← All guides
Regulatory · 6 min read

NBFC IT Compliance Guide

RBI’s IT Governance Master Direction applies to NBFCs based on their layer — larger NBFCs face fuller obligations.

FreeGet "NBFC IT Compliance Guide" as a PDF

Plus occasional, practical compliance guidance from our senior auditors. No spam — unsubscribe anytime.

1. Confirm your layer

Base, Middle, Upper or Top layer under scale-based regulation determines your requirements.

2. What’s expected

  • IT governance and a board-approved policy.
  • IT/IS risk management and outsourcing controls.
  • An independent IS audit function.
  • Business continuity and incident response.

How CyberSigma helps

CERT-In empanelled, we perform your NBFC IS audit and gap assessment, run VAPT, and help establish the governance RBI expects.

This guide is educational and not legal advice. Requirements evolve — validate specifics against the current standard or regulation for your situation.

Turn this guide into a plan

Our CERT-In empanelled auditors can take you from reading about it to certified — with a scoped, guided programme.

Book a consultation →