The number of Indian Computer Emergency Response Team (CERT-In) empanelled information security organisations has been reduced from 90 to 33. Companies that are no longer CERT-In empanelled include IBM India, HCL Comnet, Wipro, Ernst & Young, Tech Mahindra and many others. The empanelment of the information security organisations is valid from November 1, 2020 to October 31, 2023. We have reached out to CERT-In to find out what caused the significant reduction in the number of empanelled auditors — did the companies not apply or were more companies rejected? We have also asked CERT-In what will happen to existing contracts and tenders that were won on the basis of an entity’s CERT-In empanelled status. CERT-In empanelled organisations, which currently include three government organisations — Centre for Development of Advanced Computing (C-DAC), Standardisation Testing and Quality Certification (STQC) Directorate of Ministry of Electronics and Information Technology (MEITY), and Madhya Pradesh Agency for Promotion of Information Technology which is a registered society of Department of Science and Technology, Government of Madhya Pradesh — test computer systems, networks and applications of government agencies and private companies for vulnerabilities and risks. To win government contracts, private companies have to have their information security systems audited by these CERT-In empanelled auditors. Often, when private companies enter partnerships with other software companies, they rely on an audit report by CERT-In empanelled auditors. No clarity on why the number reduced We reached out to multiple companies that are no longer there on the list to find if…
