Secure your business and stay compliant Talk to our Experts!

As a CERT-In empaneled organization, DigiFortex offers comprehensive System Audit Report (SAR) services, enabling organizations handling payment data to meet the stringent data localization requirements set by the Reserve Bank of India (RBI). Our team ensures full compliance with RBI mandates by assessing and certifying that all end-to-end transaction data is securely stored within India.

Request free consultation - Click Here

What is SAR Audit?

A System Audit Report (SAR) is a document that organizations, particularly those involved in handling payment data, are required to submit to the Reserve Bank of India (RBI) in compliance with the data localization mandate. The SAR serves as an official record certifying that the organization has fulfilled the requirement of storing end-to-end transaction data within India.

Key Criteria for System Audit Report for Data Localization (SAR)

Based on the RBI & NPCI Guidelines, the following key criteria need to be covered as part of this audit:

  • Payment Data Elements
  • Transaction / Data Flow
  • Application Architecture
  • Data Storage
  • Transaction Processing
  • Activities subsequent to Payment Processing
  • Cross Border Transactions
  • Database Storage and Maintenance
  • Data Backup & Restoration
  • Data Security

Approach For System Audit Report for Data Localization (SAR)

Based on our extensive experience with delivering SAR for Data Localization & Storage of Payment System Data, we have developed the following approach

Phase 1 – Information Gathering & Documentation Review

A detailed questionnaire is shared with your teams and various documentation and evidence is collected on the architecture, implementation and controls in place. These documents are thoroughly reviewed by our experts to understand the implementation and flag any concerns.

Phase 2 – Assessment, Validation & In-Depth Control Review

In this phase, we thoroughly analyze the documentation and review the provided artifacts to ensure their validity. Additionally, we assess the technical controls according to industry best practices and examine the data flow to identify any potential risks or gaps

Phase 3 – Remediation & Re-Validation

A detailed report will be provided if highlights any areas of concern, risks, or violations. In addition, we will offer appropriate recommendations and will work closely with you to facilitate re-validation, ensuring that all gaps are addressed, and successful compliance is achieved.

Phase 4 – CERT-In Empaneled Certification

As an auditor certified by CERT-IN, we thoroughly document all activities, including relevant paperwork, evidence, findings, and recommendations. We issue a CERT-IN certification for the System Audit Report (SAR) which focuses on data localization and storage of payment system data.

GRC Cycle

Why Do Organizations Need It?

SAR data localization shields native citizen’s financial and personal information in moments of geopolitical crisis.

Shielding against anti-money laundering threats.

Holistic implementation of regulations to secure payment gateways.

Enhance IT Governance for payment service providers.

Advantages

Secures citizen’s data and provides data privacy and data sovereignty from foreign surveillance.

Unfettered supervisory access to data will help Indian law enforcement ensure better monitoring.

Minimizes conflict of jurisdiction due to cross-border data sharing and delay in justice delivery in case of data breach.

It will give local governments and regulators the jurisdiction to call for the data when required.

Why DigiFortex?

As a CERT-In empaneled and ISO 27001:2022 certified organization, DigiFortex is globally recognized in providing Information Security consulting. Our team started McAfee in India and holds 17 US patents.

Our team is composed of globally certified experts, including ISO 27001 Lead Auditors for Information Security, Certified Information Privacy Professionals for Europe (CIPP/E) from the International Association of Privacy Professionals (IAPP), DSCI Certified Privacy Lead Assessors (DCPLA), CCSA, CISM, CISA, ISO 27001 LA, CEH, CRTP and more. Backed by diverse industry experience, our professionals provide comprehensive security and privacy solutions tailored to meet the highest standards.

A small glimpse of DigiFortex’s globally recognized work

  1. Completed the Prepaid Payment Instrument (PPI) audit for Amazon Pay, which included:
    1. IS Audit (Information System Audit)
    2. V-KYC (Video-based Know Your Customer)
    3. VAPT (Vulnerability Assessment and Penetration Testing)
    4. SAR (Security Assessment Report)
    5. RBI Data Localization compliance
  2. Conducted security assessments for the #1 U.S. financial institution, covering 17 of their websites across 17 countries.
  3. Performed a comprehensive Cloud Security Assessment for HDFC Bank.
  4. Provided IT audit services for the integration of HDFC’s system with the Government of India’s Solar Energy Corporation of India (SECI).
  5. Selected by Indian Bank to conduct a full security assessment of their data centers in Chennai and Mumbai.

Request free consultation - Click Here

For More Information

Contact Us

DigiFortex is a Cyber Security company focused on enhancing Security, Governance, Risk, Compliance (GRC) and Privacy postures for enterprises. Our flagship offerings are GRC, Advanced Penetration Testing(VA/PT), Cloud Security (CNAPP), Next-Gen Security Operation Center(SOC), MSSP, v-CISO and products for advanced Security Assessments.

© 2024 DigiFortex. All Rights Reserved.