G-Info Technology Solutions Pvt. Ltd.(GISPL) is now a CERT-In Empanelled Security Auditor. It is an acknowledgement of GISPL Team’s technical expertise in conducting Information Security Audits. Our team of experts carry out comprehensive assessment of vulnerabilities of websites, network & applications. As a CERT-In empanelled auditor GISPL is qualified to conduct security audits of websites, networks & applications for Government Bodies such as RBI, Banks, SEBI, IRDA and other regulatory bodies etc. On successfully completing the audit as per CERT-In Guidelines, our team can issue the CERT-In Certification as required by all compliance requirements of various organizations.
About CERT-In
The Indian Computer Emergency Response Team (CERT-In) is the national nodal agency for responding to computer security incidents as and when they occur. CERT-In is a government approved organization for upholding information technology (IT) security. It was initiated in 2004 by the Department of Information Technology for implementing the provisions of the 2008 Information Technology Amendment Act.
CERT-IN is majorly responsible for:
- Responding to incidents of computer security
- Collecting, analyzing, and distributing information on cybersecurity attacks and vulnerabilities
- Putting in place emergency responses for handling cybersecurity attacks
- Preparing forecasts and alerts for any security problems observed
- Heading cyber incident response activities and their coordination
- Issuing notices, guidelines on dealing with attacks, advisories, or whitepapers. This could be in the fields of information security, prevention of attacks, responses, and reporting practices
- Vulnerability reporting and management
- Ensuring holistic and efficient IT security policies throughout India.
CERT-In Certification
In its effort to create a qualified panel of Security Auditing organization, Cert-In has adopted a stringent process to evaluate the participants. This is to verify the participating organization’s technical knowledge and skill to perform an Information security audit.
The certification process involves 4 Phases of the rigorous assessments, wherein Phase 1 is offline practical test to be completed in 15 days & Phase 2 is Online practical test to be completed in 72 Hours which comprises of conducting test based on real-world Vulnerability Assessment and Penetration Testing on a web-server hosted by CERT-In. To be successful you need to identify at least 90% of the vulnerabilities present on the web-server. 3rd Phase includes the Team’s Interview by CERT IN and 4th Phase includes Office Assessment and Background check of the organization.
Types of organizations that require CERT-IN certification
CERT-IN certifications are one of the efficient ways to attest to the security of Indian organizations, and hence are beneficial to most Indian organizations. Here’s a list of organizations that can particularly gain from this certification standard:
- RBI and Banks – Companies or those who use the software as mandated by:
RBI – Cybersecurity Framework for Banks
RBI – Cybersecurity Framework for Urban Cooperative Banks
RBI Guidelines for Cybersecurity in the NBFC sector - RBI and online payments – Companies and software that come under RBI Guidelines for Payment Aggregators and Payment Gateways
- Companies who conduct business related to software, hardware, or other related cyber services with the Government of India
- SEBI and companies – Companies and related software that fall under the rulebook of SEBI Cybersecurity and Cyber Resilience Framework
- Those companies hosting applications or portals online using the National Informatics Center (NIC)
- Companies or those using software that follow the rules of the UIDAI – AUA KUA Compliance
- If you’re selling, providing licenses, or just deploying relevant software and services for organizations for the ISNP Security Audit(under the IRDA mandate).
NOTE: ISNP Security Audit is for insurance companies attempting to set electronic platforms for their services. This is in accordance with the rules and regulations of the Insurance Regulatory and Development Authority of India (IRDAI).
Overview of the process for CERT-In Certification:
The various steps in the certification process are:
1. A comprehensive level 1 audit of your website, network or applications is carried out and a detailed report is provided.
2. Once patched, the level 2 re-testing audit is carried out and all the patches and fixes are verified.
3. The CERT-In Security Certificate is issued along with relevant supporting documentation and compliance reports for your customers & partners.
Over the years, we have garnered huge popularity as the most prominent CERT-IN impaneled security auditor at G-Info Technology Solutions Pvt. Ltd. It is our extensive technical expertise combined with our professionalism that helps us to conduct information security audits with sheer accuracy.
Our auditor is highly-qualified to perform security audits of applications, networks, and websites. Also being the most distinguished auditor, we also offer precise and appropriate CERT-IN guidelines for security breaches.
Hire the Most Seasoned CERT-IN Empanelled Security Auditor
Through our CERT-IN guidelines, you can get all the support in handling evolving challenges in the domain of information security. The professional team abides by the strict process to evaluate all the participants.
We have the expertise and knowledge that it takes to conduct an error-free security auditing on information security. Our certification procedure will require you to take a virtual practical test besides taking a real-time Vulnerability Assessment followed by Penetration Testing.
Conclusion
The CERT-IN department under the Government of India deals with a variety of topics related to cybersecurity. As such, gaining certification from such reputed organizations will definitely increase the security barriers of your organization. In fact, in some cases, it is mandatory to obtain a CERT-IN certificate for legal reasons. However, the testing process is delicate and needs to be handled by certified auditors with adequate expertise. Issues arise that may compromise the system permanently, and the right steps need to be taken in such situations.