ISO Auditors… Don’t Miss this Opportunity to expand your portfolio

ISO auditors have been one of the class of professionals who have been productively engaged in the audit and assessment services. ISO gives many opportunities for certification but one of the major activities has been ISO 27001. Now as the ISO 27001:2019 moves to ISO 27001: 2022, post 1st November, auditors have to gear up for the new framework. A few of these auditors had stepped into ISO 27701 and offering their services for GDPR compliance to Indian companies.

So far, we could tell a company that India does not have a data protection law and therefore go for GDPR compliance and implementation of ISO 27701 which along with ISO 27001 can be certified.

But the scenario has now changed. India has passed DPDPA 2023 which is applicable to collection of personal data in India. It will therefore be foolish to apply GDPR to Indian Personal Data and feel that compliance is achieved.

If so, how can an Indian Data Fiduciary go for compliance? particularly if it intends to get third party certified?

Enter DGPSI the Futuristic framework

Thanks to forward looking organizations like FDPPI, an unique framework for implementation of Compliance by Design, Certifiable third party audit and Maturity assessment is now available for organizations.

The framework is called DGPSI (Digital Governance and Protection Standard of India) and the system built under DGPSI guidance is the DGPMS or Digital Governance and Protection Management System.

So, DGPMS is now the organizational goal pushing aside ISMS and PIMS.

In this scenario, ISO auditors cannot depend on ISO 27001/ISO 27701 audit for their bread and butter. They need to find new avenues to leverage their years of experience.

DGPSI is the biggest disruptor in the IT audit domain. It brings three kinds of professionals namely the Business Managers, the CISOs and the DPOs into one platform and own the implementation.

Audit or implementation s no longer a proposal from CISO or DPO which the CFO or CMO shoots down. It is a proposal in which the CFO and CMO have equal interest along with CISO or DPO or even the CRO or CCO.

DGPSI directly addresses the compliance of DPDPA 2023 with about 35 controls.

At the same time it also picks up the 25 compliance requirements related to Privacy Risks identified by the Bureau of Indian Standards in their draft standard document released at the same time when DPDPA 2023 was passed by the Parliament and 33 controls required for ITA 2000 compliance.

The DGPSI additionally addresses the requirements of 93 controls of ISO 27001 and 49 controls of ISO 27701 which are suggested for application to Personal Data protection.

Thus, a Total of 200 non DPA controls are merged with 35 DPDPA specific controls and addressed through only 50 Model Implementation specification under DGPSI.

It is simpler but effectively includes the essence of the essence. More over the DTS component of assessment provides a maturity assessment of the organization’s compliance status also.

DGPSI is therefore likely to be the only choice of wise Business Managers in the industry.

Before organizations gear up to opt for DGPSI compliance, professionals need to transform themselves from their current expertise to DGPSI expertise and an opportunity is flying past you.

On October 28/29 and November 4 and 5, FDPPI/Naavi is conducting a 12 hour Virtual program to impart the necessary requirements of this DGPSI framework the best practices of the industry.

Visit www.fdppi.in and register yourself today .

Don’t miss the bus… board the C.DPO.DA band wagon today….

Naavi

Posted in Cyber Law | Leave a comment

FDPPI: “Sab Ka sath, Sab Ka Vishwas”

FDPPI has been in the forefront of empowerment of Professionals and Organizations for Personal Data Protection in India.

During the five years since its inception, FDPPI has introduced India specific Certification Program for Data Protection Professionals and today if any person is aspiring to be a DPO or undertake the profession of a Data Auditor, the clear destination is FDPPI.

Similarly if any organization is looking for a framework for compliance of DPDPA and Indian Data Protection Regime, the clear and only choice is DGPSI or Data Governance and Protection Standard of India.

While FDPPI’s C.DPO.DA. Certification program is the preferred choice for professionals over every other certification program on the basis of content and DGPSI based audit and assessment is the only choice for organizations for Certification for DPDPA compliance, FDPPI would like to be an organization that takes along all organizations and professionals with similar objectives to come together as a “Federation of Data Protection Professionals” in India.

FDPPI therefore has introduced a “Cross Certification Program” to recognize the efforts and investments made by professionals in acquiring qualifications like CIPP or CDPSE Certification and provide them an exemption from part of the training of C.DPO.DA. Though these programs only focussed on GDPR and not on DPDPA, considering the general training they have received in Privacy, we would provide them a short cut to completion of C.DPO.DA.

