Category: Compliances & Certifications

How to Prepare for India’s New DPDP Rules and Safeguard Your Organization

The phased rollout of India’s Digital Personal Data Protection (DPDP) Rules officially began on November 14, 2025, marking the full operationalization of the DPDP Act, 2023. While organizations have an eighteen-month window for phased compliance, the complexity of managing digital identities means you must act now to avoid penalties that go as high as 250 crore.

Here is your technical roadmap for operationalizing the new mandates:

  1. Implement Notice and Itemized Consent (Rule 3)
    Generic “I agree” buttons to ask for consent are no longer enough. Rule 3 of DPDP states that you must provide a notice in clear and plain language that includes an itemized description of the data being collected and the specified purpose for which it will be used.
  2. Obtain Verifiable Consent (Rules 10 & 11)
    If you process data from children (under 18) or persons with disabilities, you must adopt technical measures to obtain verifiable consent from a parent or legal guardian. This involves performing due diligence to ensure the person providing consent is an identifiable adult.

  3. Enforce “Reasonable Security Safeguards” (Rule 6)
    Rule 6 defines exactly what “reasonable security safeguards” look like, requiring you to protect personal data – including data handled by third-party processors – through:

    • Data Security: Implementing encryption, obfuscation, masking, or virtual tokens to shield sensitive assets.
    • Access Controls: Managing exactly who can enter computer resources and maintaining visibility through appropriate logs and monitoring to detect unauthorized entry.
  4. Mandate One-Year Log Retention (Rules 6(e) & 8(3))
    Accountability is now backed by a strict storage requirement. Even if a user deletes their account, your organization must retain logs and personal data for a minimum period of one year from the date of processing to enable the investigation of potential breaches.
  5. Automate the Right to Be Forgotten (Rule 8)
    Under the principle of “storage limitation,” you must erase personal data once its specified purpose is served. You must notify the user at least 48 hours before the erasure, giving them a final chance to exercise their rights. For many large entities, data must be cleared three years after the user’s last contact.

  6. Meet Higher Obligations for Significant Data Fiduciaries (Rules 13 and 15)
    If your organization handles massive volumes of data and is classified as an SDF (significant data fiduciaries), you must:

    • Perform a data protection impact assessment (DPIA) and a formal audit every 12 months.
    • Ensure that specified personal data and traffic data are not transferred outside India if restricted by the government.
  7. Grievance Redressal and Data Principal Rights (Rule 14)
    Rule 14(3) requires you to prominently publish a grievance redressal system that responds to user concerns within a period not exceeding 90 days. Additionally, users now have the right to nominate individuals to exercise their rights in case of death or incapacity, requiring identity systems to be flexible enough to manage these transitions.

How Akku Can Help

As a full-stack Identity and Access Management (IAM) platform, we:

  1. Enforce zero-trust: Implement least privilege and just-in-time (JIT) privileges to minimize your attack surface.
  2. Automate lifecycle governance: Use our identity governance (IGA) module to automate “one-click” deprovisioning. This ensures that when a user leaves, all access is comprehensively revoked.
  3. Simplify consent management: Manage itemized and verifiable consent for all user groups, including children, through our Customer Identity (CIAM) solution.
  4. Maintain audit readiness: Our smart analytics provide the mandatory tamper-evident logs for one-year retention, ensuring you are always ready for an investigation or audit.
  5. Centralize device security and endpoint control: Beyond identities, Akku enforces consistent security policies across all endpoints via our GPO and mobile device management (MDM) modules. This allows you to block unauthorized peripherals like USBs, enforce work profile isolation on mobile devices, and prevent unauthorized data exfiltration across Windows, macOS, and Linux.

Talk to us today to find out how Akku can help your organization achieve full DPDP compliance.

ISO 27001 Implementation Guide 2025: How Akku Supports Your Compliance Journey

ISO 27001 certification is quickly becoming a baseline requirement for any organization that handles sensitive data. But implementing ISO 27001 and staying compliant is no small feat. With over 190 clauses and controls, most of which are technical and complex, the process can feel overwhelming.

That’s where Akku comes in. Akku is a cybersecurity platform that helps automate and enforce key ISO 27001 controls, especially ones related to access management, monitoring, and user behavior. While Akku is not a Governance, Risk, Compliance (GRC) platform, it plays an important role in helping organizations move forward on the path to certification.

What is ISO 27001, and Why is it Important?

ISO 27001 is the international gold standard for information security management. It provides a structured approach to managing sensitive data by defining an Information Security Management System (ISMS) and applying a list of carefully designed controls.

If you’re wondering what ISO 27001 is, think of it as a framework that helps you protect your company’s data, systems, and infrastructure against both internal and external threats. This includes risks like cyberattacks, human error, insider threats, and more.

So, why is ISO 27001 certification important?

