00917397380066 project@truinfosys.com


The National Association of Software and Services Companies (NASSCOM) is a not-for-profit Indian consortium created to promote the development of the country’s IT (information technology) and business process outsourcing (BPO) industries.

NASSCOM initiatives include:

the Domestic Market Initiative, created to integrate the IT and non-IT sectors and to plan for continued IT industry growth.
the Innovation Initiative, created to foster and an environment that meets the specific needs of Indian businesses of all sizes.

The Education Initiative, created to provide additional training and skill enhancement to improve graduate employability. This initiative also interfaces between industry, academia and government.

The Women in Leadership-IT Initiative, created to increase the number of women entering the IT-BPO industry and enhance the career prospects for those women in the industry.

The Security Initiative, created to promote information security and compliance through public education and creation of a security-aware environment.


The California Consumer Privacy Act (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law. This landmark law secures new privacy rights for California consumers, including:

The right to know about the personal information a business collects about them and how it is used and shared;The right to delete personal information collected from them (with some exceptions);

The right to opt-out of the sale of their personal information; and
The right to non-discrimination for exercising their CCPA rights.

Businesses are required to give consumers certain notices explaining their privacy practices. The CCPA applies to many businesses, including data brokers.

If you are a California resident, you may ask businesses to disclose what personal information they have about you and what they do with that information, to delete your personal information and not to sell your personal information. You also have the right to be notified, before or at the point businesses collect your personal information, of the types of personal information they are collecting and what they may do with that information. Generally, businesses cannot discriminate against you for exercising your rights under the CCPA. Businesses cannot make you waive these rights, and any contract provision that says you waive these rights is unenforceable.


LGPD stands for “Lei Geral de Proteção de Dados” and is translated as the “General Law on the Protection of Personal Data.” It is a Brazilian data protection law that governs the way people and organizations handle personal information in Brazil.

To confirm that their personal data is being processed.
To access their personal data.
To correct incomplete, incorrect or out-of-date personal data.
To anonymise, block, or delete any unnecessary, excessive, or non-compliant personal data.
To request that a data controller moves their personal data to another service or product provider.
To delete their personal data.
To be given information about how their personal data has been shared.
To be given information about their rights to not give consent to process their personal data.
To withdraw consent to process their personal data.


The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. The GDPR is an important component of EU privacy law and of human rights law.

GDPR is an EU law with mandatory rules for how organizations and companies must use personal data in an integrity friendly way. Personal data means any information which, directly or indirectly, could identify a living person. Name, phone number, and address are schoolbook examples of personal data.

It also addresses the transfer of personal data outside the EU and European economic areas. The GDPR’s primary aim is to enhance individuals’ control and rights over their personal data and to simplify the regulatory environment for international business


Indian Computer Emergency Response Team, is a government-approved organization for upholding information technology (IT) security. It was initiated in 2004 by the Department of Information Technology for implementing the provisions of the 2008 Information Technology Amendment Act.

CERT-IN is majorly responsible for:

Responding to incidents of computer security

Collecting, analyzing, and distributing information on cybersecurity attacks and vulnerabilities

Putting in place emergency responses for handling cybersecurity attacks
Preparing forecasts and alerts for any security problems observed

Heading cyber incident response activities and their coordination

Issuing notices, guidelines on dealing with attacks, advisories, or whitepapers. This could be in the fields of information security, prevention of attacks, responses, and reporting practices

Vulnerability reporting and management
Ensuring holistic and efficient IT security policies throughout India.

CERT-IN certification is a certificate provided by a CERT Empanelled Security Auditor after conducting a detailed security audit. Such an audit will necessarily include all components of the organization’s network – websites, systems, applications, etc. The entire process will be conducted according to the rules and regulations under specific guidelines for CERT-IN tests in IT security audits. After completion of the testing procedure, the certificate is provided to show that all requirements were met.

CERT-IN guidelines

Components of the audit – with characteristics
Expectations of the company getting audited
General rules of the process
Snapshot – includes information of the process and details on technical manpower
Details of the third-party hosting service provider
Define the relationship between the auditor and the auditee
Disclaimers (if applicable)

Technical testing for internal vulnerabilities – This specific kind of vulnerability assessment works best on your networks, devices, and servers. They will correctly recognize the loopholes within the IT infrastructure for further remediation.
Auditing for penetration testing – The auditor must include penetration testing of web applications, networks of the company, government, and other stakeholders, etc. It is best to include the networks and servers of organizations that undergo Information Security audits annually.
Boosting client credibility – Obtaining CERT-IN certification from reputed security auditors allows them to remain on top. Routinely identifying possible security risks and rectifying them increases customer and partner trust.