DPSS.AD.No./ 1206/02.27.005/2009-2010

7th December, 2009

To

All the entities Authorised to operate Payment Systems in India

Madam/Dear Sir,

System Audit of the Payment Systems operated  under the PSS Act, 2007

Please refer to the Certificate of Authorisation issued to you by the Reserve Bank of India under Section 7(1) of the Payment and Settlement Systems Act, 2007, to set up and operate the Payment Systems indicated therein.

2. In order to ensure that the technology deployed to operate the payment system/s authorised is/are being operated in a safe, secure, sound and efficient manner and as per the process flow submitted by you for which Authorisation has been issued, you are hereby directed to get a System Audit done by a firm of Chartered Accountants. The auditor conducting the System Audit should be a Certified Information System Auditor (CISA) and registered with the ISACA. The scope of the System Audit should include evaluation of the hardware structure, operating systems and critical applications, security and controls in place, including access controls on key applications, disaster recovery plans, training of personnel managing systems and applications, documentation, etc. The audit should also comment on the deviations, if any, in the processes followed from the process flow submitted to the Reserve Bank while seeking authorisation. The audit should cover the period up to March 31, 2010. The Auditor's report should be submitted to us in a sealed cover so as to reach us positively by May 31, 2010.

Meanwhile please acknowledge receipt of this letter.

Yours faithfully

(K Sivaraman)
General Manager