Any firm that wants to get empaneled as KUA (KYC User Agency) or AUA (Aadhaar Authentication Services) must get their security assessment done and achieve their compliance certification only from a CERT-in empaneled auditor.
As per the UIDAI guidelines in India, client applications need to be audited only by CERT-In empaneled auditors and AUA’s and KUA’s need to ensure that they get their operations audited and submit that audit report to UIDAI on an annual basis and need basis to ensure compliance as per UIDAI’s requirements and standards.
Since we’re empaneled auditors with CERT-In we can audit and assess your information security environment, its risks, and controls over such information security assets and information on a periodic basis. This is as per UIDAI’s security audit and compliance requirements.
UIDAI’s latest policy on Information Security for all AUA’s and KUA’s mandates the following domains and controls of information security which need to be audited:
- Access Control
- Asset Management
- Change Management
- Communications
- Compliance
- Cryptography
- HR - Human Resources
- Information Security Incident Management
- Operations Security
- Password Policy
- Physical and Environmental Security
