SEBI circular on cybersecurity and cyber resilience framework for regulated entities requires mandatory cyber security and resilience audits. With the recent amendments in May and June 2022, such audits are to be done twice a year. SEBI also requires entities to identify critical assets in their organisation and also maintain an updated list of the same.

• Organizations continue to outsource parts of their business to realize potential cost benefits, to alleviate the need for hiring or retaining internal specialists and/or to create more flexibility to realize their business strategy.
• Assurance reports play an important role as a management control. In the USA, the new SSAE 18 standard was introduced in 2016 and implemented in 2017.
• Riskpro has done more than 900+ SSAE engagements and we have an inhouse CPA to perform these attestations.

• GDPR is a sweeping change. Effective May 2018, if you are not ready, you will not be able to do business, if you hold Personal data of any EU citizen and are not GDPR compliant.
• This may be as simple as an email in a marketing email list. You will not be able to send marketing mailers unless there is explicit consent or a lawful purpose/ legitimate business purpose.
• If you are recruiters, you will not be able to forward the CVs, download and save candidate data without their consent.

• Riskpro has a strong team of experienced and certified data privacy and data protection professionals who have thorough industry and technical knowledge and can assist you with:
  • Highlighting gaps in your framework/ policies/ processes and suggest an effective mitigation plan.
  • Define/review procedures to ensure updates in the bill are identified timely.
  • Ensure the controls/ framework defined are adequate and in accordance with PDP Bill requirements.
  • Define and/or implement a bill compliant data protection governance framework.

• ISO 27001 specifies a management system that is intended to bring information security under management control and gives specific requirements.
• Riskpro helps to review current practices against ISO 27001 requirements and establish frameworks to address Information Security.
• We carry out a self assessment review of your ISMS implementation against the requirement and issue a review / certification report.

• A company should adopt leading framework to evaluate their preparedness against cyber risks.
• Riskpro helps companies to develop a board approved Cyber Security Policy and Cyber Crisis Management Policy.
• We can develop Key Risk Indicators to track risks and preparedness.
• We conduct Periodic cyber risk audits.
• We also provide cyber security services for Urban Cooperative Banks and for other BFSI sectors.

• In 2002, the United States Congress passed the Sarbanes-Oxley Act (SOX) to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises, and to improve the accuracy of corporate disclosures.
• An Audit of Internal Control over Financial Reporting performed in conjunction with an audit of financial statements.
• All public companies now must comply with SOX, both on the financial side and on the IT side.