Controls Library
247 controls implemented across 8 frameworks. 96.8% controls passing continuous testing. Live evidence linked to data products and policies.
Active controls
247
Across the library
Frameworks mapped
8
DPDP, RBI, ISO, SOC 2, PCI, Basel, IRDAI, internal
Passing · 30d
96.8%
Continuous testing
Failing now
4
Exception workflow active
In remediation
12
Restoring passing state
Evidence · 30d
247K
Collected automatically
Framework adherence summary
247 unique controls cover 455 framework mappings| Framework | Mapped | Passing | Adherence | Last attestation | Next due | Status |
|---|---|---|---|---|---|---|
| DPDP (Digital Personal Data Protection Act 2023) | 47 | 47 | 100% | Q1 2026 · 14 Apr 2026 | Q2 2026 · 14 Jul 2026 | Ready |
| RBI Master Directions | 84 | 82 | 97.6% | 14 Apr 2026 | Quarterly | 2 in remediation |
| ISO 27001:2022 | 87 | 84 | 96.6% | 12 Oct 2025 | 12 Oct 2026 | 3 in remediation |
| SOC 2 Type II | 64 | 62 | 96.9% | 18 Jan 2026 | 18 Jan 2027 | 2 in remediation |
| PCI DSS v4.0 | 47 | 47 | 100% | 4 Mar 2026 | 4 Mar 2027 | Ready |
| Basel III Pillar 3 | 24 | 24 | 100% | 14 Apr 2026 | Quarterly | Ready |
| IRDAI (insurance regulation) | 18 | 18 | 100% | 14 Apr 2026 | Quarterly | Ready |
| Internal Pinnacle Framework | 84 | 81 | 96.4% | 1 May 2026 | 1 Jun 2026 | 3 in remediation |
Control category breakdown
Access control47
Data protection62
Audit and logging38
Change management28
Incident response18
Vendor and third-party22
Continuity14
Human and process18
Recent control activity
- DPDP-C-014 Aadhaar masking compliance passed continuous test· 14 min ago
8.7M records validated · 0 violations
- RBI-C-038 Data localization for retail customer data passed continuous test· 1 hr ago
Verified across Fabric, Databricks, Snowflake
- ISO-A.5.34 Privacy in product development attestation completed· 2 hr ago
Attested by Meera Pillai (Compliance Lead)
- RBI-C-072 Cross-border data sharing — exception logged· 4 hr ago
Singapore audit access · approved · expires 30 Jun 2026
- ISO-A.8.10 Information deletion updated· 6 hr ago
Aligned to Nov 2025 DPDP Rules clarification
- SOC-CC8.1 Change management — Q2 evidence sample collected· 8 hr ago
47 production changes reviewed · all properly approved
- DPDP-C-022 Data principal rights workflow attested· 12 hr ago
Monthly attestation completed
- ISO-A.5.15 Access control policy annual review· 1 day ago
Compliance Lead and CISO sign-off
- PCI-DSS-3.4 Cardholder data masking Q2 evidence collected· 1 day ago
47K masking enforcement events captured
- AI-C-018 AI agent grounding integrity proposed· 2 days ago
Under review by Compliance Lead
- RBI-C-044 Aadhaar handling re-tested after April 2026 amendment· 3 days ago
All consumer surfaces verified
- Annual control library review completed for FY2025-26· 4 days ago
247 controls reaffirmed
Recommendations
- DPDP Phase 2 (14 Nov 2026) — 3 new requirements2 are already covered by existing controls; 1 requires a new control. Draft prepared and awaiting Compliance Lead review.
- ISO 27001:2022 — all 11 net-new controls coveredAnnual surveillance audit recommended within 90 days. Audit package can be generated from the Reports tab.
- PCI DSS v4.0.1 future-dated requirementsv4.0 compliance complete. Future-dated requirements (1 Jan 2025) preparation begins now. Gap analysis available.
- Cross-mapping opportunity14 controls currently mapped to a single framework could be cross-mapped to additional frameworks — reduces attestation effort by ~12 hours per cycle.