What CERT-In alignment really means, why RBI/SEBI care, and what to look for when choosing a VAPT partner in India.
What CERT-In empanelment is
CERT-In maintains a list of empanelled IT security auditors who meet defined methodology, staffing and reporting standards.
Empanelment is required for many Indian government and regulated-sector pentests — and increasingly expected by RBI/SEBI auditors.
Why RBI & SEBI care
RBI Master Directions on IT and SEBI's Cyber Security and Cyber Resilience Framework both reference VAPT and CERT-In alignment.
Auditors prefer empanelled (or empanelment-aligned) deliverables for defensibility.
Choosing a partner
Look for: senior in-house consultants, OSCP/CREST credentials, transparent methodology, sample reports, free retests and a clear escalation path.
Beware crowdsourced platforms — Indian regulators expect named, accountable auditors.