Platform
Solutions
Partners
Why NMT
Resources
Contact Us
Guides

Security & compliance, explained

Plain-language guides to the frameworks and concepts that matter, from India's RBI, SEBI, and DPDP rules to the fundamentals of modern cyber risk.

India Compliance

RBI Cybersecurity Framework: a practical compliance guide

What the Reserve Bank of India expects from banks, NBFCs, and regulated entities, and how to get audit-ready without slowing the business down.

Read the guide

SEBI CSCRF: the compliance guide for regulated entities

SEBI's Cybersecurity and Cyber Resilience Framework consolidates years of circulars into one graded standard. Here is what it means for your firm.

Read the guide

DPDP Act 2023: compliance guide and checklist

India's Digital Personal Data Protection Act changes how every organisation handles personal data. Here is what you must do.

Read the guide

Frameworks & Standards

What is ISO 27001? A certification guide

ISO 27001 is the international standard for managing information security. Here is what it involves and how to get certified without a year of manual work.

Read the guide

What is SOC 2?

SOC 2 is the report enterprise buyers ask SaaS vendors for. Here is what it covers, the Type I versus Type II difference, and how to get there.

Read the guide

What is the NIST Cybersecurity Framework?

The NIST CSF is the most widely used way to organise a security programme. Here is what it is and how CSF 2.0 changed it.

Read the guide

What is PCI DSS?

If your business touches card data, PCI DSS applies. Here is what the standard requires and how to reduce the effort.

Read the guide

What is ISO 42001?

ISO/IEC 42001 is the first international standard for governing AI. If your organisation builds or uses AI, it is the framework to know.

Read the guide

What is DORA?

The EU's Digital Operational Resilience Act sets binding cyber and resilience rules for financial entities and their ICT providers.

Read the guide

What is NIS2?

The EU's NIS2 Directive widens who must meet baseline cybersecurity obligations, and raises the stakes for getting them wrong.

Read the guide

Privacy & Data Protection

What is HIPAA compliance?

HIPAA governs how US healthcare data is protected. Here is what it requires of covered entities and their vendors.

Read the guide

What is GDPR compliance?

The EU's privacy law reaches far beyond Europe. Here is what it requires and who it applies to.

Read the guide

What is CCPA compliance?

California's privacy law, strengthened by the CPRA, sets rules for handling consumer data. Here is what it requires.

Read the guide

Fundamentals

What is External Attack Surface Management (EASM)?

Your attack surface is everything an attacker can reach from the internet. EASM is how you see and shrink it, continuously.

Read the guide

What is Third-Party Risk Management (TPRM)?

Your vendors are part of your attack surface. TPRM is how you manage the risk they carry into your business.

Read the guide

What is Cyber Risk Quantification (CRQ)?

Boards do not act on red, amber, green. CRQ translates cyber risk into terms they can prioritize and fund.

Read the guide

What is AI Governance?

Your teams are already using AI. Governance is how you keep that safe, compliant, and defensible without blocking it.

Read the guide

What is VAPT?

Vulnerability Assessment and Penetration Testing are two different things often bought together. Here is what each does and when you need them.

Read the guide

What is a risk register?

A risk register is the backbone of a security programme, and every framework expects one. Here is how to make it useful, not shelfware.

Read the guide

What is vulnerability management?

Finding vulnerabilities is easy; managing them down is the hard part. Here is how a real programme works.

Read the guide