Built for DPDP from Day One
Vratex

Compliance in India
is broken.

We're fixing it.

Governance, Risk & Compliance for Indian enterprises. Purpose-built for DPDP Act 2023 and ISO 27001:2022. One platform, both frameworks, every control.

Check Your DPDP Readiness — FreeDoes DPDP Apply to You?
0 CrMax DPDP penalty per violation
0ISO 27001 controls pre-loaded
May 2027Compliance window closes
app.vratex.com
Risk Register
5 risks
RiskLIScoreStatus
Unauthorised data access4520Open
Third-party data sharing3412Mitigating
Inadequate encryption3515Open
Missing consent records4416Mitigating
Weak access controls236Closed
Scroll
The Problem

The Compliance Reckoning Is Here

The Digital Personal Data Protection Act 2023 is India's most consequential data law in a generation. Penalties up to 0 Cr per violation. And the average Indian company manages compliance on spreadsheets and email chains.

The Spreadsheet Trap

Risk registers in Excel are indefensible. When DPDP-mandated board review arrives, there is no version of record, no accountability trail, no defensible due diligence.

The Invisible Audit Trail

DPDP Section 8(5) requires reasonable security safeguards. ISO 27001 Clause 9.1 requires performance evaluation. Both demand evidence of who did what, and when.

The Consultant Dependency

External GRC consultants charge ₹5–20 lakh per engagement, produce a static PDF, and leave. Six months later it's outdated. No institutional memory.

The India-Fit Problem

Most GRC platforms were built for GDPR, SOX, or SOC 2. DPDP Act 2023 has distinct obligations these tools treat as an afterthought. You get a cross-reference PDF bolted onto a foreign framework.

Regulatory Exposure

The DPDP Rules have been notified. The Data Protection Board is being constituted. The organisations treating this as a future problem will be the organisations paying penalties and scrambling to rebuild compliance programmes under regulatory scrutiny.

The Platform

Three Integrated Capabilities

One cohesive compliance programme. Not three disconnected tools.

Risk Register

Continuous Compliance, Not Annual Theatre

Map, score, and track every enterprise risk. Linked to ISO 27001 Annex A controls and DPDP obligations.

  • 5×5 likelihood/impact scoring for inherent and residual risk
  • Table, heat map, and kanban views for analysis, board reporting, and treatment workflow
  • Tamper-evident change log on every record with cryptographic hash chaining
app.vratex.com
Risk Register
5 risks
RiskLIScoreStatus
Unauthorised data access4520Open
Third-party data sharing3412Mitigating
Inadequate encryption3515Open
Missing consent records4416Mitigating
Weak access controls236Closed
Audit & Compliance

Evidence-Ready From Day One

Pre-loaded with all 93 ISO 27001:2022 Annex A controls and every DPDP Act 2023 obligation. Nothing to configure.

  • Attach evidence files directly to each control: PDFs, screenshots, policy documents
  • Step-by-step implementation checklists with status tracking and overdue indicators
  • One-click PDF export formatted for external auditors with evidence index
app.vratex.com
ISO 27001:2022 — Annex A
62%
A.5.1Information security policiesCompliant3 files
A.5.2Information security rolesCompliant2 files
~
A.6.1Screening of personnelIn Progress1 files
~
A.6.2Terms and conditions of employmentIn Progress
A.7.1Physical security perimetersNot Started
A.8.1User endpoint devicesCompliant4 files
AI Gap Analysis

From Posture to Roadmap in Seconds

AI analyses your entire compliance posture. Gaps are ranked by regulatory exposure, not alphabetical order.

  • Surfaces critical gaps and generates a structured, time-bounded remediation roadmap
  • Quick wins identified automatically. Close compliance gaps in hours, not months
  • Full audit report generation enriched with findings and evidence status
app.vratex.com
AI Gap Analysis
AI-Powered
Critical Gaps Found
1.Data Processing Agreement templates missing for 3 vendor relationships — DPDP S.8 non-compliance risk
2.No documented consent withdrawal mechanism — required under DPDP S.6(4)
3.Incident response plan not tested in 12 months — ISO 27001 A.5.24 gap
Quick Wins
Publish data retention schedule — 2 hours, closes DPDP S.8(7)
Enable MFA on admin accounts — 30 minutes, closes A.8.5
Generating remediation roadmap...
AI-Powered

Six AI Capabilities, One Intelligent Platform

Every AI feature runs server-side, streaming results in real time. No spreadsheet can do this.

Gap Analysis

Scans your entire compliance posture and ranks gaps by regulatory exposure, not alphabetically.

Control Guidance

Contextual implementation advice for every ISO 27001 and DPDP control. No more Googling standards.

Evidence Adequacy Check

AI reviews your uploaded evidence and tells you if it's sufficient or what's missing.

Finding Writer

Generates formal audit findings from compliance gaps: title, description, impact, recommendation.

Remediation Roadmap

Three-phase action plan: Quick Wins, Medium Effort, Structural. Each with time estimates.

Audit Report

Full audit report generated from your data, enriched with prior findings and evidence status.

AI-Powered. Built for Indian compliance.
Competitive Position

The Gap Vratex™ Fills

Most GRC platforms are built for US startups chasing SOC 2. Vratex is built ground-up for DPDP compliance and Indian enterprise requirements.

CapabilitySpreadsheetsOther GRC PlatformsVratex™
DPDP Act 2023 — nativeManual mappingTypically not availableBuilt-in
ISO 27001:2022 (93 controls)ManualPartial / add-onBuilt-in
Tamper-evident audit logNoneEnterprise tier onlyAll plans
AI gap analysisNoneAdd-on / costlyAll plans
INR billing + GST invoiceN/AUSD onlyRazorpay
All PII stored in IndiaYour deviceTypically US serversMumbai
Starting price₹0 (no system)₹2L–5L / monthFree to start
Why Vratex™

Six Reasons Compliance Leaders Choose Vratex™

India-First, Not India-Adapted

DPDP Act 2023 controls are native. Pre-seeded, pre-mapped, ready on day one. Not a plugin, not a cross-reference PDF. Built in.

Fraction of the Consultant Cost

A fraction of the cost versus ₹5–20 lakh per engagement. Vratex™ never leaves. It updates as your posture changes, continuously.

Evidence When You Need It

Attach evidence to every control. When an ISO auditor arrives, you produce a complete timestamped evidence pack. No frantic search.

Database-Layer Tenant Isolation

Row-level security at the Postgres engine. A code bug is far less likely to become your compliance breach. No organisation ever sees another's data.

Tamper-Evident Proof of Diligence

Every action logged to a hash-chained audit table with 7-year retention. A regulator asks 'what did you know?' You have the answer.

Priced for the Indian Market

No USD invoices. No opaque enterprise quotes. Razorpay, GST-compliant, INR pricing, cancel anytime. Designed for how India buys.

Standards & Security

Built for the Frameworks That Matter

Every design decision was made with DPDP Section 8(5) in view.

DPDP

DPDP Act 2023

India's Digital Personal Data Protection Act. Every obligation pre-mapped and pre-seeded, ready from day one.

ISO

ISO/IEC 27001:2022

All 93 Annex A controls with step-by-step implementation checklists, evidence tracking, and gap analysis.

Enterprise Architecture

Security built into the database layer. Not bolted on after.

Row-Level SecurityDPDP S.8(5)
Mumbai Data ResidencyIndia-hosted data
Hash-Chained Audit Log7-year retention
MFA on Paid PlansAccount security
Right to ErasureDPDP S.12