{"id":70,"date":"2026-07-01T06:10:41","date_gmt":"2026-07-01T06:10:41","guid":{"rendered":"https:\/\/www.socroom.com\/blog\/?p=70"},"modified":"2026-07-03T06:18:07","modified_gmt":"2026-07-03T06:18:07","slug":"what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do","status":"publish","type":"post","link":"https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/","title":{"rendered":"What Is CERT-In&#8217;s 6-Hour Reporting Rule &#8211; and What SOC Providers in India Need to Do"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">If your organisation operates in India, one rule should shape how your security operations run: when a qualifying cyber incident is detected, you have <strong>six hours to report it to CERT-In<\/strong>. Not six hours to solve it. Six hours to notice it, classify it, and file the notification.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It&#8217;s one of the strictest incident-reporting windows in the world, and it puts real pressure on how fast a security team can move. This guide explains what the rule actually requires, and then breaks down \u2014 practically \u2014 what SOC providers in India need to do to keep their clients inside that window.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is CERT-In&#8217;s 6-hour reporting rule?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">CERT-In (the Indian Computer Emergency Response Team) is India&#8217;s national nodal agency for cyber security incidents, operating under Section 70B of the IT Act, 2000. On 28 April 2022 it issued directions \u2014 effective from 27 June 2022 \u2014 that made incident reporting time-bound for the first time.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The core requirement is simple to state: <strong>specified cyber incidents must be reported to CERT-In within six hours of noticing them, or of being made aware of them.<\/strong> Before these directions, entities only had to report &#8220;within a reasonable time.&#8221; Now there&#8217;s a hard clock.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A few things make the rule sharper than people expect:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>It covers around 20 categories of incident.<\/strong> Ransomware, unauthorised access, data breaches and leaks, DDoS and DoS attacks, phishing and spoofing, attacks on servers, databases and applications, supply-chain compromises, and attacks on IoT and OT systems all fall in scope.<\/li>\n\n\n\n<li><strong>A prescribed reporting format.<\/strong> Reports use CERT-In&#8217;s format (commonly referenced as Annexure A), which is essentially built around five questions: who is reporting, when it was detected, what happened, what was affected, and what has been done so far.<\/li>\n\n\n\n<li><strong>You don&#8217;t need perfect forensics.<\/strong> You can file an initial report inside six hours with the information you have, flag unknowns as &#8220;under investigation,&#8221; and supplement it as facts stabilise.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The rule also comes bundled with supporting obligations that directly affect how a SOC is built:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>180-day log retention, in India.<\/strong> Logs of all ICT systems must be maintained securely for a rolling 180-day period, kept within Indian jurisdiction, and provided to CERT-In when you report an incident or on request.<\/li>\n\n\n\n<li><strong>Clock synchronisation.<\/strong> System clocks must sync to NTP sources traceable to NIC or NPL, so timestamps across logs and reports are consistent \u2014 critical for forensic accuracy.<\/li>\n\n\n\n<li><strong>A designated point of contact.<\/strong> Every covered entity must appoint a POC to interface with CERT-In and keep those details current.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Failure to comply carries penalties under Section 70B(7) of the IT Act \u2014 imprisonment of up to one year and\/or a fine of up to \u20b91 lakh, with proposed amendments seeking to raise the fine significantly. Treat the current figure as a floor, not a ceiling.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The detail that matters most: when the clock starts<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The six hours run from the moment a qualifying incident is <strong>noticed<\/strong> &#8211; not from when it happened, and not from when your investigation concludes.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">And &#8220;noticing&#8221; isn&#8217;t confined to the CISO&#8217;s desk. A SOC alert, a high-severity monitoring ticket, or a credible third-party disclosure can all start the clock. That&#8217;s why the rule is really a <em>detection and operations<\/em> problem, not a paperwork problem. If your monitoring is slow or noisy, you can burn hours before anyone even realises there&#8217;s something reportable \u2014 leaving almost no time to actually file.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This is exactly where a Security Operations Centre earns its place.