VSCC Certificate for SBI – Vendor Site Compliance Certificate
The VSCC Certificate (SBI) – Vendor Site Compliance Certificate is a compliance mandate given by SBI to ensure appropriate security best practices and controls deployed on merchant websites that are integrated with their payment gateways
As per the details shared by SBI, the Vendor Site Compliance Certificate (VSCC) can only be issued by CERT-In Empanelled Auditor and is only required for private merchants. Government clients and reputed educational institutes can self certify the Form C.

Key Criteria for VSCC Certificate – Vendor Site Compliance Certificate
Based on the Vendor Site Compliance Certificate (VSCC Form C) questionnaire, the following key criteria need to be covered as part of this audit.
- SSL Certificate & Encryption
- Application Security
- Vulnerability Assessment & Penetration Testing
- Firewall
- Data Storage & Localization
- Audit Trail & Logging
- PCI DSS (if applicable)
- Data Sharing & Privacy
The VSCC Form C must filled, signed & certified by a CERT-IN empanelled auditor which can then be submitted to SBI as part of the merchant on-boarding process.

Approach for VSCC Certificate – Vendor Site Compliance Certificate
Based on our extensive experience with VSCC Certificate (SBI) – Vendor Site Compliance Certificate, we have developed the following approach:
Phase 1 –Information Gathering & Documentation Review
Phase 2 –Assessment & Validation
As part of this phase, an analysis of is carried out to validate all the documentation and cross-examine artefacts provided. Along with this the technical points are assessed in-line with best-practices and the VSCC Questionnaire requirements.
Phase 3– Remediation & Re-Validation
A comprehensive report is provided with any areas of concern, risks or violations. Appropriate recommendations are provided along with detailed proof of concept details to help your teams understand the concerns raised. Our team works with you to carry out re-validation to ensure that you are able to close all the gaps and achieve succesful compliance.
Phase 4–CERT-In Empanelled Certification
VSCC Certificate for SBI – Vendor Site Compliance Certificate
The VSCC Certificate (SBI) – Vendor Site Compliance Certificate is a compliance mandate given by SBI to ensure appropriate security best practices and controls deployed on merchant websites that are integrated with their payment gateways As per the details shared by SBI, the Vendor Site Compliance Certificate (VSCC) can only be issued by CERT-In Empanelled Auditor and is only required for private merchants. Government clients and reputed educational institutes can self certify the Form C.
Leave us massage