DATA LOCALIZATION AUDIT
Do your part – Be Security Smart !
What Is Data Localization Audit?
- Data Localization is the practice of storing data on any device that is physically present within the borders of the country where the data is generated. As of now, most of these data are stored, in a cloud, outside India.
- Localization mandates that companies collecting critical data about consumers must store and process them within the borders of the country.
Advantages of Data Localization
- Maintaining multiple local data centres may lead to significant investments in infrastructure and higher costs for global companies.
- Infrastructure in India for efficient data collection and management is lacking.
- Splinternet or ‘fractured internet’ where the domino effect of protectionist policy can lead to other countries following suit.
- Even if the data is stored in the country, the encryption keys may still remain out of the reach of national agencies.
- Forced data localization can create inefficiencies for both businesses and consumers. It can also increase the cost and reduce the availability of data-dependent services.
Key Criteria for System Audit Report for Data Localization (SAR)
Based on the RBI & NPCI Guidelines, the following key criteria need to be covered as part of this audit.
- Payment Data Elements
- Transaction / Data Flow
- Application Architecture
- Network Diagram / Architecture
- Data Storage
- Transaction Processing
- Activities subsequent to Payment Processing
- Cross Border Transactions
- Database Storage and Maintenance
- Data Backup & Restoration
- Data Security
- Access Management