  • It proves to your clients and stakeholders that you take data protection seriously. 
  • It helps you comply with legal and regulatory requirements. 
  • It boosts your credibility and competitive edge in sectors like IT, finance, healthcare, and manufacturing. 
  • It prepares your organization to respond effectively to incidents and reduce downtime. 

ISO 27001 Implementation: A Practical Step-by-Step Guide

Successfully implementing ISO 27001 involves more than ticking off items in a checklist. You need to integrate security into your day-to-day operations and ensure your systems can prove compliance consistently.

Here’s a simplified step-by-step ISO 27001 implementation guide:

  1. Define the ISMS scope
    Identify what parts of your organization the ISO 27001 controls will apply to—people, systems, processes, and data. 
  2. Conduct a risk assessment
    Understand what threats your business faces, how likely they are to occur, and what impact they would have. 
  3. Identify applicable controls
    Select the right ISO controls from the ISO 27001 controls list that are relevant to your environment. 
  4. Create and implement policies
    Define clear information security policies and procedures, and ensure they’re followed. 
  5. Implement technical controls
    Technical controls for ISO 27001 certification include access management, monitoring, MFA, secure tunneling, and logging – tools like Akku help automate these controls. 
  6. Train your team
    Everyone should understand their roles in keeping data secure. 
  7. Monitor and audit
    Conduct internal audits and fix gaps before inviting a certification body. 
  8. Apply for certification
    Engage a third-party certifier who will assess your ISMS and issue the ISO 27001 certificate. 

ISO 27001 Checklist and Compliance Tools

A good ISO 27001 checklist includes:

  • Information security policy 
  • Access control mechanisms 
  • Risk treatment plans 
  • Evidence of user training 
  • Session and audit logs 
  • MFA policies 
  • Incident response plans 
  • Backup and recovery protocols 

Akku simplifies your ISO 27001 compliance checklist by automating access control, user provisioning, authentication policies, audit trails, and session monitoring—core components of ISO 27001 compliance.

Benefits and Advantages of ISO 27001 for Your Organization

The benefits of ISO 27001 certification go beyond regulatory checkboxes. Here’s why many organizations invest in it:

  • Improved data security
    ISO 27001 ensures that your business protects its critical data from leaks, breaches, and cyberattacks. 
  • Increased stakeholder trust
    Being ISO 27001 certified shows clients and partners that your security practices meet international standards. 
  • Better process control
    You build structured, repeatable processes that reduce errors and improve accountability. 
  • Regulatory compliance
    ISO 27001 helps you meet legal and contractual requirements related to data security. 
  • Market advantage
    More companies now demand ISO 27001 certification from their vendors, making it a business enabler. 

ISO 27001 Certification in India: What You Should Know

Many organizations in India, especially in tech-forward cities like Chennai, are working toward ISO 27001 certification. But getting certified is not just about paperwork.

The ISO/IEC 27001:2022 version includes 199 clauses and controls. Of these, 97 must be implemented manually. The remaining 102 can be partially or fully automated, but even those can be technically complex.

If you’re researching ISO 27001 certification cost in India, consider both direct and indirect expenses:

  • Consultation and documentation 
  • Security tools and technologies 
  • Internal manpower and training 
  • Audit preparation and certification body fees 

Akku helps reduce these costs by automating many of the controls listed in the ISO 27001 controls list. You won’t get certified just by using Akku, but it helps you satisfy more of the required clauses faster and more accurately.

So if you’re looking for ISO 27001 certification in Chennai or anywhere else in India, Akku helps shorten your path to readiness.

Why Choose Akku for ISO 27001 Implementation Support

Akku helps you check off some of the most technically demanding items in the ISO 27001 compliance checklist.

Here’s how:

Access Controls and User Management

  • Enforce role-based access (RBAC) 
  • Track privileged users 
  • Apply multi-factor authentication (MFA) and adaptive MFA 
  • Automate user provisioning and de-provisioning tied to HR changes 

Policy Enforcement

  • Centralized policy management 
  • Map security objectives to operational controls 
  • Align policies across on-prem, cloud, and hybrid systems 

Monitoring and Logs

  • Track user activity with detailed audit trails 
  • Detect anomalies and potential threats 
  • Continuously assess your security posture 
  • Generate reports that match ISO 27001 compliance formats 

Akku fully addresses 30 ISO 27001 controls and partially addresses 34 more. The other controls either require manual input or other non-cybersecurity tools, but Akku integrates easily with these platforms as well.

If you’re looking for a practical solution to reduce the burden of compliance, Akku offers real value.

 

So, FInally: 

ISO 27001 certification isn’t easy, but it’s worth it. It helps you protect your data, build trust, and open new business opportunities. With Akku, you get help where it’s needed most, automating some of the most challenging requirements and making your cybersecurity efforts measurable.

Want to know more about how Akku supports ISO 27001 certification? Ask us for a detailed walkthrough of the specific clauses Akku helps you address. Let’s simplify your compliance journey, one control at a time.