WhiteBooks Compliance

WhiteBooks holds the certifications enterprise buyers expect: ISO 27001 (info-sec ISMS), DPDP Act 2023 (Indian data protection), GSP certification from GSTN, NIC e-Way Bill compliance, ZATCA Phase 2 for KSA. SOC 2 Type II audit is in progress.

Certifications

StandardStatusScope
GSP (GST Suvidha Provider)Certified by GSTNDirect gateway to GST portal, IRP, NIC e-Way Bill system
ISO/IEC 27001:2022Certified · annual surveillanceInformation security management system across the platform
DPDP Act 2023Compliant · attestedIndian Digital Personal Data Protection Act 2023
ZATCA Phase 2 (KSA)Approved EGSe-Invoicing for the Kingdom of Saudi Arabia
SOC 2 Type IIIn progress (target Q4 2026)Security, Availability, Confidentiality
VAPT (annual)Conducted · external auditorApplication + infrastructure penetration testing

DPDP Act 2023

ISO 27001

Annual surveillance audit by an independent ISO body. Scope covers all 114 Annex A controls including A.9 Access Control, A.10 Cryptography, A.12 Operations Security, A.13 Communications Security, A.14 System Acquisition + Development, A.16 Incident Management, A.17 Business Continuity, A.18 Compliance.

Audit trail retention

Every state-changing API call is retained for 7 years — matching GST Act 16 and Income Tax Act 44AA retention requirements. Customers can pull their audit log on demand for internal or regulator-driven audits.

Part of the WhiteBooks Enterprise cluster. Last updated 27 May 2026.