In this study, I aim to analyze and understand how compliance and regulatory frameworks operate, with a focus on identifying the differences between global policies and Indian government policies in managing Identity and Access Management (IAM

In India, CERT-In (Computer Emergency Response Team) is managed by the Ministry of Electronics and Information Technology. There are strict guidelines to manage incidents and reporting key mandates (2022): including businesses, government bodies, service providers, and data centers — all must report specific types of cybersecurity incidents to CERT-In within 6 hours. Other key requirements include 180-day log retention, local log storage, and NTP synchronization.

The IAM market in India is expected to witness significant growth, projected to surpass USD 1.5 billion by 2033. This growth is being driven by increasing regulatory requirements and the rising incidence of cyber threats, with India ranking as the second most-affected country globally by cyberattacks.

Access Management with an Approval Process

This means that access will be granted based on approval from the authorized person, such as the reporting manager or another designated individual. All access grants, revocations, changes, and modifications should be documented, and accountability should be maintained