Why Auditors have to be ready before the DPDPA Compliance come into existence

It is heartening to note that CERT IN has recognized the need for its Empanelled Auditors to be ready to Audit the DPDPA Compliance in other Companies. As a part of this recognition, CERT In empanelment division recently issued a circular note to all its empanelled auditors recommending certain Certification Programs.

FDPPI is happy to note that CERT IN has included the training program which FDPPI has organized in Bengaluru on September 27, 28 and 29 as one of the recommended courses, stating

It goes without saying that the empanelled auditor firms themselves need to be first compliant with DPDPA before auditing others.

Quote:

Dear Empanelled Auditing Organizations,

As you are aware, CERT-In empaneled auditing organizations play critical role in assessing and hence securing cyber infrastructure of entities operating in Indian cyber constituency. It is imperative for auditing organizations to continuously build capacity through regular training programs and certifications. CERT-In is in discussion with various institutions and forums to prepare audit focused courses/programs in various domains for both technical and senior executives.

As you may also be aware that, Digital Personal Data Protection (DPDP) Act is in place and CERT-In empaneled auditing organizations will also come across privacy and data protection audits. Hence, it is recommended to train management and staff on appropriate data protection and privacy programs. 

Currently following 4 programs have been evaluated by CERT-In and are expected to benefit the auditors engaged with empanelled auditing organizations:

“Unquote”

The recommended programs relevant to CERT In auditors included the following

We are honoured with this recommendation and will do our best to ensure that the confidence reposed in us by CERT In would be adequately justified through our unwavering commitment to excellence and responsibility.

To give an idea of how FDPPI’s program is unique and is different from others is that it would exclusively cover

  1. Audit of Data Fiduciaries
  2. Audit of Significant Data Fiduciaries
  3. Audit of Consent Managers
  4. Audit for Insurability
  5. Assessment of DTS
  6. DPIA and Data Breach audits
  7. Audit of Media and Gaming Companies

These requirements will be covered along with DPDPA 2023 as a law, the implementation challenges in terms of technology tooling. Solutions in the form of current frameworks including ISO 27001/27701, CSF of CERT In/RBI and a detailed discussion on DGPSI will also be covered.

It is needless to say that the program would be unique and those who miss the opportunity would miss an early bus to the coveted Data Auditor community.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.