The Srida AI Agent Suite — 22 agents, 6 live today

Twenty-two purpose-built AI agents for GRC.

We don't bolt AI onto a traditional consultancy. Every Srida IT engagement runs on a named suite of specialist LLM agents — organised into seven tiers — under the supervision of certified GRC experts. Each agent owns a real slice of delivery, with auditable inputs and deterministic outputs.

Tier 1

Operating Foundation

Five agents in production today. The daily-execution layer behind every Srida engagement — drafting, gathering, testing, monitoring, auditing.

In Production
#01

Aarya

Policy Agent

Drafts ISO 27001, SOC 2, DPDPA, HIPAA policies in minutes.

Ingests org context, regulatory scope, and existing controls. Drafts the full policy stack mapped to clause IDs. A certified consultant reviews and you sign.

  • Clause-level mapping (ISO / SOC / PCI / DPDPA)
  • Industry-adaptive tone (fintech, health, SaaS)
  • Versioning + board-ready diff view
aarya@sridait.comView profile →
In Production
#02

Bhuvi

Evidence Agent

Continuously collects audit-ready evidence from your stack.

Connects to cloud, identity, ticketing, code repos, HRMS. Pulls evidence on a schedule, tags it to controls, assembles audit packets on demand.

  • Connectors: AWS, Azure, GCP, Okta, GitHub, Jira
  • Auto-mapping to NIST 800-53 + ISO Annex A
  • Tamper-evident chain-of-custody log
bhuvi@sridait.comView profile →
In Production
#03

Charan

Control-Test Agent

First-pass control testing so auditors land on prepared ground.

Executes deterministic test scripts against each control — MFA enforcement, log retention, vendor DD, backup integrity. Flags failures with reproducible evidence and CAPA drafts.

  • Pre-built library: ISO Annex A, SOC 2 TSC, PCI DSS
  • Failure clustering — root-cause across controls
  • Auto-generated CAPA drafts
charan@sridait.comView profile →
In Production
#04

Devika

Autonomous DPO Agent

24/7 DPDPA & GDPR watch — flows, vendors, DSAR queue.

Watches processing register, vendor list, DSAR queue. Flags unauthorised flows, vendor renewals without re-assessment, DSARs nearing SLA. Drafts board-ready privacy posture reports.

  • DPDPA Sec 8 & 9 obligations tracker
  • Cross-border transfer & adequacy monitoring
  • Automated DPIA for new high-risk processing
devika@sridait.comView profile →
In Production
#05

Esha

Audit Agent

Mock audits before the auditor walks in.

Full dry-run audits across your framework. Interviews control owners, samples evidence, identifies gaps, produces an auditor-style finding report so you close gaps before they fail you.

  • Mock audits: ISO 27001, SOC 2 II, PCI, ISO 27701
  • Control-owner interview simulator
  • Observation → root-cause → recommendation format
esha@sridait.comView profile →
Tier 3

Strategic Advisory

Counsel for CISOs, DPOs, and Boards. Strategic-tier agents brief leadership, run M&A diligence, and quarterback crisis response.

Shipping 2026 H2
#07

Falgun

vCISO Advisor

Cyber strategy, target-operating-model design, M&A diligence.

Brings CISO-tier judgement to fractional engagements — 3-year security roadmap, target-operating-model design, M&A cybersecurity due-diligence, Board narrative translation.

  • 3-year security roadmap synthesis
  • M&A buy-side & sell-side cyber diligence
  • Board / Risk Committee briefing prep
falgun@sridait.comView profile →
Shipping 2026 H2
#08

Gauri

vDPO Advisor

Privacy strategy, DPIA design, regulator engagement.

Strategic counterpart to Devika — sets the privacy programme strategy, designs DPIAs for high-impact products, and prepares the org for regulator engagement.

  • Privacy programme target-state design
  • DPIA scoping for AI / cross-border features
  • Regulator engagement & inquiry response
gauri@sridait.comView profile →
Shipping 2026 H2
#09

Hari

Board Liaison

Translates the security & privacy posture for non-technical leadership.

Converts technical posture into Board-and-Audit-Committee narratives. Builds the quarterly risk pack, the regulator-facing narrative, and the cyber section of the annual report.

  • Quarterly Board risk pack generation
  • Audit Committee briefing materials
  • Annual-report cybersecurity section drafting
hari@sridait.comView profile →
Shipping 2026 H2
#10

Ira

Crisis Coordinator

On-call commander for breach, ransomware, regulator inquiry.

Orchestrates incident response across legal, PR, IT, forensics, and regulators. Maintains the runbook, drives the war-room cadence, and produces the post-incident dossier.

  • Real-time IR war-room orchestration
  • Regulator notification timer (DPDPA 72h, CERT-In 6h)
  • Post-incident dossier + lessons learned
ira@sridait.comView profile →
Tier 4

Frameworks & Compliance

Framework-specialist agents. Each one owns the full implementation, gap-close, internal audit, and external-audit prep for a single regime.

Shipping 2026 H2
#11

Jay

ISO 27001 Lead

End-to-end ISMS — scoping to Stage 2 certification.

Owns the ISMS lifecycle: scoping, Annex A mapping, statement of applicability, internal audit, management review, Stage 1 / Stage 2 audit preparation.

  • Annex A control mapping + SoA generation
  • Internal audit programme + finding registers
  • Stage 1 / Stage 2 audit readiness
jay@sridait.comView profile →
Shipping 2026 H2
#12

Karan

SOC 2 Specialist

Type I & Type II across all five Trust Service Criteria.

Runs SOC 2 readiness for SaaS clients — TSC selection, control library, observation window management, CPA audit liaison.

  • TSC selection: Security, Availability, Confidentiality, Processing Integrity, Privacy
  • Type I → Type II observation-window orchestration
  • CPA-audit liaison + walkthrough prep
karan@sridait.comView profile →
Shipping 2026 H2
#13

Lila

PCI DSS Engineer

v4 scoping, segmentation, RoC preparation.

Owns PCI DSS v4 readiness — cardholder-data environment scoping, network segmentation validation, RoC evidence packet for the QSA.

  • PCI DSS v4 scoping + CDE definition
  • Segmentation testing + evidence
  • RoC packet for the QSA
lila@sridait.comView profile →
Shipping 2026 H2
#14

Manu

DPDPA Programme Lead

Section 8/9/11 compliance, ROPA, regulator readiness.

Owns the operational DPDPA programme — ROPA build-out, Sec 8 / 9 / 11 obligations mapping, breach response runbook, regulator-readiness drills.

  • ROPA template + processing-activity inventory
  • DPDPA Sec 8 / 9 / 11 obligation matrix
  • DPB regulator-readiness drills
manu@sridait.comView profile →

How Srida AI is engineered

Four design principles that separate Srida's agents from a chatbot stapled onto a GRC SaaS.

Deterministic where it matters

Every grading, ranking, and pass/fail decision is a numeric computation — same inputs always produce identical outputs. Fully auditable to clients and regulators.

Human-in-the-loop at every gate

Agents draft, propose, and flag. Certified GRC experts review, decide, and own the deliverable. Speed of AI, defensibility of human judgement.

Worst-of-engines integrity

Where we use AI to evaluate AI (or candidates), multiple independent engines run in parallel and the worst signal wins. No single engine can rubber-stamp an output.

Built in India, for Indian regulators

Native DPDPA, CERT-In, RBI Master Direction, and SEBI awareness — alongside ISO, SOC, GDPR, PCI. Localisation isn't an afterthought.

See the agents draft, test, and audit — live.

30 minutes. We'll run your real framework, with your real context, and produce a real evidence packet. No slides.