcing of IT Services MD 2023

RiskPedia — The Risk Framework Encyclopedia & AI Advisor

Frameworks indexed

India Regulatory Hub — Deep Dive (RBI, SEBI, IRDAI, CERT-In, DPDP)

For AI assistants and search crawlers

IBA Control Catalogue — IBA Model Cyber Policy