CERT-In Compliance

CERT-In point of contact and cybersecurity incident reporting policy

CERT-In Compliance Policy

This document outlines Buildwealth Technologies’ compliance with CERT-In (Indian Computer Emergency Response Team) requirements for cybersecurity incident reporting.

Organization Details

  • Company Name: BUILDWEALTH TECHNOLOGIES PRIVATE LIMITED
  • CIN: U74900KA2015PTC082357
  • Business: Financial services platform (Mutual funds, broking, insurance)
  • Website: wealthy.in

Designated CERT-In Contacts

Primary Contact

  • Site Reliability Engineer (SRE)
  • Responsibility: CERT-In incident reporting and communications

Secondary Contacts (Escalation)

  • Chief Technology Officer (CTO) - Technical escalation
  • Broking Head - Business impact assessment

Official Security Contact

  • Email: security@wealthy.in
  • All CERT-In related communications are handled through this actively monitored email

Incident Reporting Process

Timeline

All reportable cybersecurity incidents must be reported to CERT-In within 6 hours of detection.

Reportable Incidents

  • Data breaches and unauthorized access
  • Malware/ransomware attacks
  • Website/application defacement
  • DDoS attacks
  • Phishing attacks targeting platform/users
  • Identity theft
  • Critical system compromises

Reporting Steps

1. Detect & Notify (Hour 0)

2. Assess (Within 2 hours)

  • SRE team assesses if CERT-In reporting required
  • If critical: Escalate to CTO and Broking Head in parallel

3. Gather Information (Within 4 hours)

  • Incident type and severity
  • Systems/data affected
  • Number of users impacted
  • Actions taken

4. Report to CERT-In (Within 6 hours)

  • Visit https://cert-in.org.in/ for current reporting contact
  • Send incident report via email/portal
  • Include: organization details, incident details, impact, actions taken
  • Save confirmation and reference number

5. Follow-up

  • Update CERT-In as incident progresses
  • Notify upon resolution
  • Document all communications

Internal Escalation

Incident Detection → security@wealthy.in
    ↓
SRE Team (Assessment)
    ↓
[Reportable?] → CERT-In Report (within 6 hours)
    ↓
[If Critical] → Escalate to CTO + Broking Head

CERT-In Contact Information

Website: https://cert-in.org.in/

Visit the official website for:

  • Current incident reporting email/portal
  • Latest reporting guidelines
  • Emergency contact numbers

Record Keeping

Maintain records of:

  • All CERT-In reports and acknowledgments
  • Incident timelines (detection, reporting, resolution)
  • All communications with CERT-In
  • Compliance with 6-hour requirement

Retention: Minimum 5 years

Contact: security@wealthy.in Next Review: January 2026

Last modified November 11, 2025: RCA added for SIP failure (16439aa)