eSign Application Service Provider (ASP) Audit

Get an in-depth analysis of the UIDAI’s ASP Audits.


Years Experience



% +

Client Retention

M +

Identities Protected

An application service provider is any vendor that provides software that will contain data but is managed and operated in the vendor’s data center and is not controlled or secured by Information Technology. This includes third party software and services vendors.

Audit Requirements:

  • The communication between ASP and ESP(E-sign Service provider) should be digitally signed and encrypted.
  • Communication lines between ASP and ESP should be secured. It is strongly recommended to have leased lines or similar secure private lines between ASP and ESP. If a public network is used, a secure channel such as SSL should be deployed.
  • ASP should have a documented Information Security policy in line with security standards such as ISO 27001.
  • Compliance review of controls as per Information security policy.
  • ASPs should follow standards such as ISO 27001 to maintain Information Security.
  • Compliance to prevailing laws such as IT Act 2000 and applicable Rules and Regulations thereunder should be ensured.
  • Software to prevent malware/virus attacks may be put in place and anti-virus software installed to protect against viruses. Additional networks security controls and end point authentication schemes may be put in place.
  • Resident consent processes must be implemented to obtain consent for every transaction carried out. The user must be asked for willingness to sign it and consent form should be stored.
  • Application Security Assessment of the ASP by Cert-in empaneled auditor.
  • ASP data logging for audit purposes provisioned.
  • ASP should not delegate any obligation to external organizations or applications.
  • Refer the Stakeholders involved in eSign service like end-user, ASP, ESP, CA, e-KYC Provider, and CCA.
  • Audit checklist provided under these guidelines.
  • Demonstration and analysis of the production-ready application, with regard to eSign.
  • Verification of Production environment for its security requirements, compliance and location.


What We Deliver ?

It’s an important practice that gives organizations visibility into real-world threats to your security. As part of a routine security check, penetration tests allow you to find the gaps in your security before a hacker does by exploiting vulnerabilities and providing steps for remediation.

018-bar graph
Digital Report

Our experts will furnish an itemized security evaluation report with legitimate remediation steps to be taken.

Distinguish Security Weaknesses inside your Digital Asset permitting you to proactively remediate any issues that emerge and improve your security act.

Vulnerability Data

Constantly updating Vulnerability Information to stay in touch with the emerging threat landscape.

Receive overview and trend data of all of the current security issues you face in your organisation. All viewable on an Digital Report.

Skilled Consultants

We also assured you that your assessments are executed by qualified experts.

Our group of security specialists holds industry capabilities, for example, CHECK Team Member and Team Leader, CEH, ECSA, OSCP, CISA, CISSP, and many more.

Request a Quote

Why Xiarch ?

Xiarch is a CERT-IN Empanelled & ISO 9001:2015 | ISO 27001-2013 Licensed Cyber Security Company and IT Services Company with solutions providers in Information Security like VAPT Services, Penetration Testing Services, Vulnerability Assessment Services, Among our consumers we proudly work for Government Organizations, Fortune one thousand Companies and countless start-up companies. We are additionally Value Added Partners, Authorized Re-sellers & Distributor of Leading Web Application Security Testing Tools.

We are headquartered in Delhi and have branch presence in Gurugram and Mumbai - India

Contact our sales team @ +91-9667916333 for further clarifications on above stated service, you can also reach us by an email at [email protected]. We’ll be great full to serve you. Happy Security.

Few Customer Testimonials

Our clients like us for our specialized abilities, administration quality and polished methodology. Sharing their great words is a delight for us.

Trusted by Thousand of Brands

Our Offices

New Delhi - Head Office
Xiarch Solutions Private Limited
Gurugram-Branch Office
Xiarch Solutions Private Limited
Noida - Branch Office
Xiarch Solutions Private Limited
Mumbai - Branch Office
Xiarch Solutions Private Limited

Get In Touch With Us

Test the effectiveness of your own security controls before malicious parties do it for you. Our security experts are here to help — schedule a call today.

Xiarch Security is an global security firm that educates clients, identifies security risks, informs intelligent business decisions, and enables you to reduce your attack surface digitally, physically and socially.

Certified Security Experts

Our security experts are exceptionally qualified and confirmed by CEH, ECSA, OSCP, CISA, CISSP, and numerous others.

Communication & Collaboration

After surveying the code our specialists shared the best answers to correct them. Our experts will communicate with you for any further implementations.

Research-Focused Approach

We hold industry-leading certifications and dedicate part of every day to research the latest exploit techniques to ensure our clients remain protected from evolving online attacks.

Free Remediation Testing

Once your team addresses remediation recommendations, Xiarch will schedule your retest at no additional charge.