Currently auditors certified as “Lead Auditors” of ISO 27001 or ISO 27701 or PCI DSS, undergo intense training in audit aspects but not necessarily in any law since these audits are purely technical in nature and not Techno Legal in nature. However, considering their exposure to the industry, Accredited ISO lead auditors will be provided an accelerated path to becoming C.DPO.DA. auditor.

This is an attempt to follow the principle of “Sab Ka Sath-Sab Ka Vishwas” .

The accelerated path to C.DPO.DA. works as under.

Currently C.DPO.DA consists of three parts namely Module I, Module G and Module A.

Module I covers DPDPA and ITA 2000 (DIA when available)

Module G covers GDPR, US Data Protection laws, Singapore/DIFC laws

Module A is sub divided into two parts namely the first part consisting of essence of Audit Principles, ISO 27001 and ISO 27701 and second part which consists of DGPSI framework.

In what is proposed, professionals with current active certifications from IAPP and ISACA can directly take up Module A (both Part 1 and part 2 required). The Accredited ISO auditors can directly take Part 2 of Module A.

All professionals need to take the online examination for C.DPO.DA and pass through in one or more attempts. They can opt to take the training if required at any point of time though video streaming.

The Cost of the these accelerated programs from 1st November will be as follows:

Module A: Both Part 1 and Part 2: Rs 24000/- Plus GST of 18%

Module A-Part 2 only: Rs 12000/- plus GST

Examination fee: Rs 10000/- for first attempt and Rs 5000/- for second and subsequent attempts (plus GST)

Next Program for Module A will commence on October 28,29 and November 3/4

Naavi

Posted in Cyber Law | Leave a comment

Digital Society Day 2023 celebrated

Commemorating of October 17 every year as the day on which Indian Digital Society was born since the legal recognition of electronic document was first provided in India through ITA 2000 which was notified on October 17, 2000, has been a practice of Naavi for last two decades.

Last year we had a great virtual event under FDPPI banner. This year we had Manipal Law School (MLS) also join in the activity. I was doubly happy since even KLE Society with which I had conducted many such events in the past also was present on the occasion,.

The event was titled as “Jago Regulators Jago” recognizing that the “Awareness” programs which we are conducting for several years now to say that “Public need to be aware of Cyber Risks”, need to be elevated to an awareness of the regulators.

By regulators in the context of Cyber Crimes, we include Police, the Adjudicators under ITA 2000, the MeitY, MHA and the CERT IN.

The event saw the participation of Dr Triveni Singh along with a battery of professionals from industry, academia. Several advocates also participated in the half day conference held at MLS campus, Yelahanka, Bengaluru and also webcast in real time. Mr Balu Swaminathan, President of Cyber Society of India, Chennai who was associated with Naavi on several Cyber Crime investigations in Chennai was a special guest on the occasion. Dr Gulshan Rai could not join due to urgent alternate commitments.

Some very good suggestions have come forth during the event which will be added to this first report of the event.

The video of the event is available below.

Some of the photographs marking the attention are here

Naavi

Posted in Cyber Law | Leave a comment

If 80% of cyber crimes are from 10 locations….

According to this survey of Future Crime Research Foundation (FCRF), 80 % of Cyber Crimes in India happen through 10 districts such as Bharatpur, Mathura etc., which I call “Dark Villages of India”.

Over 77.41 % of the frauds are reported to be online financial frauds where money is siphoned off from innocent victims into residents of these dark villages.

This money lost in the cyber crimes is of the order of Rs 2,50,000 crores. This means that criminals in Bharatpur must be making around Rs 50000/- crores per year through Cyber Crimes and Banks in Bharatpur must be laundering money to that extent.

While these statistics raise the alarm, we also need to think. if 60% of Cyber Crimes in India happen in five places namely Bharatpur, Mathura, Nuh, Deogarh and Jamtara, can we not consider these as “Crime Districts”, take over these towns under Central Emergency Rule , deploy Special Police force, close down the operations of erring Banks and Mobile service providers in the area so that Rs 125000/- crores worth of Cyber Crimes can be brought under control?

Letting small police stations and a few constables to handle cyber crimes of this magnitude shows gross mis-management of the crime situation by the respective states and intervention of the Center is required. In a recent incident Police were chased away by villagers and criminals who had been taken into custody have been freed forcefully.