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What SOC providers in India need to do<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Meeting the six-hour window consistently isn&#8217;t about heroics during an incident. It&#8217;s about having the machinery already in place. Here&#8217;s what SOC providers in India need to deliver:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. Continuous 24\/7 detection<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The clock doesn&#8217;t pause for nights, weekends or public holidays. SOC providers need round-the-clock monitoring across the client&#8217;s SIEM, endpoints, cloud workloads and identity sources \u2014 tuned so a genuine incident surfaces as an actionable alert with severity, asset context and a timestamp, rather than getting lost in noise.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Fast triage and classification<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Detection is only half the job. Analysts have to quickly separate signal from noise and decide whether an event maps to one of CERT-In&#8217;s reportable categories. The cost of a quick internal classification is far lower than the cost of missing the deadline, so triage playbooks should be built to decide fast, with clear thresholds.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. Log retention and time synchronisation<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">SOC providers need to architect log collection and retention to meet the 180-day, India-resident requirement, with critical sources on tamper-resistant storage. Synchronised timestamps across all sources keep incident timelines defensible when CERT-In asks for evidence.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4. Ready-to-file reporting artefacts<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">When an incident is confirmed, the reporting pack shouldn&#8217;t be assembled from scratch across emails and chat threads. A good SOC maintains pre-built templates aligned to CERT-In&#8217;s format, so the five core questions \u2014 who, when, what, what was affected, what was done \u2014 can be answered immediately with supporting logs attached.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5. A defined escalation path to the POC<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The SOC must know exactly who the client&#8217;s CERT-In point of contact is (plus a backup) and escalate to them with a standard pack: what happened, where, when, the evidence, and the actions already taken. For high-severity incidents that means contacting named escalation contacts directly \u2014 not just raising a ticket.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6. Rehearsed workflows<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The fastest teams treat the six-hour process like a fire drill. Roles are pre-assigned, the incident commander has the authority to declare an incident &#8220;reportable&#8221; without waiting on a committee, and the workflow is validated through tabletop exercises before it&#8217;s ever needed for real.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">A simple 6-hour reporting workflow<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Put together, the operational flow a SOC should run looks like this:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Detect and alert<\/strong> \u2014 monitoring generates an actionable alert with severity, asset context and a timestamp.<\/li>\n\n\n\n<li><strong>Triage fast<\/strong> \u2014 validate signal vs noise and classify against CERT-In&#8217;s reportable categories.<\/li>\n\n\n\n<li><strong>Estimate impact<\/strong> \u2014 gauge blast radius: affected systems, business processes, and whether personal data is involved.<\/li>\n\n\n\n<li><strong>Escalate to the POC<\/strong> \u2014 notify the designated contact and a backup with a standard incident pack.<\/li>\n\n\n\n<li><strong>Draft in the prescribed format<\/strong> \u2014 fill known fields, attach supporting artefacts, mark unknowns clearly.<\/li>\n\n\n\n<li><strong>Submit and track<\/strong> \u2014 file through the official channel, record acknowledgement details, and keep an internal case file for follow-up requests.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">The goal is for the six-hour window to be something your SOC is already engineered around \u2014 not something anyone scrambles to reconstruct at 3 a.m.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What this means when you choose a SOC provider<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Not every provider is built for Indian regulatory reality. When evaluating SOC providers in India for CERT-In readiness, look for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>India-based, IST-aligned analysts<\/strong> with genuine 24\/7 coverage.<\/li>\n\n\n\n<li><strong>180-day log retention within India<\/strong>, architected into the engagement.<\/li>\n\n\n\n<li><strong>A CERT-In reporting workflow baked in<\/strong> \u2014 classification, templates and POC escalation, not bolted on afterwards.