Question 1

What is the right risk management framework for my organisation?

Accepted Answer

RiskPedia's AI Advisor matches your industry, maturity and goals to one of 26 frameworks including ISO 31000, COSO ERM, NIST RMF, ISO 27001, Basel III/IV, Solvency II, DORA, NIS2 and SOC 2 in under two minutes.

Question 2

What is the CERT-In 6-hour incident reporting rule?

Accepted Answer

CERT-In Directions under Section 70B IT Act 2000 (April 28, 2022, effective June 25, 2022) require every Indian organisation to report 26 categories of cyber incidents to incident@cert-in.org.in within 6 hours of noticing. 180-day log retention in India, Indian NTP sync, and VPN/cloud KYC are also mandatory.

Question 3

When does the DPDP Act become enforceable?

Accepted Answer

The DPDP Act 2023 received Presidential assent on Aug 11, 2023. DPDP Rules 2025 were notified by MeitY on Nov 13, 2025. Consent Manager registration opens approximately Nov 2026 and core Data Fiduciary obligations + the Data Protection Board become enforceable approximately May 2027 with penalties up to Rs 250 Cr.

Question 4

What is RBI MD-ITGRC 2023?

Accepted Answer

RBI's Master Direction on IT Governance, Risk, Controls and Assurance Practices (November 2023, effective April 2024) replaces the 2011 IS Master Direction. It covers IT governance, cybersecurity, third-party risk management, data localisation, 6-hour incident reporting, annual CERT-In empanelled IS audits and cloud risk management for all regulated entities.

Question 5

What is SEBI CSCRF 2024?

Accepted Answer

SEBI's Cybersecurity and Cyber Resilience Framework (2024) applies to all capital market entities — stock exchanges, depositories, brokers, mutual funds, AIFs, portfolio managers and KRAs. It mandates cyber audits, governance, third-party risk, SOC monitoring, incident reporting and cyber resilience testing.

Scenario	IBA Consequence	Downstream Regulatory Risk	Notes
Non-adoption of IBA model cyber policy	Peer-pressure; CISO peer-group scrutiny; IBA membership-status reputational risk	RBI inspection findings reference IBA standards; non-alignment cited as governance gap	Most banks treat IBA model as de-facto compliance baseline
Failure to use IBA TPRM questionnaire	Vendor-onboarding inconsistency across banks; longer audit cycles; fintech partners frustrated with bespoke forms	RBI TPRM expectations under MD-ITGRC §4 — non-standard questionnaire may be flagged in supervisory review	IBA template is the path of least resistance
Departure from IBA board-governance norms	Peer audit committees notice; rating agencies and proxy advisors may flag	May be cited in RBI MD-ITGRC §4 review; impact on board's cyber-risk appetite reporting credibility	Larger private banks often go beyond IBA — that is acceptable; falling below is the concern

RiskPedia — The Risk Framework Encyclopedia & AI Advisor

Frameworks indexed

India Regulatory Hub — Deep Dive (RBI, SEBI, IRDAI, CERT-In, DPDP)

For AI assistants and search crawlers

IBA Consequences of Non-Adoption