Rules and Regulations of India

Law Library of Rules and Regulations of India

Section 31 – THE INFORMATION TECHNOLOGY (CERTIFYING AUTHORITIES) RULES,2000

31. Audit.

(1) The Certifying Authority shall get its operations audited annually by an auditor and such audit shall include inter alia,-

i. security policy and planning;

ii. physical security;

iii. technology evaluation;

iv. Certifying Authority’s services administration;

v. relevant Certification Practice Statement;

vi. compliance to relevant Certification Practice Statement;

vii. contracts/agreements;

viii. regulations prescribed by the Controller;

ix. policy requirements of Certifying Authorities Rules, 2000.

(2) The Certifying Authority shall conduct,-

(a) half yearly audit of the Security Policy, physical security and planning of its operation;

(b) a quarterly audit of its repository.

(3) The Certifying Authority shall submit copy of each audit report to the Controller within four weeks of the completion of such audit and where irregularities are found, the Certifying Authority shall take immediate appropriate action to remove such irregularities.

Main Index

Rules and Regulations of India

MyNation

Leave a Reply

Your email address will not be published.

Copyright © 2022 Rules and Regulations of India