NPCI continues to invest in people, process and technology that are required to safeguard the IT Infrastructure, information generated by them and the digital identities that access such information – remains safe and secured by deploying state-of-the-art technologies for protecting and monitoring them.
With the vision of serving every Indian with one or other Digital Payment solution, NPCI, passionately drives close to 2.5 Billion transactions on a monthly basis using its indigenously developed platforms like RuPay, UPI, IMPS, AePS, NETC, Bharat Bill Pay etc. These systems are built indigenously with high resiliency & protection to cater our vision of being the “Best Payments Network globally”.
Strong Corporate Governance at NPCI
NPCI faces many inspections as per the regulatory and Government compliances. Audits & Inspections of various nature are conducted periodically to enhance and strengthen Corporate Governance.
Some of the practices at NPCI include –
a) Secured software Coding practices including Code review & application security assessments
b) Regular internal audits across Information Communication Technology (ICT) Infrastructure
c) Continuous Vulnerability Assessment and Penetration Testing followed by periodic patching
d) External audits of Critical Applications
e) Regulatory inspection or audit from both regulator and Government Nodal agencies on periodic basis
f) 3rd Party audits such as compliance to PCIDSS, carried out by QSA’s (Qualified Security Assessor) qualified by PCI Council to validate adherence to PCIDSS Standards & compliance to ISO 27001, carried out by qualified ISO Lead Audit firms.
g) Surprise cyber security drills by third-party experts
NPCI ensures all findings are elaborately reviewed and remediated to the satisfaction of the auditors. Appropriate compensatory controls are deployed wherever necessary.
Lt. General Rajesh Pant, NCSC, “We conduct Special Cyber Audits as part of the nation’s effort to protect and safe guard all critical enterprises such as NPCI, UIDAI, NIC etc, thereby helping to ensure the overall National Security. NPCI has provided higher levels of access to NCSC that are not normally made available to any stakeholders during regular course of business, as an effort to strengthen its cyber defense. I wish to compliment the top leadership of NPCI and their CISO for inculcating a culture of strong Cyber Security Governance with a robust infrastructure which meets global security standards.”
Strong Cyber Security Practice & Data Security
NPCI has adopted its Security framework inline to the NIST Framework to include Protect, Detect, Respond, Predict and Recover methodology. NPCI has embraced implementation of these policies, processes and guidelines to manage risks to its information assets, thus ensuring acceptable levels of risk.
Dilip Asbe, MD & CEO NPCI said, “We consider audits as an important governance layer for the IT systems that evolves constantly, for appropriateness and adequacy of controls deployed so as to ensure that the critical systems, processes and data under its purview remain safe and secure. As a process, NPCI has ensured that there are adequate controls across multiple levels and Audit findings are remediated immediately and closed to satisfaction of auditing entities.
At NPCI, we working together with all stakeholders to ensure safe, secure and convenient payment solutions for consumers. Our products are undergoing progressive developments on a continuous basis to ensure consumer gets the best of payments experience.”