Timeline for audit request processing

(With effect from 1-Jan-2019)

On receipt of audit request

For in-house or NIC coordinated dynamic websites

1. Assigning to auditor – same day.

2. Acceptance by auditor – same day.

3. Information to developer / coordinator – same day.

4. After receipt of source code in sFTP server start of source code analysis – within one day.

5. Source code analysis report preparation and submission to developer – within two days.

6. Blackbox audit report preparation and submission to developer – three to five days.

7. Manual audit first report preparation and submission to developer – five to fifteen days.

8. Manual audit subsequent report preparation and submission to developer – three to ten days.

9. Issue of clearance note after receipt of report from auditor as “safe to host” – same day.

For static websites with self-certificate

1. Issue of clearance note with no issues – same day.

For websites audited by CERT-IN empanelled auditor

1. Issue of clearance note with no issues – within two days.

For replica websites

1. Issue of clearance note for replica websites with valid audit clearance of original website – within one day.

sFTP Server user account authorization

1. Authorization of user for uploading source code in sFTP server on receipt of public key – same day.

Reminder to coordinator for response

1. Static websites – reminder to be sent if no response is received within 7 days.

2. Dynamic websites – reminder to be sent if no response is received within 15 days.

3. Third party audited websites - reminder to be sent if no response is received within 15 days.