Skip to main content
Security & compliance for businesses

Armor your business before regulators come knocking

CERT-In, DPDP Act, VAPT, data privacy — implemented, not just reported. Fixed-fee engagements for Small and Medium Enterprises. After the engagement, we also deploy and manage security monitoring tools to keep your infrastructure protected on an ongoing basis.

Book a free scoping callScan your domain free →
Kawacha — Security armor for businesses

Compliance isn't optional — it's just badly served

The regulations are real. The problem is most businesses don't know which ones apply to them — or where to start.

01

You don't know what applies to you.

New regulations, older ones you've never heard of — the landscape is genuinely complex. Most businesses aren't non-compliant on purpose. They simply haven't had a clear map of what their specific business actually needs to do.

02

You've been told to do everything.

Most compliance advice starts with a list of every possible risk. Nobody tells you what's mandatory now, what can wait, and what will never apply to you. Kawacha starts there.

03

You're paying for advice, not outcomes.

A report is not compliance. Consent flows need to be built. Policies need to be written. Security gaps need to be fixed. We do the work — not just the writing.

Fixed-fee packages. No surprises.

We don't hand you a report and walk away. We map what applies, implement it, test it, and verify it — then give you a clear roadmap for what comes next.

Starter

We map what applies. We implement it.

₹1.5L – ₹2.5L

  • Regulatory profile — what applies, what doesn’t
  • CERT-In Directions 2022 — implemented
  • DPDP Act 2023 — implemented end to end
  • Data inventory built, privacy notice written
  • Consent flows reviewed and set up
  • Grievance mechanism in place
Get started
Most popular

Standard

Security and compliance. Fully implemented.

₹3.5L – ₹5.5L

  • Everything in Starter
  • Application & infrastructure security tested
  • Security gaps found, fixed, and verified
  • WhatsApp Business security & TRAI TCCCPR compliance
  • Security monitoring and log retention implemented
  • 5 core security policies written and adopted
  • Roadmap for ISO 27001, SOC 2, PCI DSS — when triggered
Get started

Complete

Implemented, monitored, and maintained.

₹6L – ₹9L + ₹80K–1.2L/quarter

  • Everything in Standard
  • Framework prep — ISO 27001 / SOC 2 readiness delivered
  • Quarterly compliance retainer
  • Regulatory changes tracked and applied
  • Incident response — supported, not just documented
  • Ongoing engagement as your business scales
Get started
After the engagement

Continuous protection — managed for you

Fixing gaps and achieving compliance is the foundation. Once that work is done, we deploy and manage security monitoring tools that give your business ongoing visibility — threat detection, infrastructure monitoring, and anomaly alerts. Managed for you, so your team isn't watching dashboards.

Ask about this when you book your call

What this covers

  • Continuous threat detection across your infrastructure
  • Cloud security posture — misconfigurations caught before they're exploited
  • Anomaly and breach alerting, managed for you

How it works

A structured 4–6 week engagement. Everything sequenced so mandatory work happens first, optional work only when triggered.

01

Understand your business first

We start by mapping what actually applies to you — not a generic checklist. Your sector, data, customers, and licences determine your obligations. Most businesses are over-worried about things that don't apply and under-prepared for things that do.

02

Get the mandatory baseline in place

Every business operating in India has non-negotiable legal obligations — regardless of size or sector. We get these in place first, quickly, before anything else. No surprises later.

03

Data privacy, done properly

We work through your data flows with you and implement what the law requires — notices, consent, individual rights, breach response, vendor agreements. Written for your business, not copied from a template.

04

Security testing

We test your application and infrastructure for vulnerabilities using industry-standard methods. You get a clear findings report, we work with your team to fix what matters, and we verify the fixes before closing.

05

Policies and a clear roadmap

Core security policies that your team will actually use. Then an honest map of what to do next — ISO 27001, SOC 2, PCI DSS — and critically, only when your business actually needs them.

06

Continuous protection — optional after any engagement

Once your compliance foundation is in place, we can deploy and manage security monitoring tools that give your business ongoing visibility. Threat detection, anomaly alerts, and cloud infrastructure monitoring — managed for you, so your team can stay focused on the product.

Case study

India fintech — CERT-In & DPDP compliance in 4 weeks

A fintech needed to get compliant before an enterprise sales push. Starting from zero, we mapped their obligations, implemented data privacy requirements, tested and cleared their security posture, and delivered a full compliance foundation in four weeks.

Read the full case study

Outcomes

  • Legal baseline in place within 2 weeks
  • DPDP Act compliance implemented end to end
  • Security vulnerabilities found, fixed, and verified
  • 5 security policies adopted by the team
  • Clear roadmap — what to do next, and when
FAQ

Common questions

Start with a free scoping call

30 minutes. We'll map your regulatory exposure and tell you exactly what applies to your business. No obligation.

Book a free scoping call

Opens your email client — or write directly to contactus@kawacha.com

By submitting you consent to Kawacha contacting you about your enquiry. Privacy Policy.