<\/li>\n\n\n\n<li><strong>SIEM-agnostic integration<\/strong> with platforms like Microsoft Sentinel, Splunk and IBM QRadar, so you&#8217;re not forced into a rip-and-replace.<\/li>\n\n\n\n<li><strong>Sector alignment<\/strong> to your regulator \u2014 RBI, SEBI CSCRF, IRDAI \u2014 so evidence is ready when auditors ask.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">One clarification worth making: meeting the 6-hour rule is a SOC function, and it&#8217;s distinct from what a <strong>CERT-In empanelled vendor<\/strong> does. Empanelment authorises a firm to conduct security audits and VAPT \u2014 it&#8217;s an auditor credential, not a monitoring one. Most regulated enterprises need both: an empanelled auditor for periodic audits, and a SOC provider for the day-to-day detection and reporting that keeps them inside the six-hour window.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The bottom line<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">CERT-In&#8217;s 6-hour rule rewards operational readiness. The organisations that meet it comfortably aren&#8217;t the ones with the thickest compliance binders \u2014 they&#8217;re the ones whose SOC is watching continuously, classifying quickly, and reporting through a workflow that&#8217;s already been rehearsed. Get that right, and the six-hour clock stops being a source of panic and becomes something your operations handle quietly in the background.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">See where your 6-hour readiness stands<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">SOCroom runs analyst-led, 24\/7 managed SOC operations from Bengaluru \u2014 built around CERT-In&#8217;s reporting window, 180-day log retention and DPDP-aligned monitoring. <a href=\"https:\/\/www.socroom.com\/managed-soc-services-india.html\">Book a free security assessment<\/a> and we&#8217;ll show you where your reporting workflow holds up and where it breaks.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">FAQ <\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>What is CERT-In&#8217;s 6-hour reporting rule?<\/strong> Under CERT-In&#8217;s 2022 directions, covered entities must report specified cyber incidents to CERT-In within six hours of noticing them, or of being made aware of them. It applies to around 20 incident categories and uses CERT-In&#8217;s prescribed reporting format.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>When does the six-hour clock start?<\/strong> From the moment a qualifying incident is noticed or brought to your attention \u2014 including via a SOC alert, an MSSP ticket, or a credible third-party disclosure. It&#8217;s tied to awareness, not to when the incident originally occurred.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>What do SOC providers in India need to do to meet the rule?<\/strong> Provide continuous 24\/7 detection, fast triage and classification against reportable categories, 180-day India-resident log retention with synchronised timestamps, ready-to-file reporting artefacts, and a rehearsed escalation path to the client&#8217;s CERT-In point of contact.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Do we need complete forensics before reporting?<\/strong> No. You file an initial report within six hours with the information available, mark unknowns as &#8220;under investigation,&#8221; and supplement it as the investigation progresses.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Is meeting the 6-hour rule the same as hiring a CERT-In empanelled vendor?<\/strong> No. CERT-In empanelment authorises a firm to conduct security audits and VAPT \u2014 it&#8217;s an auditor credential. Meeting the 6-hour reporting window is an operational task handled by a SOC provider. Most regulated organisations use both.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If your organisation operates in India, one rule should shape how your security operations run: when a qualifying cyber incident is detected, you have six hours to report it to CERT-In. Not six hours to solve it. Six hours to notice it, classify it, and file the notification. It&#8217;s one of the strictest incident-reporting windows [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":72,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-70","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-managed-soc-services"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What Is CERT-In&#039;s 6-Hour Reporting Rule - and What SOC Providers in India Need to Do - Socroom Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Is CERT-In&#039;s 6-Hour Reporting Rule - and What SOC Providers in India Need to Do - Socroom Blog\" \/>\n<meta property=\"og:description\" content=\"If your organisation operates in India, one rule should shape how your security operations run: when a qualifying cyber incident is detected, you have six hours to report it to CERT-In. Not six hours to solve it. Six hours to notice it, classify it, and file the notification. It&#8217;s one of the strictest incident-reporting windows [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/\" \/>\n<meta property=\"og:site_name\" content=\"Socroom Blog\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-01T06:10:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-03T06:18:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.socroom.com\/blog\/wp-content\/uploads\/2026\/07\/featured-cert-in-6-hour-rule.