🇮🇳 Module 2A — DPDP Act 2023
DPDP Act 2023 — Are you ready?
India's landmark data protection law is in force. Niraapadh's dedicated DPDP module maps all Data Fiduciary obligations across consent, breach response, data principal rights, and SDF requirements — and delivers a gap report in under 5 minutes.
₹250 Cr
Max penalty
72 hrs
Breach notice
5 min
To assess
Consent Management
Map every consent touchpoint. Assess whether notices are specific, informed, and withdrawable per §6 and §7.
Data Principal Rights
Evaluate readiness to fulfil rights to access, correction, erasure, and grievance redressal within statutory timelines.
Security Safeguards
Technical and organisational measures for protecting personal data — breach detection, containment, and 72-hour DPBI notification.
Significant Data Fiduciary
Determine SDF status and whether you meet additional obligations: DPO appointment, DPIA, and annual data audit.
Cross-Border Transfers
Check permitted country restrictions and contractual safeguards for international data flows.
Privacy Notice & Accountability
Audit privacy notices, internal policies, and accountability records against DPDP Act's transparency requirements.
Module 2B — AI Governance
AI Governance Assessment
AI is reshaping enterprise risk. Niraapadh's standalone AI Governance module assesses your organisation across 9 pillars and 72 questions — applicable universally, whether you build or consume AI. Produces a board-ready governance gap report aligned to global frameworks.
EU AI ActNIST AI RMF 1.0ISO/IEC 42001MeitY AI FrameworkDPDP Act 2023GDPRRBI / SEBI / IRDAI
72
Questions
9
Governance Pillars
5 min
To complete
AI Inventory & Governance
Catalogue all AI models, tools, and shadow AI usage. Establish an AI inventory and governance charter.
Data Governance for AI
Assess how training data is sourced, labelled, retained, and protected for personal data compliance.
Algorithmic Bias & Fairness
Evaluate bias detection, fairness metrics, and human review processes for AI-driven decisions.
Transparency & Explainability
Assess model explainability, audit trails, and human oversight controls for critical decisions.
AI Cybersecurity Risk
Review controls against adversarial attacks, model poisoning, and AI-specific threat vectors.
Operational Reliability
Evaluate model versioning, drift monitoring, performance SLAs, and incident response for AI systems.
Third-Party & Vendor AI
Assess due diligence over AI APIs, foundational models, and vendor AI risk clauses in contracts.
Ethics, Content & IP
Review content policies, IP ownership of AI outputs, copyright exposure, and acceptable use controls.
Shadow AI Risk
Identify unsanctioned AI tool usage by employees and contractors, and assess associated data leakage risks.
Module 2C — OWASP LLM AI Security
OWASP LLM Top 10 Assessment
Structured around OWASP's LLM Top 10 framework, this module adapts to your AI footprint. Answer a short screener to identify your scope tier — then receive a targeted assessment and risk score covering the AI-specific threats most relevant to your deployment.
10
OWASP LLM Risks
40
Max Questions
3
Scope Tiers
8questions
No AI
Baseline controls for orgs not yet using AI tools
18questions
Consumer (3rd-party AI)
Using ChatGPT, Copilot, or API-based LLMs
40questions
Builder / On-Prem
Training, fine-tuning, or deploying LLMs internally
LLM01
Prompt Injection
Malicious prompts hijack model behaviour or exfiltrate data.
LLM02
Insecure Output Handling
Unvalidated LLM outputs enabling XSS, SSRF, or code execution.
LLM03
Training Data Poisoning
Compromised training data introduces backdoors or biases.
LLM04
Model Denial of Service
Resource-intensive inputs degrade model availability.
LLM05
Supply Chain Vulnerabilities
Risks in pre-trained models, libraries, and third-party integrations.
LLM06
Sensitive Info Disclosure
LLMs leak PII, credentials, or confidential training data in outputs.
LLM07
Insecure Plugin Design
Unsafe plugin interfaces allow privilege escalation.
LLM08
Excessive Agency
Overly broad LLM agent permissions cause unintended actions.
LLM09
Overreliance
Blind trust in LLM outputs without human validation.
LLM10
Model Theft
Extraction of proprietary model weights or capabilities.
Methodology
Assessment, simplified
No cybersecurity jargon. No endless checklists. A structured questionnaire mapped to leading frameworks — answered in three intuitive choices.
STEP 01
Answer Yes / Partial / No
50+ controls across 8 domains, drawn from NIST CSF and ISO 27001. Answer with confidence, even without a CISO on staff.
STEP 02
Real-time posture score
Your maturity score is computed instantly, with domain-level breakdowns, peer benchmarking, and clearly weighted risk areas.
STEP 03
Board-ready action plan
A prioritised remediation roadmap — 30, 60, and 90-day horizons — formatted for executive presentations and audit submissions.
Supported Frameworks
Assess the frameworks that matter to you.
Choose one or more frameworks. Niraapadh guides you through a dedicated assessment for each — with questions authored for that framework's exact control language. Every framework gets its own score and action plan.
Why Niraapadh
Your compliance maturity journey, guided.
Niraapadh empowers CIOs and CTOs to move from uncertainty to structured action — identifying gaps, quantifying risks, and implementing solutions in a clear, prioritised order.
Instant clarity, no prerequisites
No agents or integrations required. Any CIO or IT leader can complete an assessment in under five minutes and walk away with a defensible posture score.
Gaps surfaced with evidence
Every risk area is traced back to specific control questions — not black-box scoring. Leadership knows exactly which gaps exist and why they matter.
Prioritised remediation roadmap
Risks ranked by severity, likelihood, and business impact. A 30-60-90 day action plan ensures your team addresses what matters most, first.
Framework-aligned from day one
Built on NIST CSF, DPDP Act, OWASP LLM Top 10, and EU AI Act — the same language auditors, insurers, and regulators speak.
Built for leadership, not just security teams
Reports structured for board presentations, executive briefings, and audit submissions — not just for the CISO.
A partner across your maturity journey
Re-assess quarterly, track domain score trends, and demonstrate continuous improvement to stakeholders over time.
Security Coverage
Eight domains. Complete picture.
Structured across the full enterprise attack surface — from identity to supply chain.
FAQ