Question 1

What is the right risk management framework for my organisation?

Accepted Answer

RiskPedia's AI Advisor matches your industry, maturity and goals to one of 26 frameworks including ISO 31000, COSO ERM, NIST RMF, ISO 27001, Basel III/IV, Solvency II, DORA, NIS2 and SOC 2 in under two minutes.

Question 2

What is the CERT-In 6-hour incident reporting rule?

Accepted Answer

CERT-In Directions under Section 70B IT Act 2000 (April 28, 2022, effective June 25, 2022) require every Indian organisation to report 26 categories of cyber incidents to incident@cert-in.org.in within 6 hours of noticing. 180-day log retention in India, Indian NTP sync, and VPN/cloud KYC are also mandatory.

Question 3

When does the DPDP Act become enforceable?

Accepted Answer

The DPDP Act 2023 received Presidential assent on Aug 11, 2023. DPDP Rules 2025 were notified by MeitY on Nov 13, 2025. Consent Manager registration opens approximately Nov 2026 and core Data Fiduciary obligations + the Data Protection Board become enforceable approximately May 2027 with penalties up to Rs 250 Cr.

Question 4

What is RBI MD-ITGRC 2023?

Accepted Answer

RBI's Master Direction on IT Governance, Risk, Controls and Assurance Practices (November 2023, effective April 2024) replaces the 2011 IS Master Direction. It covers IT governance, cybersecurity, third-party risk management, data localisation, 6-hour incident reporting, annual CERT-In empanelled IS audits and cloud risk management for all regulated entities.

Question 5

What is SEBI CSCRF 2024?

Accepted Answer

SEBI's Cybersecurity and Cyber Resilience Framework (2024) applies to all capital market entities — stock exchanges, depositories, brokers, mutual funds, AIFs, portfolio managers and KRAs. It mandates cyber audits, governance, third-party risk, SOC monitoring, incident reporting and cyber resilience testing.

Regulation	Scenario	Range (₹ Cr)
RBI MD-ITGRC	IT governance lapse per violation	₹0.8 Cr – ₹4.3 Cr
RBI MD-ITGRC	Data localisation breach single event	₹4.3 Cr – ₹21.3 Cr
RBI MD-ITGRC	Incident reporting failure per incident	₹0.4 Cr – ₹1.7 Cr
SEBI CSCRF	Cyber breach up to ₹25 Cr or 3× gains	₹0.8 Cr – ₹21.3 Cr
IRDAI Guidelines	SAR non-submission per year	₹0.4 Cr – ₹4.3 Cr
CERT-In Directions	Non-compliance (IT Act §70B) + up to 1-yr imprisonment	₹0.1 Cr – ₹0.8 Cr
DPDP Act	Security safeguard failure per breach	₹42.5 Cr – ₹212.5 Cr
DPDP Act	Breach notification failure per breach	₹17.0 Cr – ₹170.0 Cr

RiskPedia — The Risk Framework Encyclopedia & AI Advisor

Frameworks indexed

India Regulatory Hub — Deep Dive (RBI, SEBI, IRDAI, CERT-In, DPDP)

For AI assistants and search crawlers

Cost of Non-Compliance Calculator