Adhere to India’s Information Technology Act 2008

Take proactive steps to identify and address the gaps in the posture against the recommended guidelines in the IT Act 2008 (amendment) with SharkStriker’s compliance-centric cybersecurity experts.

SPEAK WITH AN EXPERT
OVERVIEW

Understanding the
IT Amendment Act 2008

The Information Technology Act was introduced in 2000 to bolster the IT industry, establish e-governance, regulate the e-commerce industry, and prevent cybercrime. 
 
The Act is administered by the Computer Emergency Response Team and the Indian Penal Code. With the amendment in 2008, the Act has included a range of guidelines for cybersecurity, including the definition of cybercrime –phishing, ransomware attacks, etc.  

It has specific provisions for safeguarding personal data and requires organizations to obtain consent before the collection, use, and disclosure of personal data. It defines the roles and responsibilities of network service providers and mandates NSPs to prevent transmission of harmful/offensive content across networks.  

The Act has established laws for the protection, collection, and transfer/handling of sensitive personal data, including payment information. It requires organizations to adhere to the security guidelines in global frameworks like ISO27001.   

COVERAGE

What does the IT Act (Amendment) cover?

Some of the primary aspects covered by the IT Act 2008 include: 

  • Strengthening of cybersecurity hygiene measures. 
  • Laws against cybercrime, including phishing, ransomware attacks, and data breach.
  • Laws against cyber terrorism, hacktivism, etc.
  • A legal framework for digital signatures 
  • Ensuring the security of how electronic records are intercepted, monitored, and decrypted. 
APPLICABILITY

To whom does it apply

The Act applies to all the entities doing business in India, the ones registered in the country, and every entity that has a physical presence in the country while operating digitally. It includes outsourced service-based businesses and those that maintain servers within the borders of the country. The regulation/Act also covers all the electronic documents and exchanges that happen in the country.   

NON-COMPLIANCE RISKS

Consequences of non-compliance

A violation of the Information Technology Act 2008 can mean a penalty or imprisonment. Penalties range from $1200 (₹1 lac) to $6300 (INR ₹5 lac).

For a violation of the IT Act 2000, there could be imprisonment of up to 3 years.

For a serious offense, up to 7 years, and for acts like cyberterrorism, 10 years. 

BENEFITS

Why SharkStriker?

  • Bridges the widening skills gap (growing by 12.6% YoY basis (ISC2, 2023) with a dedicated team of compliance and cybersecurity experts. 
  • Automates compliance with STRIEGO with automated CIS-based assessments, Smart Reports, and vulnerability management. 
  • Helps bridge cybersecurity and compliance awareness gaps across different departments. 

  • Soves the challenge of managing multiple vendors by offering single-stop cybersecurity and compliance expertise
  • Offers holistic compliance-centric security services that address gaps in both cybersecurity and compliance
  • Assists businesses to adhere to regional and global standards like ISO27001, GDPR, PCI-DSS, RBI cybersecurity framework, and National Cybersecurity Policy 2013

  • SharkStriker helps organizations identify and address security and compliance gaps in their security posture helping them proactively save costs from incidents and non-compliance
  • Empowers businesses with extensive visibility of vulnerabilities across the posture with STRIEGO, helping them to preemptively address them, saving from the costs of a serious cyber attack
  • Saves organizations from paying millions due to compliance

  • Provides the blend of expertise that businesses need to keep up with the changing security guidelines by regional and global regulatory bodies
  • Assists in proactively treating security and compliance risks across the posture from time to time
  • Offers a unique feature to businesses to automate and customize reports as per specific changes in compliance requirements

APPROACH

SharkStriker Approach 

Risk Assessment

After preparing a detailed scope, we assess the posture with Vulnerability Assessment and Penetration Testing that uses real-world techniques to identify all the risks across the posture. Once done, we prepare a detailed report of all the risks identified along with information on the risks.

We engage in a comprehensive assessment of the posture against the recommended compliance guidelines to identify gaps.

Gap Assessment

Risk Treatment Plan

We prepare a detailed plan for the treatment of security and compliance risks across the posture. It specifies the people processes and technology to be implemented to treat all the risks. 

We implement the risk treatment plan with the planned expertise and technology  to treat all the compliance and cybersecurity risks across the posture.

Implementation

Post Implementation Audit 

To ensure that there are no gaps in implementation, we assess the implementation and look for any thing that is left out of implementation as per the risk treatment plan. We address all the gaps identified during post-implementation audit.  

Awareness is one of the crucial aspects in cybersecurity and compliance. We identify awareness gaps across the organization and prepare training programs to bridge those gaps.

Training & Awareness

Get security and compliance expertise to improve your compliance with the IT Amendment Act

SPEAK WITH OUR TEAM