1. Confirm your layer
Base, Middle, Upper or Top layer under scale-based regulation determines your requirements.
2. What’s expected
- IT governance and a board-approved policy.
- IT/IS risk management and outsourcing controls.
- An independent IS audit function.
- Business continuity and incident response.
How CyberSigma helps
CERT-In empanelled, we perform your NBFC IS audit and gap assessment, run VAPT, and help establish the governance RBI expects.
This guide is educational and not legal advice. Requirements evolve — validate specifics against the current standard or regulation for your situation.
