Articles - precise testing solution

E-Sign ASP Compliance Audit

Introduction

Any vendor that offers software that will include data but is maintained and operated in the vendor's data Centre and is not under the control or security of information technology, is considered an application service provider. This includes third party software and services vendors. 

Home » E-Sign ASP Compliance Audit

Key Requirements of E-Sign ASP Compliance Audit

  • Digitally signed and encrypted communication between the ASP (Application Service Provider) and the ESP (E-Sign Service Provider) is required. 
  • It is strongly advised that ASP and ESP have leased lines or other kinds of secure private communication lines. 
  • ASP should have a written information security policy that complies with safety regulations like ISO 27001 and also compliance review of controls as per information security policy. 
  • It is important to maintain adherence to current legislation, such as the IT Act 2000 rules and regulations clause of the constitution. 
  • Solutions to prevent malware/virus attacks may be put in place for which anti-virus software must be deployed to secure against viruses. Further networks security measures and end point authentication mechanisms may be put in place. 
  • Processes for obtaining resident permission must be put in place in order to secure consent for every activity taken. The consent form must be saved once the user is asked whether they are prepared to sign it. 
  • A Cert-In appointed auditor should perform the application security assessment of the ASP (Application Service Provider). 
  • ASP shouldn’t assign any duties to apps or other companies. 
  • E-Sign service stakeholders must include end users, ASPs, ESPs, CAs, e-KYC providers, and CCAs. 
  • Presentation and evaluation of the E-Sign-related production-ready application is necessary. 

WHY CHOOSE US

Highly Skilled Team

Experience Across Industries

Affordable Pricing

Quality Work

Assessment Of Binary code

Transparent Reporting

Latest Tools

Why should you choose Precise Testing Solution?

The Precise Testing Solution is a STQC & CERT-IN empanelled company that is a member of the Data Security Council of India and NASSCOM, and is also certified under ISO 9001:2008 and ISO 27001:2013 standards & licensed IT services software testing company that provides cyber security services as well along with information security solutions that include VAPT Services, Penetration Testing Services, and Vulnerability Assessment Services.  

Connect with us!

For a complete solution to your auditing needs

We believe in forging a lifelong bond with our customers, based on trust and faith.

Contact Us
Precise Testing Solution Pvt Ltd