When Rs 125,000 crores per annum is supporting this Cyber Crime mafia, it is natural that it would have its influence on the Police and also the politics of the region. Unless some special efforts are taken, this menace will not come down. On the other hand this will increase and these criminals will become political leaders and start controlling the MHA in due course.

The time is to act now…..

In the past “Declaration of Emergency” has been only to protect the political regime. Border areas have seen special forces act being imposed because of threat of terrorism.

What we are seeing in these 10 districts is also “Terrorism”. It is not only Financial terrorism but includes drug trade and arms trade.

If people are today afraid of online transactions, it means that Section 66F offence is being committed by these criminals because they are “striking terror” in a section of people.

Hence there is a need to declare financial emergency in these districts and rush central forces, take over the district administration, kill the support system of money laundering in the form of local Banks and mobile operators.

Shall we expect Mr Amit Shah, the Home Minister to react?

Let us discuss these issues in today’s hybrid webinar-seminar conducted by FDPPI and Manipal Law School.

The webinar is between 2.00 pm to 5.30 pm and stalwarts like the Cyber Singham, Dr Triveni Singh and Cyber Security Veteran Dr Gulshan Rai are set to share their views along with academicians, advocates, Cyber Crime Prevention activists, Technology experts etc.

Join without fail and celebrate the Digital Society Day as Naavi.org remembers the 23rd anniversary of the notification of ITA 2000.

Naavi

Also Refer: Deepak Maheshwari’s article on the 420.in

Posted in Cyber Law | Leave a comment

October 17 2023: Invitation to Participate

On the 23rd Anniversary of the notification of ITA 2000 which ushered in an era of legally recognized Digital Society, Naavi.org, FDPPI, Manipal Law School are organizing a round table discussion on the theme “Jago Regulators Jago”.

Event will he held physically at Manipal Law School Campus in Yelahanka between 2.00 pm and 5.00 pm and will be available on Virtual Platform.

Prominent Speakers such as Dr Triveni, Dr Anantha Prabhu, Dr Sanjay Sahay along with industry and academia are participating in the discussions.

Those of you who want to participate either physically or virtually, may kindly register at https://forms.gle/89p5MTpQQ35bxsJC7 or write to fdppi4privacy

In the recent days India is seeing an alarming trend where like “Dark Web” we have “Dark Villages” like Bharatpur, Jamtara, Nuh etc developing in pockets of India where the entire community has been criminalized and Cyber Crime along with Drug Trading, Terrorism etc are taking firm root. Law and Order in these places are yielding to the criminals.

In this context we would like to awaken the Regulators to initiate immediate actions to control these Cribe Crime hubs and long term plans to prevent such developments.

We believe that Cyber Crimes cannot be controlled only by creating awareness amongst the public so that we can keep blaming the victims for their ignorance. Today’s technology is inherently deceptive and enable Criminals to use deep fakes and AI aided phishing which cannot be identified by ordinary citizens whom I call as Netizens and Mr Modi call as Digital Nagariks.

We have a commitment to therefore demand that the MeitY, MHA, the Adjudicators, the RBI, CERT In etc all contribute to the control of Cyber Crimes by making fundamental changes in the Cyber Crime management in the country.

Some of the strategies that need to be considered are

  1. Creation of a National Cadre of Cyber Crime Police having nationwide jurisdiction so that criminals cannot sit in one State and attack the victims in other states with the shield of Jurisdictional hurdles.
  2. Create “Absolute Liability” for intermediaries like Banks for frauds forcing them to have impeccable security and complete coverage through insurance so that Bank Customers pushed to digital banking are not made scapegoats for new technology
  3. Completely ban the use of Crypto Currencies like Bitcoin so that criminals donot have their currency of cyber crime and terrorism
  4. Educate and Equip Adjudicators under ITA 2000 to quickly provide summary judgements and relief to the victims
  5. Ensure CERT In does not ignore reported Cyber Crimes and its duty to pull up negligent Intermediaries
  6. Ensure RBI cancels licenses of Banks in the Crime hubs openly indulging in money laundering
  7. Ensure that CRPF is deployed in such places where Cyber Criminals in collusion with the community elements challenge the local police.

Join the discussion and let us have your views.

Naavi

Posted in Cyber Law | Leave a comment

Posted in Cyber Law | Leave a comment