Skip to main content
CERT-In

CERT-In Compliance Security Awareness Training

CERT-In — India’s national incident response agency — sets binding expectations for organisations operating in India: the 2022 Directions require covered cyber incidents to be reported within six hours of noticing, and CERT-In’s guidelines on information security practices expect entities to maintain security awareness among their personnel as part of baseline cyber hygiene.

CERT-In 2022 Directions6-hour incident reportingCyber hygiene evidenceFully Managed available

The six-hour clock is the detail most organisations underestimate. It starts when anyone in the organisation notices the incident — which makes every employee’s ability to recognise and escalate a phishing attempt part of your compliance posture. A workforce that sits on a suspicious email for two days is a reporting-deadline problem waiting to happen.

Knowspams builds that readiness: geo-localised phishing simulations train recognition, Phishy™ one-click reporting builds the escalation habit, and audit-ready records evidence the awareness programme itself. Fully managed operation is available — our team runs the entire programme, you get the results.

Requirement mapping

CERT-In expectations — and how the platform maps to them

CERT-In’s directions and guidelines combine hard reporting obligations with baseline security-practice expectations; workforce awareness underpins both.

Six-hour incident reporting (2022 Directions)

Covered incidents — phishing among them — must be reported to CERT-In within six hours of being noticed. Slow internal escalation consumes the window before the security team even knows.

How Knowspams maps

Phishy™ one-click reporting shortens employee-to-SOC time to seconds: when one employee reports a phish, admins score it and can block the sender and links for everyone else — and your reporting clock is managed, not discovered late.

Security awareness as baseline practice

CERT-In’s guidelines on information security practices for government and other entities expect regular security awareness among employees as part of cyber hygiene.

How Knowspams maps

A continuous, documented programme — simulations plus micro-training on current lure themes — satisfies the expectation and produces the records to show it.

Phishing-specific preparedness

Phishing, identity theft and fraudulent messaging dominate the incident categories CERT-In tracks and warns about in advisories.

How Knowspams maps

Simulation templates localised to the campaigns CERT-In advisories describe — bank and payment lures, government-notice spoofs, courier fraud — so practice matches the real threat.

Audit and empanelment ecosystems

Many entities undergo audits by CERT-In-empanelled auditors, where awareness programmes and incident readiness are standard checklist items.

How Knowspams maps

Audit-ready reports: programme cadence, coverage, completion records, report-rate improvements and risk-score trend, ready for the audit file.

Coverage across the whole organisation

Incident-noticing duty is organisation-wide — awareness limited to the IT team leaves the biggest attack surface untrained.

How Knowspams maps

Role/function-specific assignments put relevant training in front of every employee, with mobile-friendly modules for distributed and field teams.

FAQ

Frequently asked questions

Does CERT-In require security awareness training?

CERT-In’s guidelines on information security practices expect entities to maintain employee security awareness as part of baseline cyber hygiene, and its directions make organisation-wide incident recognition operationally necessary — the six-hour reporting window starts when anyone notices the incident. A documented awareness programme addresses both.

How does training help with the six-hour reporting deadline?

The deadline is mostly lost inside the organisation — an employee ignores or sits on the phish that started the incident. Simulation plus one-click Phishy™ reporting trains recognition and makes escalation instant, so your security team’s clock starts in minutes, not days.

What evidence do CERT-In-empanelled auditors ask for?

Typically: proof an awareness programme exists and runs regularly, who is covered, completion records, and whether effectiveness is measured. Knowspams reports document cadence, coverage, completions, report rates and risk-score trend in one audit-ready pack.

We need something in place quickly. Where do we start?

The 30-day One-Time Run stands up simulations, training and an audit-ready report inside a month with no subscription — a fast baseline. The fully managed annual programme then keeps awareness continuous with zero admin overhead.

See it running on your own team

A 20-minute demo — geo-localised simulations, training and the reports your auditors will ask for. Or prove it first with a 30-day One-Time Run, no subscription.

Audit-ready reportsFully Managed availableTeams of 50+