logotype

System Audit ReportData Localization (SAR)

The System Audit Report for Data Localization (SAR) & Storage of Payment System Data is a compliance mandate driven by RBI to ensure appropriate security measures and data localization controls for storage of payment related data.

 

Key Criteria for System Audit Report for Data Localization (SAR)

Based on the RBI & NPCI Guidelines, the following key criteria need to be covered as part of this audit.

The audit should must be conducted by CERT-IN empanelled auditors certifying completion of activity.

SANS25 Secure Coding Guidelines

A well-known compilation of the most frequent security vulnerabilities found in all types of systems, with the goal of installing security into every developer’s head.

Approach for System Audit Report for Data Localization (SAR)

Based on our extensive experience with delivering SAR for Data Localization & Storage of Payment System Data, we have developed the following approach:

Phase 1 – Information Gathering & Documentation Review

A detailed questionnaire is shared with your teams and various documentation and evidences are collected on the architecture, implementation and controls in place. These documents are thoroughly reviewed by our experts to understand the implementation and flag any concerns. This questionnaire is designed keeping in mind the RBI FAQs.

Phase 2 –Assessment, Validation & In-Depth Control Review

As part of this phase, an in-depth analysis of is carried out to validate all the documentation and cross-examine artefacts provided. Along with this the technical controls are assessed in-line with best-practices and data flow is analysed to identify potential risks or gaps.

Phase 3–Remediation & Re-Validation

A comprehensive report is provided with any areas of concern, risks or violations. Appropriate recommendations are provided along with detailed proof of concept details to help your teams understand the concerns raised. Our team works with you to carry out re-validation to ensure that you are able to close all the gaps and achieve succesful compliance.

Phase 4–CERT-In Empanelled Certification

As a CERT-In Empanelled Auditor, we document the entire activity along with relevant documentation, artefacts, findings, recommendations etc. A CERT-In Certification is issued for the System Audit Report (SAR) for Data Localization & Storage of Payment System Data.

System Audit Report for Data Localization (SAR)

As a CERT-In Empanelled Auditor, we document the entire activity along with relevant documentation, artefacts, findings, recommendations etc. A CERT-In Certification is issued for the System Audit Report (SAR) for Data Localization & Storage of Payment System Data.

Leave us massage

How May We Help You!