Is Your Organisation DPDP Ready?
Independent DPDP Act 2023 compliance audits for Indian organisations — powered by AI-assisted Computer Audit Tools (CAATs). Observations, gap assessments, and DPO advisory by a CISA-certified auditor.
The DPDP Act is in force.
Are you compliant?
DPDP Act 2023 is now law — Rules notified January 2025
Data Fiduciaries face penalties up to ₹250 crore per breach
Data Protection Board empowered to investigate complaints
Consent, notice, and DSAR obligations apply immediately
Choose the right level of coverage
Every engagement is auditor-led. CAATs do the data gathering — Ram makes every compliance determination personally.
Project-Based DPDP Audit
Full gap assessment against all 67 DPDP controls
- 67-control CAATs-driven assessment
- Deviation Record Extract (DRX) for auditee
- Observations report with AI-assisted CAATs
- Remediation roadmap guidance
- Auditor sign-off included
- Evidence log retained 7 years
Monthly Retainer — DPO Advisory
Ongoing data protection officer support
- Virtual DPO function for your organisation
- Monthly DSAR review and tracking
- Policy review and gap updates
- Incident & breach response advisory
- Regulatory updates and alerts
- Priority email + call support
Annual Audit Partner
Sub-contractor DPDP expertise on your client engagements
- Sub-contractor IS audit on your clients
- DPDP module added to existing audit scope
- CAATs platform shared for engagement
- Report co-branded with your firm
- Flexible day-rate or revenue share
- NDA and engagement agreement provided
All prices are indicative. Final fee depends on organisation size, data volume, and scope. GST applicable as per prevailing rates.
From evidence to signed report
A structured, repeatable 4-step process. CAATs do the heavy lifting — the auditor makes every compliance call.
Evidence Request
A personalised checklist of 67 DPDP controls is generated for your organisation. AI classifies exactly what evidence is needed per control — policies, logs, screenshots, contracts.
Evidence Intake
You submit documents, exports, and URLs. Each file is SHA256-hashed for chain-of-custody. Duplicate detection prevents double-counting. Status dashboard shows coverage at a glance.
AI-Assisted Assessment
Claude Sonnet reads your evidence against each control's VALUE_STATEMENT. It reports observations only — never conclusions. Every result is labelled "Preliminary Assessment — Auditor Judgment Required".
Auditor Review & Sign-Off
Ram reviews every control, overrides any AI result that doesn't reflect the evidence, and signs the final report. No AI output reaches you without his review and professional sign-off.
Auditor Independence — Always
In line with ISACA and IIA professional standards, all compliance determinations, materiality assessments, and audit opinions rest exclusively with Ram Krishan Dudeja. Automated tools report observations. The auditor decides.
Ram Krishan Dudeja
Independent DPDP auditor and founder of RamKrishan Advisory, Faridabad. With a career spanning banking supervision, vigilance, and IS audit, Ram brings the rigour of a Big-4-level audit methodology to DPDP Act 2023 compliance — combined with a practical understanding of how Indian organisations actually operate.
RamKrishan Advisory
Faridabad, Haryana · [email protected]
dpdpaudits.com
All major DPDP sections covered
The audit framework covers 67 controls mapped across 21 DPDP Act sections — from applicability and notice through to breach management, AI governance, and penalty exposure assessment.
- Section 6 — Consent Validity
- Section 8 — Data Fiduciary Obligations
- Section 9 — Children's Data Protection
- Section 10 — Security Safeguards
- Section 11 — Data Subject Rights (DSAR)
- Section 12 — Breach Management
- Section 16 — Cross-Border Transfers
- Rules 9–11 — Consent Manager Obligations
Start your DPDP audit today
Send an enquiry and Ram will respond within one business day. No sales team — you speak directly with the auditor from day one.