How we can help you in CERT-In Audits?
Being a CERT-In empanelled, we are obliged and responsible for upholding the Information Technology Security and helping our clients in protecting, detecting, and responding to an organization's cybersecurity incidents.
Our approach and methodologies are aligned with CERT-In provided guidelines and procedures.
Overview of Steps For Getting CERT-In Security Clearance
1. Detailed Security Audit of the application or system in scope. A detailed security audit report (First Audit Report) will be given as a deliverable.
2. Confirmatory/Revalidation Audit: Once the client confirms that vulnerabilities discovered in the First Audit report are patched, then the next round of testing will be conducted for validating the closure of the reported issues along with any new issues that may get discovered due to applied fixes. This process is repeated till the application is free from vulnerabilities.
3. Issuance of Certificate: Once all the vulnerabilities have been patched, we can issue a security clearance certificate for the scope of Security Audit in addition to the Final Report. Our certificate can be presented to regulatory bodies/clients for compliance requirements and go live.
When a CERT-In Audit is required?
CERT-In audits are required for attesting the security of an organization’s application/IT Infra for Compliance Requirements or Go-live.
This CERT-In Audit requirement is applicable to below but not limited to:
1. Banking and Financial Institution
Public and Private Sector Banks
Rural and Urban Cooperative Banks
Payment Gateways and Aggregators
2. Organizations that come under the preview of SEBI Cybersecurity and Cyber Resilience Framework
3. Companies hosting their infrastructure or web application in NIC (National Informatics Centre)
4. Organizations associated with UIDAI or provisioning Aadhaar KYC and Authentication (Unique Identification Authority of India) - AU/SA and KU/SA Audits
5. Organizations that come under the preview of ISNP Security Audit as per IRDAI(Insurance Regulatory and Development Authority of India)
6. Third-party vendors providing any information technology services range from Application, Infrastructure, and Cloud.
For how long the CERT-In Security Clearance Certificate is Valid?
The certificate is valid for 1 Year post-issuance, provided that no changes are done in the application/IT system for the period. If any changes in application code or system configurations are required, the organization should again conduct the CERT-In audit for getting the Security Clearance Certificate.