CERT-In Empanelled Since 2008

Compliance assessments
that regulators accept.

Audit-ready reports for every Indian and global regulatory framework. Trusted by 700+ organisations across BFSI, healthcare, insurance, and government.

Request Compliance Scoping

app.shadowmap.com/org/acmecorp/asm

ACMECORP · DAILY SCAN

External Attack Surface — Updated 14m ago

Score: B+ · 78

Assets Discovered

4,892

+47

Exposed Services

Cert Issues

−2

Leaked Credentials

new

Exposed admin panel detected on staging.acmecorp.io

Attack Surface · 14m ago

CRITICAL

3 employee credentials in stealer-log dump (BlackBasta channel)

Dark Web · 1h ago

HIGH

SPF record drift on transactional.acmecorp.com

DNS · 4h ago

MEDIUM

Continuous

SLA Takedown

9.7B+ records indexed

By Regulator

Mandatory Indian regulatory frameworks

As India's longest-serving CERT-In empanelled firm, our reports satisfy statutory requirements for all Indian regulators.

CERT-In Security Audit

Empanelled security auditor since 2008 — mandatory for critical infrastructure, government, and regulated entities under CERT-In directives.

MandatoryGovernmentCritical Infrastructure

RBI Cybersecurity Framework

Mandatory VAPT, IS audit, and cybersecurity compliance for banks, NBFCs, and cooperative banks under the RBI cyber framework.

BanksNBFCsCooperative Banks

SEBI CSCRF Compliance

Cybersecurity and cyber resilience framework compliance for 22 SEBI-regulated entity categories — MIIs, Qualified REs, Mid-size, Small-size and Self-cert REs. Master circular Aug 2024 read with Apr/Aug 2025 amendments and the May 2026 AI advisory.

MIIsQualified REsAMCsBrokersAIFsCustodians

SEBI AI Vulnerability Detection Advisory

May 2026 advisory (HO/13/19/12(1)2026-ITD-1_CIMGI/10873/2026) on AI tools like Claude Mythos. Mandates AI-based VA, M-SOC onboarding, ZTNA, SBOM, and a long-term agentic-defence plan across 19 categories of regulated entities.

AdvisoryAI SecurityMay 2026

IRDAI Cybersecurity

Cybersecurity compliance for insurers and ISNPs under IRDAI guidelines — vulnerability assessment, IS audit, and incident response readiness.

InsurersISNPReinsurers

Specialised Audits

Distinct-scope audits across the payments + identity ecosystem

Dedicated engagements for SAR, payment aggregators, UIDAI, NPCI, SBI VSCC, ATM/POS, and vendor risk — each with its own deliverable format and procurement intent.

SAR · System Audit Report (Data Localization)

RBI-mandated annual system audit for PA-PG, PPI, BBPOU, UPI TPAPs, and CDSL depository participants. Distinct deliverable per regulator format.

RBIPA-PGUPICDSL

RBI Payment Aggregator (PA-PG) Audit

Annual system audit + cybersecurity audit by CERT-In empanelled auditors per RBI 2025 PA Master Direction. Merchant onboarding to escrow to settlement.

RBICERT-InAnnual

UIDAI AUA-KUA Audit

Aadhaar ecosystem security and compliance audit for AUAs, KUAs, Sub-AUAs, and Sub-KUAs. UIDAI checklist + management comments + closure validation.

UIDAIAadhaareKYC

NPCI / UPI Audit

Payment ecosystem audit for PSPs, TPAPs, sponsor banks, BBPS/BBPOU, and RuPay. Role-specific scope plus UPI 2.0, AutoPay, Credit-on-UPI add-ons.

NPCIUPITPAPBBPS

SBI VSCC Audit

Vendor Site Compliance Certificate for SBI ePay / SBI payment gateway merchant onboarding. Issued by CERT-In empanelled auditor with VSCC Form C.

SBIVSCCMerchant Onboarding

ATM & POS Security Audit

Payment-channel security audit covering ATMs, POS, CDMs, kiosks, microATMs, NFC tap-to-pay, payment middleware, and switch integration.

ATMPOSEMVPCI DSS

Vendor Risk Assessment (VRA)

Compliance-focused vendor / third-party risk audit for RBI, SEBI, DPDP, NPCI, M&A, and customer-questionnaire mandates. Bridges to ShadowMap VRM + TPRM.

TPRMVendor RiskShadowMap

NSE Trading Member VAPT

NSE-mandated VAPT submission for stock brokers and trading members under SEBI CSCRF. Covers the Sep 2025 inspection circular timelines, reporting formats, and CERT-In auditor norms.

NSETrading MembersFY 2025-26

Frameworks & Privacy

International frameworks + data protection laws

Industry-standard security frameworks for global enterprises, SaaS providers, healthcare organisations, and data-protection compliance across India and the EU.

PCI DSS v4.0

Penetration testing, segmentation validation, and secure code review aligned to PCI DSS v4.0 requirements for cardholder data environments.

PCI DSS v4.0CDESegmentation

ISO 27001 Certification

Annex A technical compliance assessments, gap analysis, and implementation support for ISO 27001:2022 certification readiness.

ISO 27001:2022ISMSCertification

SOC 2 Compliance

Trust service criteria assessment and evidence collection for SOC 2 Type I and Type II audits — security, availability, and confidentiality.

SOC 2 Type IITrust ServicesSaaS

HIPAA Compliance

Technical safeguard assessments for healthcare organisations handling protected health information — penetration testing aligned to HIPAA requirements.

HIPAAHealthcarePHI

GDPR Compliance

GDPR readiness for Indian companies serving EU customers, signing EU DPAs, or processing EU data subjects. Gap analysis, DPIA, RoPA, DSR, DPO advisory.

GDPREUDPO

DPDP Act Compliance

India's Digital Personal Data Protection Act 2023 readiness — applicability, consent, rights workflow, breach notification, processor due-diligence.

DPDP ActIndiaData Fiduciary

6,700+

Security assessments delivered

700+

Organisations served

Since 2008

CERT-In empanelment

Framework pages · 17+ mandates

Not sure which compliance framework applies?

Run the self-service wizard for your regulator and get back tier classification, obligations, and prioritised gaps in 8–10 questions. Or talk to a compliance specialist directly.

Try the compliance wizard Talk to a Compliance Expert

Compliance assessments that regulators accept.