Submissions – Navigating the CERT-In directions for business operations.

Submissions

May 2022

16 Mon

17 Tue

18 Wed

19 Thu

20 Fri 04:00 PM – 05:00 PM IST

21 Sat

22 Sun

Jun 2022

13 Mon

14 Tue 04:00 PM – 05:00 PM IST

15 Wed

16 Thu

17 Fri

18 Sat

19 Sun

Make a submission

Pinned update

20th May Panel discussion Hi everyone! The video of the “Navigating the CERT-In directions for business operations” live discussion, held on the 20th of May is now available in the vi… more

On 28^th April 2022 the Indian Computer Emergency Response Team (CERT-In) issued new directions (PDF) under sub-section (6) of section 70B of the Information Technology Act, 2000 relating to information security practices, procedure, prevention, response, and reporting of cyber incidents for The Safe & Trusted Internet.

FAQ on the cyber security directions of 28^th April 2022

These were not preceded by any public consultations, leading to confusion in the organizations and businesses impacted by these changes. The directons cover aspects related to the timeframe for reporting cyber security incidents, maintenance of the user identification data, transaction information for crypto exchanges and wallets, maintenance of customer details by data centers, cloud services, VPN providers, and maintenance of logs in the Indian jurisdiction.

What will be the impact of these directions on businesses?

Rootconf and Privacy Mode are co-organizing with FOSS United Foundation an event on the 20^th May 2022 to discuss the impact of these directions on various businesses, along with discussing recommendations for the directive to fall in line with privacy and business requirements. This hybrid (online and on-site) event will be held at the Zerodha office in Bengaluru.

The event will help the audience gain a better understanding of the impact, especially around data governance and operational practices. The following key concerns will also be discussed.

Gaps and unknowns in the text of the directions.
Challenges in complying with the requirements criteria set in the directions.
Impact on data governance strategies, risk management, and operational aspects of businesses.
Methods of engagement to refine and improve such requirements.

A report based on a discussion regarding the impact of CERT-In on various businesses, that took place among many tech practitioners, is available here.

Hosted by

Rootconf

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more

Supported by

Co-organizer

Privacy Mode

Deep dives into privacy and security, and understanding needs of the Indian tech ecosystem through guides, research, collaboration, events and conferences. Sponsors: Privacy Mode’s programmes are sponsored by: more

Partner

FOSS United Foundation

FOSS United is a non-profit foundation that aims at promoting and strengthening the Free and Open Source Software (FOSS) ecosystem in India. more

Mozilla

The Mozilla project is a global community of people who believe that openness, innovation, and opportunity are key to the continued health of the internet. more

Accepting submissions

Not accepting submissions

Report on Panel Discussion: Navigating the CERT-In Directives for Business Operations

Rootconf and Privacy Mode recommend that stakeholders who are impacted by the CERT-In 2022 directions should directly engage CERT-In in public consultation, and rally for more transparent consultative processes in the future. more

0 comments
Submitted
23 May 2022

Recommendations on compliance timelines for SMEs and additional suggestions for improving ease of compliance

On 28 April 2022, CERT-In released directions for cybersecurity incident reporting. With the compliance deadline of 28 June fast approaching, industry bodies shared their concerns with CERT-In and MoS Rajeev Chandrashekhar on 10 June 2022. more

0 comments
Submitted
18 Jun 2022