Practitioner Resources
Checklists, datasheets, and deep-dives — written by practitioners, for practitioners. All content is DPDP Act 2023 and March 2026 accurate.
8 documents · 15 articles · Free download · No registration requiredDeep-Dive Practitioner Articles
Long-form technical articles written for CISOs, risk officers, and security practitioners in Indian BFSI.
Your ROPA Is Incomplete. Here’s What DPDP Rules 2025 Actually Demand.
78% of Indian organizations use GDPR-derived ROPA templates. Here are the 11 fields DPDP Rules 2025 require — and the 6 most commonly missing, including the Consent Artifact ID with no GDPR equivalent.
The Slide That Made My CEO Stop Asking ‘Are We Secure?’
Heat maps and RAG dashboards are epistemically dishonest. Boards can’t act on colour — they can act on ₹. The exact ROSI narrative, board attention curve, and slide structure that changes the conversation.
SEBI CSCRF Maturity Assessment: The Practitioner’s Survival Guide
Most BFSI organizations over-score CSCRF by 1–2 levels. Evidence quality matrix, Maker/Checker governance, most-failed controls, and a 6-month assessment calendar that holds up under SEBI audit.
FAIR Model: How a CISO Won a ₹5Cr Security Budget During Cuts
A step-by-step walkthrough of using the FAIR framework to quantify cyber risk in rupee terms, build a business case, and present to the CFO and board. Includes worked example for a mid-size NBFC.
RBI Master Direction on Digital Payments Security Controls: The BFSI Compliance Playbook
RBI DPSC mandates 75+ controls across internet banking, mobile, cards, ATM, and PPI channels. This practitioner playbook maps the most common inspection gaps and builds the evidence pack RBI examiners expect.
DPDP Act vs GDPR: The Side-by-Side Comparison India's DPOs Actually Need
Lawful bases, consent gates, rights gap (9 GDPR rights DPDP doesn't have), penalty structures, and the DPO equivalence question Indian organisations keep getting wrong.
CSITe Portal Filing Guide: How Indian Organisations Actually Submit CERT-In Incident Reports
Registration walkthrough, the 44 incident type drop-down decoded, field-by-field 6-hour filing guide, and the 3 rejection triggers that generate follow-up notices.
CERT-In 6-Hour Incident Reporting: The BFSI Practitioner's SOP
The 6-hour clock starts at detection, not investigation completion. Hour-by-hour response timeline, portal field checklist, 44-category incident matrix, and the 6 mistakes that trigger RBI enforcement.
PASTA Threat Modelling for Real Banking Systems
7-stage PASTA walkthrough applied to a core banking payment flow. DFD, attack tree, and DPDP Act mapping for BFSI security architects.
ISO 27001 SoA Audit Readiness: Why 40% of Indian BFSI Organisations Fail Their First Surveillance Audit
93 Annex A controls, 7 audit failure patterns, and the evidence pack format that survives UKAS/JAS-ANZ scrutiny. Includes the 11 always-applicable controls every SoA must declare.
TPRM & Vendor Risk Management Under SEBI CSCRF: The BFSI Practitioner Guide
82% of regulated entities that suffered third-party breaches had no documented exit strategy. Tier classification, 6 contractual controls, and the 4-stage TPRM lifecycle SEBI ID.2 demands.
BCP/DR for RBI & SEBI RC.1–RC.4: Why 68% of BFSI Audits Find No DR Evidence
Average RC maturity is 1.7/5. RTO/RPO benchmarks for 8 system classes, 9 RC failure patterns, and the 3-tier DR test evidence pack that satisfies RBI examiners.
The CISO's CyberDrill Playbook: Moving from Compliance Theater to Command Readiness
Designing drills that expose command gaps, validating the CERT-In 6-hour clock, and building the 3-drill annual program that produces SEBI ID.5 evidence.
The Infra Team's CyberDrill Guide: Technical Readiness Beyond Tabletop
Log retention across 13 CERT-In sources, evidence preservation sequence before isolation, DR failover RTO vs documented RTO, and NTP synchronisation.
The Auditor's CyberDrill Evidence Framework: What Survives SEBI Inspection
8 evidence quality tests (EQ-01 to EQ-08), finding specificity standards, the 10-section audit-grade report structure, and escalation triggers for IS auditors.
Know the Platform Before You Commit
Two-page datasheets covering architecture, modules, and regulatory alignment for each CreativeCyber platform.
DPDP Assurance Platform
- ✓12 assurance modules with 4 AI-powered workflows
- ✓Native RBI DPSC control mapping + CSITe filing
- ✓DPDP Act 2023 + Rules 2025 aligned throughout
RiskSage Platform
- ✓FAIR-based cyber risk quantification with ALE
- ✓STRIDE threat modelling for architecture review
- ✓Board-ready executive risk reports
Practitioner Toolkit
- ✓4 structured assessment modules with Maker/Checker
- ✓5-level maturity scoring with evidence requirements
- ✓Indian regulatory framework alignment built-in
Print. Assess. Evidence.
Single-page printable checklists for DPOs, CISOs, and audit teams. Each checklist maps to a specific regulatory framework.
Need a platform that automates all of this?
Move from spreadsheets and checklists to structured, AI-powered compliance and risk management.