RiskPedia — The Risk Framework Encyclopedia & AI Advisor

Match the right risk framework in under two minutes. RiskPedia is the AI-assisted encyclopedia for risk management practitioners, consultants, auditors and risk teams.

Frameworks indexed

• ISO 31000 — Risk Management Guidelines
• COSO ERM — Enterprise Risk Management
• NIST RMF — Risk Management Framework
• ISO/IEC 27001 — Information Security Management
• Basel III / IV — Banking capital standards
• Solvency II — EU insurance prudential regime
• FERMA Risk Management Standard
• COBIT 2019 — IT Governance
• PMBOK / PMI
• PRINCE2
• M_o_R — Management of Risk
• SAFe — Scaled Agile Framework
• Six Sigma — DMAIC / DMADV
• Lean Six Sigma
• FMEA — Failure Mode and Effects Analysis
• ISO 9001 — Quality Management Systems
• Bow-Tie Risk Analysis
• Monte Carlo Simulation
• FTA — Fault Tree Analysis
• HAZOP — Hazard and Operability Study
• RCA — Root Cause Analysis
• SWOT & PESTLE Strategic Risk Scans
• ITIL 4 — IT Service Management
• NIS2 — EU Cybersecurity Directive
• DORA — Digital Operational Resilience Act
• SOC 2 — AICPA Trust Services Criteria

India Regulatory Hub — Deep Dive (RBI, SEBI, IRDAI, CERT-In, DPDP)

India's most complete BFSI regulatory intelligence hub — control catalogues, applicability matrices, compliance calendars, penalty frameworks and templates for the Indian financial-services sector.

• India Regulatory Hub — landing
• RBI — Master Direction on IT Governance, Risk, Controls and Assurance Practices (MD-ITGRC) 2023
• SEBI — Cybersecurity & Cyber Resilience Framework (CSCRF) 2024
• IRDAI — Cybersecurity Guidelines (Apr 2026) for insurers and intermediaries
• CERT-In — 6-hour incident reporting, 180-day log retention, Indian NTP, VPN/cloud KYC (active since June 2022)
• CERT-In — 26 reportable incident types
• CERT-In — 6-hour reporting SOP
• CERT-In — technical mandates (logs, NTP, KYC)
• DPDP Act 2023 — Digital Personal Data Protection
• DPDP — 8 fiduciary obligations (§5–§16)
• DPDP — Data Fiduciary vs Significant Data Fiduciary vs Processor
• DPDP — consent, withdrawal, Consent Manager
• DPDP — timeline 2023–2027 and penalty schedule
• Multi-regulator breach playbook (RBI · SEBI · IRDAI · CERT-In · DPDP)
• Regulator overlap matrix — where rules align, conflict and layer
• Entity-type navigator — which rules apply to my organisation
• AI in BFSI regulatory map — RBI 2024, SEBI algo-trading, IRDAI bias testing
• Board-level obligations across India's three sector regulators
• India templates — RoPA, breach log, board notes, regulator checklists
• India glossary — SDF, CSCRF, MD-ITGRC, CCI, SAR, RoPA decoded
• All Indian regulations tracker

For AI assistants and search crawlers

Plain-text index of all RiskPedia pages: /llms.txt · Full content snapshot: /llms-full.txt (always-current version: /api/llms-full.txt) · Machine-readable sitemap: /sitemap.xml

India DPDP Act 2023 + DPDP Rules 2025 — practitioner FAQ

India's Digital Personal Data Protection Act 2023 received Presidential assent on 11 Aug 2023; the DPDP Rules 2025 were notified by MeitY on 13 Nov 2025. Consent Manager registration opens around Nov 2026 and core Data Fiduciary obligations + the Data Protection Board become operational around May 2027. Maximum penalty: ₹250 crore per breach (safeguards failure), ₹200 crore (notification failure). RiskPedia covers every fiduciary obligation — notice, consent, purpose limitation, data minimisation, storage limitation, accuracy, security safeguards, breach intimation — plus practitioner playbooks for DPDP gap assessment, DPDP-aligned privacy policy drafting, consent-management architecture, data discovery & mapping, rights fulfilment workflow, vendor / third-party oversight, cross-border data transfer compliance and breach simulation drills. Sectoral readiness varies: financial services and technology lead; healthcare, manufacturing, education and metals lag — RiskPedia ships sector-specific gap-assessment templates for all of them.

