logotype
VSCC Certificate for SBI – Vendor Site Compliance Certificate
Home VSCC Certificate for SBI – Vendor Site Compliance Certificate

VSCC Certificate for SBI – Vendor Site Compliance Certificate

The Vendor Site Compliance Certificate (VSCC) issued by SBI is a mandatory requirement to ensure that merchant websites integrated with SBI payment gateways adhere to proper security practices and controls. According to SBI, only CERT-IN empanelled auditors are authorized to issue the VSCC, and it is applicable only to private merchants. Government clients and reputable educational institutions can self-certify using Form C.

The SBI VSCC Certificate (Vendor Site Compliance Certificate) is a compliance obligation issued by SBI to guarantee that adequate security best practices and controls are applied on merchant websites that relate to their payment gateways.

Key Criteria for VSCC Certificate – Vendor Site Compliance Certificate

The following major criteria must be covered as part of this audit, according to the Vendor Site Compliance Certificate (VSCC Form C) questionnaire

  • SSL Certificate & Encryption
  • Application Security
  • Vulnerability Assessment & Penetration Testing
  • Firewall
  • Data Storage & Localization
  • Audit Trail & Logging
  • PCI DSS (if applicable)
  • Data Sharing & Privacy

The VSCC Form C must be filled, signed & certified by a CERT-in empaneled auditor which can then be submitted to SBI as part of the merchant on-boarding process.

 

Approach for VSCC Certificate – Vendor Site Compliance Certificate

Based on our extensive experience with VSCC Certificate (SBI) – Vendor Site Compliance Certificate, we have developed the following approach:

What we do

We have developed the following approach based on our significant experience with VSCC Certificate (SBI) – Vendor Site Compliance Certificate:

Phase 1 –Consists of Gathering Information and Reviewing Documentation.

A complete questionnaire is distributed to your teams, and various paperwork and evidence on existing security reviews and controls are gathered. Our professionals thoroughly evaluate these documents to understand the execution and identify any issues.

Phase 2 –Evaluation and Validation

An investigation is performed as part of this phase to validate all documentation and cross-examine the artifacts given. In addition, the technical aspects are evaluated in accordance with best practices and the VSCC Questionnaire standards

Phase 3– Remediation & Re-Validation

A detailed report is supplied, outlining any areas of concern, dangers, or violations. Appropriate advice is supplied, as well as specific proof of concept details, to assist your teams in understanding the issues presented.

Our team collaborates with you to complete re-validation to ensure that you can close any gaps and achieve successful compliance.

Phase 4–CERT-In Empanelled Certification

As a CERT-In Empanelled Auditor, we document the entire activity, including artefacts, findings, and recommendations. The Vendor Site Compliance Certificate (VSCC) is filled up with the necessary information, and as authorised CERT-In Empanelled Auditors, we sign, seal, and give it to the customer.

Contact RNR and be market ready to excel in your business.

VSCC Certificate for SBI – Vendor Site Compliance Certificate

The VSCC Certificate (SBI) – Vendor Site Compliance Certificate is a compliance mandate given by SBI to ensure appropriate security best practices and controls deployed on merchant websites that are integrated with their payment gateways As per the details shared by SBI, the Vendor Site Compliance Certificate (VSCC) can only be issued by CERT-In Empanelled Auditor and is only required for private merchants. Government clients and reputed educational institutes can self certify the Form C.

Leave us message

How May We Help You!

      Service Request Form

      Select Service(s) You Want:

      Information & cyber security program strategy & roadmapEnterprise & cyber security risk assessment & managementThird party risk managementVirtual CISO serviceCyber security awareness programPhishing simulation programThreat modelingUser access governance & certificationIncident management and response planISO 27001/22301/27701/9001RBI master directionNHB cyber security guidelinesIRDAI cyber security guidelinesNIST FrameworkSOC1/SOC2Data localization as per RBI circular of storage of payment system dataCIS frameworkInternal audit managementCloud assessment as per CISDesigning cloud security architectureCSPM security monitoringGap assessment as per applicable guidelinesNetwork architecture reviewFirewall rule reviewFirewall configuration reviewSystem hardening checksVulnerability assessment program managementWeb application penetration testingMobile application penetration testingInfrastructure vulnerability assessmentAPI vulnerability assessmentAPI fuzzingRed teaming ExerciseData protection advisoryData flow diagramDigital personal data protection acData protection controls implementationData discovery and classificationDesigning of data protection policyData governance programDigital personal data protection acGap assessmentArticulation of policy and proceduresISO 27001/22301/27701/9001, PCI-DSS, SOC1/SOC2, COBIT, COSO, HIPPA, RBI, IRDAI, NIST, Data Localization, CISGRC tool implementationArticulation of BCP plan and strategyCrisis management planBCP/DR planning and implementationImplementation of BCMS standard (ISO 22301)Conducting actual and tabletop DR drillsFunctional recovery planGRC resource deployment onsite/offsiteSecurity services resource deployment onsite/offsite

      Contact Details:

      Name (required):

      Organization Name (required):

      Email (required):

      Contact No (required):

      Detail about the requirement (optional):