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1700\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Senthil Kumar Ramanujam\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Senthil Kumar Ramanujam\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/2026\\\/07\\\/01\\\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/2026\\\/07\\\/01\\\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\\\/\"},\"author\":{\"name\":\"Senthil Kumar Ramanujam\",\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/#\\\/schema\\\/person\\\/e68fa20fddaa303c969500af5adaa68b\"},\"headline\":\"What Is CERT-In&#8217;s 6-Hour Reporting Rule &#8211; and What SOC Providers in India Need to Do\",\"datePublished\":\"2026-07-01T06:10:41+00:00\",\"dateModified\":\"2026-07-03T06:18:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/2026\\\/07\\\/01\\\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\\\/\"},\"wordCount\":1535,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/2026\\\/07\\\/01\\\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/featured-cert-in-6-hour-rule.png\",\"articleSection\":[\"Managed SOC Services\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.socroom.com\\\/blog\\\/2026\\\/07\\\/01\\\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/2026\\\/07\\\/01\\\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\\\/\",\"url\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/2026\\\/07\\\/01\\\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\\\/\",\"name\":\"What Is CERT-In's 6-Hour Reporting Rule - and What SOC Providers in India Need to Do - Socroom Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/2026\\\/07\\\/01\\\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/2026\\\/07\\\/01\\\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/featured-cert-in-6-hour-rule.png\",\"datePublished\":\"2026-07-01T06:10:41+00:00\",\"dateModified\":\"2026-07-03T06:18:07+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/2026\\\/07\\\/01\\\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.socroom.com\\\/blog\\\/2026\\\/07\\\/01\\\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/2026\\\/07\\\/01\\\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/featured-cert-in-6-hour-rule.png\",\"contentUrl\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/featured-cert-in-6-hour-rule.png\",\"width\":1700,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/2026\\\/07\\\/01\\\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Is CERT-In&#8217;s 6-Hour Reporting Rule &#8211; and What SOC Providers in India Need to Do\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/\",\"name\":\"Socroom Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/#organization\",\"name\":\"Socroom Blog\",\"url\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/cropped-SOCROOM-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/cropped-SOCROOM-logo.png\",\"width\":1998,\"height\":699,\"caption\":\"Socroom Blog\"},\"image\":{\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/#\\\/schema\\\/person\\\/e68fa20fddaa303c969500af5adaa68b\",\"name\":\"Senthil Kumar Ramanujam\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b07a56ae611ca9c42135e51a241e3d262910c3ac32b020e8645b3fd8fd34c1cf?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b07a56ae611ca9c42135e51a241e3d262910c3ac32b020e8645b3fd8fd34c1cf?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b07a56ae611ca9c42135e51a241e3d262910c3ac32b020e8645b3fd8fd34c1cf?s=96&d=mm&r=g\",\"caption\":\"Senthil Kumar Ramanujam\"},\"description\":\"Information Security &amp; Cloud Security Leader | Building Resilient Cyber Defenses\",\"sameAs\":[\"http:\\\/\\\/www.socroom.com\\\/blog\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/sentkr\\\/\"],\"url\":\"https:\\\/\\\/www.socroom.com\\\/blog\\\/author\\\/socroomadmin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Is CERT-In's 6-Hour Reporting Rule - and What SOC Providers in India Need to Do - Socroom Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/","og_locale":"en_US","og_type":"article","og_title":"What Is CERT-In's 6-Hour Reporting Rule - and What SOC Providers in India Need to Do - Socroom Blog","og_description":"If your organisation operates in India, one rule should shape how your security operations run: when a qualifying cyber incident is detected, you have six hours to report it to CERT-In. Not six hours to solve it. Six hours to notice it, classify it, and file the notification. It&#8217;s one of the strictest incident-reporting windows [&hellip;]","og_url":"https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/","og_site_name":"Socroom