Managed SOC in Delhi · Government, PSU & Ministry

Delhi managed-SOC demand is dominated by central-government, PSU and ministry buyers — and the central-government SOC operating model is fundamentally different from a private-sector SOC. Tendering routes through GeM (Government e-Marketplace), the Central Public Procurement Portal (CPPP), or the Defence e-Procurement portal where applicable. The buyer asks for CERT-In empanelment, GeM seller-ID, ISO 27001:2022 + ISO 9001:2015 certificates, and Indian-passport-only senior consultant deployment for defence-adjacent scope. Macksofy operates a GeM-listed managed-SOC capability with a Delhi-resident bid-desk for active tender response within the portal's 7-21 day windows.

Central-government SOC content is the headline library. The detection-content library covers MeitY / CERT-In / NCSC office continuous-monitoring expectations for ministry citizen-portal estates — citizen-portal anomaly (Hindi + Bhashini regional-language frontend abuse, citizen-data egress, role-of-officer authorisation drift), Aadhaar AUA / KUA integration anomaly (biometric-replay, eKYC consent-flow integrity, virtual-ID handling per UIDAI Authentication Regulations 2016), DigiLocker integration anomaly (OAuth scope confusion per MeitY partner-onboarding checklist), and APIGW-of-India inter-ministry consent-and-purpose-binding layer monitoring. State-government and PSU adjacencies layer in TN-eGA, Delhi-Govt-IT, AP-state-IT and Telangana-state-IT-specific content where the engagement scope crosses state-government estates.

PSU bank SOC content is the second pillar — calibrated to the heterogeneous PSU bank IT estate (Finacle + BaNCS coexisting, legacy mainframe-RACF, 4,000-15,000 branch nodes). Content covers RBI Master Direction on IT Governance (November 2023) continuous-monitoring expectations, the Department of Financial Services circular cadence, and the CAG audit overlay that drives milestone-aligned monitoring evidence packs. PSU bank SOC engagements are typically 12-24 month retainers with milestone payments tied to CAG audit cycles. Inspection-defence support is included as a base deliverable for DFS / RBI thematic-review cycles.

Defence-adjacent SOC content adds Indian-soil-only delivery and Indian-passport-only senior consultant requirements. Macksofy maintains an Indian-soil-only delivery option (no foreign-soil data egress, no foreign-passport-holder access to engagement materials) for defence-adjacent ministry, public-sector-undertaking and adjacent department engagements. Attestation that satisfies the procuring department's information-security policy is signed by an authorised Macksofy signatory. Detection-content shipment uses Indian-soil tooling and the storage configuration is Indian-soil-only.

Delhi-NCR fintech SOC content is the third pillar — same library architecture as our Mumbai and Noida fintech SOC operations. RBI Master Direction + RBI PA-PG (for the Connaught Place / Karol Bagh / Saket fintech corridor's PA-PG licensees) + RBI Digital Lending Guidelines (for the corridor's lending fintech) detection content. Aadhaar AUA / KUA / DigiLocker / account aggregator / credit-bureau integration anomaly content is shipped per the Noida combo's coverage.

DPDP Act §16 cross-border-transfer monitoring is a base deliverable. Central-government and PSU engagements rarely have cross-border-data flows but ministry-adjacent fintech, Delhi-NCR foreign-bank GCCs (where the engagement scope is mixed) and Delhi-headquartered IT-services majors have substantial cross-border-data flows. DPDP §16 monitoring covers contractual-safeguard reference, technical-safeguard verification (encryption-in-transit + at-rest with customer-managed keys), and operational evidence (egress monitoring, consent-flow integrity, withdrawal-propagation).

Tier structure is calibrated to central-government scope. Tier-1 (24×7 SIEM triage) operates from Mumbai BKC and (for Indian-soil-only delivery scopes) from a dedicated Indian-soil-only delivery floor. Tier-2 (8×5 senior analyst) operates from Mumbai BKC with a Delhi-resident embedded senior for sustained ministry / PSU bank programmes. Tier-3 (on-call DFIR specialist) mobilises from Mumbai BKC and flies BOM → DEL (2 hours) plus Aerocity → ministry / PSU bank head-office drive (30-90 minutes depending on location). Onsite SLA inside 6 hours from escalation.

Procurement reality matters. Central-government SOC engagements close through GeM reverse auction or BoQ-based bidding with the empanelment certificate + GeM seller-ID + comparable-engagement-experience as the three levers that decide L1 outcome. PSU bank SOC closes through the GM-IT + CISO + board-IT-committee secretary with CAG-aligned milestone payments. Delhi-NCR fintech SOC closes through the CTO + AppSec lead + head of compliance in faster CTO-and-AppSec-lead signoff cycles. Engagement length is typically 12-36 months for central-government / PSU programs, 12 months for Delhi-NCR fintech.