Delphi Cloud

Information Technology Act, 2000 Compliance

India's Primary Legislation for Data Protection and Cybersecurity

Overview of the IT Act 2000

The Information Technology Act, 2000 (IT Act) serves as India's principal legislation governing electronic commerce, digital signatures, cybersecurity, and data protection. Amended in 2008 to strengthen provisions related to data protection and cybersecurity, the Act establishes legal framework for electronic transactions and imposes obligations on organizations handling sensitive personal information.

Delphi Cloud's Compliance Framework

Delphi Cloud maintains comprehensive compliance with the IT Act 2000 and its amendments, implementing technical, operational, and organizational measures to protect customer data and ensure legal compliance across all our services.

Key Compliance Areas

Section 43A: Reasonable Security Practices

Section 43A mandates that body corporates possessing, dealing with, or handling sensitive personal data must implement and maintain reasonable security practices and procedures. Delphi Cloud complies through:

  • ISO 27001 certified information security management system
  • Implementation of comprehensive security practices as defined in IT Act Rule 8
  • Regular security audits and vulnerability assessments
  • Documented security policies and procedures
  • Employee training on data protection and security

Section 72A: Disclosure of Personal Information

This section criminalizes unauthorized disclosure of personal information obtained during service provision. Our compliance includes:

  • Strict access controls and need-to-know principle enforcement
  • Comprehensive audit trails for all data access
  • Confidentiality agreements with all employees and contractors
  • Data minimization and purpose limitation principles
  • Clear contractual commitments on data confidentiality

Section 66: Computer-Related Offences

Delphi Cloud implements robust controls to prevent computer-related offences including:

  • Multi-factor authentication and strong access controls
  • Intrusion detection and prevention systems
  • Regular security monitoring and incident response
  • Network segmentation and least privilege access

CERT-In Compliance

As mandated under Section 70B of the IT Act, Delphi Cloud maintains full compliance with Computer Emergency Response Team - India (CERT-In) directives, including:

  • Incident Reporting: Timely reporting of cybersecurity incidents as per CERT-In guidelines (within 6 hours of awareness)
  • Log Retention: Maintenance of comprehensive logs for specified periods as mandated by CERT-In directions
  • KYC Requirements: Implementation of Know Your Customer procedures for service provisioning
  • Security Advisories: Regular monitoring and implementation of CERT-In security advisories and vulnerability alerts

Data Protection Measures

In accordance with IT Act Rule 8 and the Reasonable Security Practices Rules, Delphi Cloud implements:

  • Encryption of sensitive personal data at rest and in transit
  • Secure data backup and disaster recovery procedures
  • Access controls based on role-based access control (RBAC)
  • Regular security testing including penetration testing and vulnerability assessments
  • Security incident response and management procedures
  • Business continuity and disaster recovery plans

Digital Personal Data Protection Act 2023 Readiness

Anticipating the implementation of the Digital Personal Data Protection Act 2023, Delphi Cloud has proactively enhanced our compliance framework to align with the new legislation, including:

  • Enhanced data subject rights management capabilities
  • Consent management frameworks
  • Data localization infrastructure
  • Cross-border data transfer safeguards
  • Data breach notification procedures

Audit & Certification

Our IT Act compliance is verified through:

  • Annual IS audits conducted by CERT-In empanelled auditors
  • ISO 27001:2013 certification for information security management
  • Regular internal security assessments
  • Third-party penetration testing and security reviews

Customer Responsibilities

While Delphi Cloud provides a compliant platform, customers must also ensure their use of our services complies with applicable provisions of the IT Act, particularly regarding:

  • Obtaining appropriate consents for data collection and processing
  • Implementing their own security measures as required
  • Reporting security incidents as mandated
  • Maintaining appropriate documentation and policies

Learn More

For detailed information about our IT Act compliance measures, audit reports, or to discuss your specific compliance requirements, please contact our compliance team or visit our security and compliance page.