1. Authorisation and governance
Net-worth, fit-and-proper governance, and a board-approved policy are prerequisites for RBI authorisation.
2. The System Audit (SAR)
An annual System Audit Report by a CERT-In empanelled auditor covers security, data storage and compliance.
3. PCI DSS and data localisation
- Maintain a PCI DSS-compliant posture for card data.
- Store payment data only in India.
- Route funds through escrow and settle on time.
How CyberSigma helps
CERT-In empanelled and PCI QSA authorised, we deliver your PA-PG System Audit, PCI DSS assessment, VAPT and data-localisation verification.
This guide is educational and not legal advice. Requirements evolve — validate specifics against the current standard or regulation for your situation.
