What is a Payment & Settlement Systems (PSS) Audit?

Reserve Bank of India is responsible for controlling the Banking Payment and Settlement System in India under Payment Settlement Act 2007. Accordingly, RBI provides a certificate of authorization to any company setting up and operating a payment system in India. To remain authorized, a payment company must comply with stipulated RBI requirements to ensure that the technology deployed to operate the payment system is safe, secure, and efficient, and as per the approved process flow. An RBI PSS audit evaluates security and controls, hardware, operating systems, applications, access controls, and disaster recovery, among other aspects.

Applicability

A payment company must comply with stipulated RBI requirements to ensure that the technology deployed to operate the payment system is safe, secure, and efficient, and as per the approved process flow.

Objective

  1. To ensure every system provider shall operate the payment system in accordance with the provisions of the PSS Act and the rules and regulations which deal with the operation of payment system.
  2. To ensure the system providers shall disclose the terms and conditions, including the charges and limitations of liability to their existing or potential system participants.
  3. To ensure the safety of the customers, the audit should ensure that the technology deployed for the operation of the payment system is working in a safe, secure, and efficient manner in accordance with the approved process flow.
  4. To evaluate the hardware, structure, operating systems, and critical application should be considered under the scope of system audits.
  5. To ensure the required to act in accordance with the contract governing the relationship between the system participants and the rules and regulations which deal with the operation of payment system.
  6. To include security and controls to be in place, increased access controls in key applications, a proper disaster recovery plan, training of personnel managing systems and applications, among other things.

Approach

Our approach has been covered in  4 phases as mentioned below:

Phase 1: Audit Planning
Planning and preparation of the audit scope and objectives. 

Phase 2: Risk Assessment and Business Process Analysis
Assessment, measuring, managing, and controlling IT-related risks, thus enhancing the reliability of processes and the entire information system. 

Phase 3: Audit Performance (Compliance and System Review) 
Assessment of controls over critical system platforms, network and physical components, IT infrastructure supporting relevant business processes.

Phase 4: Reporting
Report audit findings, conclusions, and recommendations of the audit in terms of conformance, non-conformance, and opportunities to improve.

      Why CyberSRC®?

      1. We are team of qualified professionals with rich experience of multiple industries such as Manufacturing, BFSI, Insurance, Healthcare, NBFCs & others. Our consultants are industry experts and have proven track records, some of the renowned certificates that our consultants hold such as CISA, CISSP, COBIT, CEH, CCNA, OSCP, ISO 9001 LA/LI, ISO 27001, ITIL LA/LI, PMP, to name a few. 
      2. We believe in adding value to your business which is enabled through our Centre of Excellence (Coe) and, we have end-to-end capability for Program Build – Operations – Transformation. We can jump start and execute projects in Managed Services mode globally and flexible delivery models. 
      3. Our Vision is to be one of the World’s most trusted advisory & solution provider for Cyber Security, Data Protection an Assurance practices.