CERT-In Compliance Security Awareness Training
CERT-In — India’s national incident response agency — sets binding expectations for organisations operating in India: the 2022 Directions require covered cyber incidents to be reported within six hours of noticing, and CERT-In’s guidelines on information security practices expect entities to maintain security awareness among their personnel as part of baseline cyber hygiene.
The six-hour clock is the detail most organisations underestimate. It starts when anyone in the organisation notices the incident — which makes every employee’s ability to recognise and escalate a phishing attempt part of your compliance posture. A workforce that sits on a suspicious email for two days is a reporting-deadline problem waiting to happen.
Knowspams builds that readiness: geo-localised phishing simulations train recognition, Phishy™ one-click reporting builds the escalation habit, and audit-ready records evidence the awareness programme itself. Fully managed operation is available — our team runs the entire programme, you get the results.
CERT-In expectations — and how the platform maps to them
CERT-In’s directions and guidelines combine hard reporting obligations with baseline security-practice expectations; workforce awareness underpins both.
Six-hour incident reporting (2022 Directions)
Covered incidents — phishing among them — must be reported to CERT-In within six hours of being noticed. Slow internal escalation consumes the window before the security team even knows.
How Knowspams maps
Phishy™ one-click reporting shortens employee-to-SOC time to seconds: when one employee reports a phish, admins score it and can block the sender and links for everyone else — and your reporting clock is managed, not discovered late.
Security awareness as baseline practice
CERT-In’s guidelines on information security practices for government and other entities expect regular security awareness among employees as part of cyber hygiene.
How Knowspams maps
A continuous, documented programme — simulations plus micro-training on current lure themes — satisfies the expectation and produces the records to show it.
Phishing-specific preparedness
Phishing, identity theft and fraudulent messaging dominate the incident categories CERT-In tracks and warns about in advisories.
How Knowspams maps
Simulation templates localised to the campaigns CERT-In advisories describe — bank and payment lures, government-notice spoofs, courier fraud — so practice matches the real threat.
Audit and empanelment ecosystems
Many entities undergo audits by CERT-In-empanelled auditors, where awareness programmes and incident readiness are standard checklist items.
How Knowspams maps
Audit-ready reports: programme cadence, coverage, completion records, report-rate improvements and risk-score trend, ready for the audit file.
Coverage across the whole organisation
Incident-noticing duty is organisation-wide — awareness limited to the IT team leaves the biggest attack surface untrained.
How Knowspams maps
Role/function-specific assignments put relevant training in front of every employee, with mobile-friendly modules for distributed and field teams.
Frequently asked questions
Does CERT-In require security awareness training?
CERT-In’s guidelines on information security practices expect entities to maintain employee security awareness as part of baseline cyber hygiene, and its directions make organisation-wide incident recognition operationally necessary — the six-hour reporting window starts when anyone notices the incident. A documented awareness programme addresses both.
How does training help with the six-hour reporting deadline?
The deadline is mostly lost inside the organisation — an employee ignores or sits on the phish that started the incident. Simulation plus one-click Phishy™ reporting trains recognition and makes escalation instant, so your security team’s clock starts in minutes, not days.
What evidence do CERT-In-empanelled auditors ask for?
Typically: proof an awareness programme exists and runs regularly, who is covered, completion records, and whether effectiveness is measured. Knowspams reports document cadence, coverage, completions, report rates and risk-score trend in one audit-ready pack.
We need something in place quickly. Where do we start?
The 30-day One-Time Run stands up simulations, training and an audit-ready report inside a month with no subscription — a fast baseline. The fully managed annual programme then keeps awareness continuous with zero admin overhead.