As a CERT-In empaneled cybersecurity audit firm, DigiFortex is fully authorized to conduct Vendor Site Compliance Certificate (VSCC) audits for organizations looking to integrate with SBI’s payment gateway. Our certification by CERT-In enables us to provide the official VSCC certification that private merchants are required to obtain, ensuring they meet SBI’s stringent security requirements.
Request free consultation - Click Here
What is VSCC Audit?
SBI has established a compliance mandate for vendors to implement robust security controls and best practices on merchant websites integrated with their payment gateways. To integrate SBI’s payment services, payment service providers or vendors must undergo a Vendor Security Compliance process, meeting all specified requirements. The Vendor Site Compliance Certificate (VSCC) required for this process can only be issued by a CERT-In empaneled organization. While this certificate is mandatory for private merchants, government clients and reputable educational institutions may submit a self-certified Form C instead.
The key areas covered by the VSCC Form C questionnaire include:
- SSL Certificate & Encryption
- Application Security
- Vulnerability Assessment & Penetration Testing
- Firewall
- Data Storage & Localization
- Audit Trail & Logging
- PCI DSS (if applicable)
- Data Sharing & Privacy
A CERT-In empaneled auditor must complete, sign, and certify the VSCC Form C, which vendors then submit to SBI as part of the merchant onboarding process.
Why DigiFortex?
As a CERT-In empaneled and ISO 27001:2022 certified organization, DigiFortex is globally recognized in providing Information Security consulting. Our team started McAfee in India and holds 17 US patents. DigiFortex provides insurers with expert guidance on VSCC Audit Certification, ensuring robust compliance and risk management. We offer detailed assessments, proactive risk mitigation and actionable support, enabling insurers to maintain high standards of data protection and regulatory compliance.
Our team is composed of globally certified experts, including ISO 27001 Lead Auditors for Information Security, Certified Information Privacy Professionals for Europe (CIPP/E) from the International Association of Privacy Professionals (IAPP), DSCI Certified Privacy Lead Assessors (DCPLA), CCSA, CISM, CISA, ISO 27001 LA, CEH, CRTP and more. Backed by diverse industry experience, our professionals provide comprehensive security and privacy solutions tailored to meet the highest standards.
A small glimpse of DigiFortex’s globally recognized work
-
Completed the Prepaid Payment Instrument (PPI) audit for Amazon Pay, which included:
- IS Audit (Information System Audit)
- V-KYC (Video-based Know Your Customer)
- VAPT (Vulnerability Assessment and Penetration Testing)
- SAR (Security Assessment Report)
- RBI Data Localization compliance
- Conducted security assessments for the #1 U.S. financial institution, covering 17 of their websites across 17 countries.
- Performed a comprehensive Cloud Security Assessment for HDFC Bank.
- Provided IT audit services for the integration of HDFC’s system with the Government of India’s Solar Energy Corporation of India (SECI).
- Selected by Indian Bank to conduct a full security assessment of their data centers in Chennai and Mumbai.
Request free consultation - Click Here
