CERT-In's six-hour reporting clock.
The Indian Computer Emergency Response Team's 2022 direction requires cyber-incident notification within six hours of detection. That's one of the strictest windows in the world — and it's only operationally achievable when your platform surfaces incident events in real time. Vihaya does.
CERT-In FAQ
What does CERT-In's direction require?
The April 2022 CERT-In direction requires organisations processing data in India to report specified cyber incidents — unauthorised access, data breach, ransomware, identity theft, DDoS, supply-chain compromise, and others — within six hours of becoming aware of them.
Why six hours, and is it realistic?
Six hours is one of the shortest notification windows globally. It's only realistic if incident-detection events are already structured and routed — which is exactly what Vihaya's audit primitive provides. Without it, the six-hour clock starts at human investigation, not at machine detection.
Who has to comply?
Service providers, intermediaries, data centres, body corporates, and government organisations. In practice, anyone running a significant IT operation in India.
How does Vihaya help?
Detected incident events surface from the agent runtime and the audit log into the customer's CERT-In reporting workflow with the metadata the form requires. The six-hour clock starts at detection, not at quarterly review.
Want to see this in your environment?
30-minute discovery call. Draft SOW within 5 business days.
Talk to us about a pilot →