Delphi Cloud
Contact Us

Information Technology Act, 2000 Compliance

Upholding Legal Standards for Digital Data Protection in India

The Information Technology Act, 2000 (IT Act) is the primary law in India dealing with cybercrime and electronic commerce. Delphi Cloud is fully compliant with the provisions of the IT Act and its subsequent amendments, providing a legally secure environment for businesses to operate. We recognize our role as a "Body Corporate" under the Act and maintain sensitive personal data or information (SPDI) with the highest degree of care.

Key Data Protection Provisions

Section 43A: Reasonable Security Practices

Section 43A mandates that body corporates possessing sensitive personal data must implement "reasonable security practices and procedures." Delphi Cloud demonstrates compliance through:

  • ISO/IEC 27001 Certification: We align our Information Security Management System (ISMS) with international standards, which is explicitly recognized as a "reasonable security practice" under the IT Rules, 2011.
  • Comprehensive Security Policy: A documented information security policy that covers physical, technical, and administrative controls.
  • Regular Audits: Independent third-party audits to verify the effectiveness of our security controls.

Section 72A: Privacy & Confidentiality

This section penalizes the disclosure of information without the consent of the person concerned or in breach of a lawful contract. Delphi Cloud enforces strict access controls and confidentiality agreements with all employees and contractors. We process customer data solely based on customer instructions and service agreements, ensuring no unauthorized disclosure occurs.

CERT-In Compliance

The Indian Computer Emergency Response Team (CERT-In) issues directions for cyber security. Delphi Cloud adheres to the CERT-In Directions, 2022, ensuring we meet our obligations as a service provider:

  • Incident Reporting: We have established protocols to report cyber security incidents to CERT-In within the mandated 6-hour window.
  • Log Retention: We enable and encourage customers to retain ICT logs for a rolling period of 180 days within the Indian jurisdiction, facilitating forensic analysis if required.
  • NTP Synchronization: Our systems are synchronized with NTP servers of National Informatics Centre (NIC) or National Physical Laboratory (NPL) to ensure accurate time-stamping of events.

Readiness for DPDP Act 2023

With the enactment of the Digital Personal Data Protection (DPDP) Act, 2023, India's data privacy landscape is evolving. Delphi Cloud is actively preparing to support our customers (Data Fiduciaries) as a Data Processor:

  • Technical Safeguards: Enhanced encryption and access controls to prevent personal data breaches.
  • Data Principal Rights: Tools to help customers fulfill requests for data access, correction, and erasure.
  • Processing Contracts: Updated Data Processing Addendums (DPAs) to reflect the new statutory obligations and liabilities.

Shared Responsibility

Compliance with the IT Act is a shared responsibility. While Delphi Cloud secures the "Security of the Cloud" (infrastructure, compute, storage), customers are responsible for "Security in the Cloud" (data classification, application security, identity management). We provide the tools and guides necessary for customers to build IT Act-compliant applications on our platform.