Timeline for audit request processing
=====================================

(With effect from 1-Jan-2019) 

**On receipt of audit request**

For in-house or NIC coordinated dynamic websites
------------------------------------------------

1. Assigning to auditor – same day.
2. Acceptance by auditor – same day.
3. Information to developer / coordinator – same day.
4. After receipt of source code in sFTP server start of source code analysis – within one day.
5. Source code analysis report preparation and submission to developer – within two days.
6. Blackbox audit report preparation and submission to developer – three to five days.
7. Manual audit first report preparation and submission to developer – five to fifteen days.
8. Manual audit subsequent report preparation and submission to developer – three to ten days.
9. Issue of clearance note after receipt of report from auditor as “safe to host” – same day.

For static websites with self-certificate
-----------------------------------------

1. Issue of clearance note with no issues – same day.

For websites audited by CERT-IN empanelled auditor
--------------------------------------------------

1. Issue of clearance note with no issues – within two days.

For replica websites
--------------------

1. Issue of clearance note for replica websites with valid audit clearance of original website – within one day.

sFTP Server user account authorization
--------------------------------------

1. Authorization of user for uploading source code in sFTP server on receipt of public key – same day.

Reminder to coordinator for response
------------------------------------

1. Static websites – reminder to be sent if no response is received within 7 days.
2. Dynamic websites – reminder to be sent if no response is received within 15 days.
3. Third party audited websites - reminder to be sent if no response is received within 15 days.