Blog","article_published_time":"2026-07-01T06:10:41+00:00","article_modified_time":"2026-07-03T06:18:07+00:00","og_image":[{"width":1700,"height":900,"url":"https:\/\/www.socroom.com\/blog\/wp-content\/uploads\/2026\/07\/featured-cert-in-6-hour-rule.png","type":"image\/png"}],"author":"Senthil Kumar Ramanujam","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Senthil Kumar Ramanujam","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/#article","isPartOf":{"@id":"https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/"},"author":{"name":"Senthil Kumar Ramanujam","@id":"https:\/\/www.socroom.com\/blog\/#\/schema\/person\/e68fa20fddaa303c969500af5adaa68b"},"headline":"What Is CERT-In&#8217;s 6-Hour Reporting Rule &#8211; and What SOC Providers in India Need to Do","datePublished":"2026-07-01T06:10:41+00:00","dateModified":"2026-07-03T06:18:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/"},"wordCount":1535,"commentCount":0,"publisher":{"@id":"https:\/\/www.socroom.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/#primaryimage"},"thumbnailUrl":"https:\/\/www.socroom.com\/blog\/wp-content\/uploads\/2026\/07\/featured-cert-in-6-hour-rule.png","articleSection":["Managed SOC Services"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/","url":"https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/","name":"What Is CERT-In's 6-Hour Reporting Rule - and What SOC Providers in India Need to Do - Socroom Blog","isPartOf":{"@id":"https:\/\/www.socroom.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/#primaryimage"},"image":{"@id":"https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/#primaryimage"},"thumbnailUrl":"https:\/\/www.socroom.com\/blog\/wp-content\/uploads\/2026\/07\/featured-cert-in-6-hour-rule.png","datePublished":"2026-07-01T06:10:41+00:00","dateModified":"2026-07-03T06:18:07+00:00","breadcrumb":{"@id":"https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/#primaryimage","url":"https:\/\/www.socroom.com\/blog\/wp-content\/uploads\/2026\/07\/featured-cert-in-6-hour-rule.png","contentUrl":"https:\/\/www.socroom.com\/blog\/wp-content\/uploads\/2026\/07\/featured-cert-in-6-hour-rule.png","width":1700,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/www.socroom.com\/blog\/2026\/07\/01\/what-is-cert-ins-6-hour-reporting-rule-and-what-soc-providers-in-india-need-to-do\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.socroom.com\/blog\/"},{"@type":"ListItem","position":2,"name":"What Is CERT-In&#8217;s 6-Hour Reporting Rule &#8211; and What SOC Providers in India Need to Do"}]},{"@type":"WebSite","@id":"https:\/\/www.socroom.com\/blog\/#website","url":"https:\/\/www.socroom.com\/blog\/","name":"Socroom Blog","description":"","publisher":{"@id":"https:\/\/www.socroom.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.socroom.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.socroom.com\/blog\/#organization","name":"Socroom Blog","url":"https:\/\/www.socroom.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.socroom.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.socroom.com\/blog\/wp-content\/uploads\/2026\/05\/cropped-SOCROOM-logo.png","contentUrl":"https:\/\/www.socroom.com\/blog\/wp-content\/uploads\/2026\/05\/cropped-SOCROOM-logo.png","width":1998,"height":699,"caption":"Socroom Blog"},"image":{"@id":"https:\/\/www.socroom.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.socroom.com\/blog\/#\/schema\/person\/e68fa20fddaa303c969500af5adaa68b","name":"Senthil Kumar Ramanujam","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b07a56ae611ca9c42135e51a241e3d262910c3ac32b020e8645b3fd8fd34c1cf?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b07a56ae611ca9c42135e51a241e3d262910c3ac32b020e8645b3fd8fd34c1cf?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b07a56ae611ca9c42135e51a241e3d262910c3ac32b020e8645b3fd8fd34c1cf?s=96&d=mm&r=g","caption":"Senthil Kumar Ramanujam"},"description":"Information Security &amp; Cloud Security Leader | Building Resilient Cyber Defenses","sameAs":["http:\/\/www.socroom.com\/blog","https:\/\/www.linkedin.com\/in\/sentkr\/"],"url":"https:\/\/www.socroom.com\/blog\/author\/socroomadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.socroom.com\/blog\/wp-json\/wp\/v2\/posts\/70","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.socroom.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.socroom.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.socroom.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.socroom.com\/blog\/wp-json\/wp\/v2\/comments?post=70"}],"version-history":[{"count":1,"href":"https:\/\/www.socroom.com\/blog\/wp-json\/wp\/v2\/posts\/70\/revisions"}],"predecessor-version":[{"id":71,"href":"https:\/\/www.socroom.com\/blog\/wp-json\/wp\/v2\/posts\/70\/revisions\/71"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.socroom.com\/blog\/wp-json\/wp\/v2\/media\/72"}],"wp:attachment":[{"href":"https:\/\/www.socroom.com\/blog\/wp-json\/wp\/v2\/media?parent=70"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.socroom.com\/blog\/wp-json\/wp\/v2\/categories?post=70"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.socroom.com\/blog\/wp-json\/wp\/v2\/tags?post=70"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}