eSign ASP- Aadhaar

Aadhaar eSign is an online electronic signature service in India to facilitate an Aadhaar holder to digitally sign a document. The signature service is facilitated by authenticating the Aadhar holder via the Aadhar-based e-KYC service. An application service provider is any vendor that provides software that will contain data but is managed and operated in the vendor’s data centre and is not controlled or secured by Information Technology. An eSign ASP is a service provider for facilitating electronic signature service in India.

Applicable to all application service providers who provide for eSign Aadhaar services. To ensure the electronic signature is authentic, valid and in accordance with the law application service providers must adhere to strict security practices.

• To ensure appropriate information security is maintained and that the communication between ASP and ESP (E-sign Service provider) is secured.
• To ensure the ASPs follow standards such as ISO 27001 and comply with existing laws such as IT Act 2000 and rules to maintain Information Security.

Our approach has been covered in a 4-phases. These include: 

Phase 1: Audit Planning
Planning and preparation of the audit scope and objectives. 

Phase 2: Risk Assessment and Business Process Analysis
Assessment, measuring, managing, and controlling IT-related risks, thus enhancing the reliability of processes and the entire information system. 

Phase 3: Audit Performance (Compliance and System Review) 
Assessment of controls over critical system platforms, network and physical components, IT infrastructure supporting relevant business processes.

Phase 4: Reporting
Report audit findings, conclusions, and recommendations of the audit in terms of conformance, non-conformance, and opportunities to improve.