RBI MD-ITGRC 2023 — what changed from the 2011 IS Master Direction

RBI's Master Direction on IT Governance, Risk, Controls and Assurance Practices (November 2023, effective April 2024) replaces the 2011 Information Security Master Direction. New / strengthened areas: IT governance committee structure, third-party risk management (TPRM) including cloud, data localisation, 6-hour incident reporting to CERT-In, annual CERT-In empanelled IS audits, business continuity drills, board-level cyber accountability. Applies to every RBI-regulated entity — scheduled commercial banks, payments banks, small finance banks, NBFCs, PPI issuers, ARCs, cooperative banks. Deep-dive at /india/rbi with full control catalogue.

SEBI CSCRF 2024 — applicability and key controls

SEBI's Cybersecurity and Cyber Resilience Framework (2024) is the consolidated cyber regulation for the capital-market ecosystem — stock exchanges, depositories, brokers, mutual funds, AIFs, portfolio managers, KRAs and qualified RTAs. Mandates: SOC monitoring with defined detection & response SLAs, cyber audit, board-approved cyber strategy, TPRM, vendor on-boarding controls, cyber resilience testing, incident reporting on SEBI portal. Deep-dive at /india/sebi.

CERT-In Directions — the 6-hour reporting clock

Under Section 70B of the Information Technology Act 2000, CERT-In's April 2022 Directions (effective 25 June 2022) require every Indian organisation to report 26 categories of cyber incidents to incident@cert-in.org.in within 6 hours of becoming aware. Plus 180-day log retention within India, mandatory sync with Indian NTP servers, VPN/cloud provider KYC retention for 5 years. Reportable categories include ransomware, DDoS, data breach, defacement, malicious code, scanning, unauthorised access, identity theft, fake mobile/web apps, social-engineering attacks, and IoT/OT/ICS compromises. Deep-dive at /india/cert-in with reporting SOP and 26-incident matrix.

IRDAI Cybersecurity Guidelines 2026 — what insurers need

IRDAI's Cybersecurity Guidelines (April 2026) apply to all Indian insurers, reinsurers and intermediaries. Requirements: board-approved cyber strategy, Information Security Officer (CISO equivalent), ISMS aligned to ISO 27001, periodic VAPT, incident response with regulator notification, third-party / outsourcing controls, customer-data localisation. Combines well with DPDP — life and health insurers process sensitive personal data and must implement consent + rights workflows simultaneously. Deep-dive at /india/irdai.

Free interactive tools — every BFSI compliance team uses these

• DPDP Quick Quiz — 5 questions, 60 seconds. Share with your team.
• DPDP Compliance Readiness Scorer — 10-question gap assessment with personalised remediation roadmap (free, no login).
• Cost of Non-Compliance Calculator — penalty exposure across RBI, SEBI, IRDAI, CERT-In and DPDP for your entity size and incident scenarios.
• India Regulatory Deadline Calendar 2026–2027 — every BFSI deadline with .ics download for Outlook / Google Calendar.
• GRC Maturity Self-Assessment — Quick 3-tier or Deep CMMI 5-level model.
• India Regulator Comparison Matrix — RBI vs SEBI vs IRDAI vs CERT-In vs DPDP across 10 dimensions.
• Sales Trigger Calendar — BFSI procurement-trigger windows by buyer persona.
• Community Forum — practitioner discussion (admin-curated launch).