UIDAI – AUA KUA Compliance Security Audit

UIDAI – AUA KUA Compliance Security Audit

Getting enrolled with UIDAI, allows organizations to provide E-KYC and Aadhar based authentication. Organizations that are looking to become an empaneled KYC User Agency (KUA) or looking to integrate with Aadhaar Authentication Services (AUA), are required to get a comprehensive security assessment and corresponding compliance certification from a CERT-In Empaneled Security Auditor ensuring compliance with UIDAI standards and specifications.

The latest version of UIDAI Information Security Policy for AUAs and KUAs outlines a comprehensive process of technical and operational audit. The following domains (but not limited to) falls under the focus of the audit, thereby improving your security preparedness and technology defense:

  • Security of the authentication devices and applications
  • Network
  • Systems
  • Key management
  • Data vault requirements
  • Security framework policies for requesting entity compliance requirements

These changes include obtaining consent, transparency and purpose limitation, amongst others. As per the guidelines of UIDAI, client applications of the organization using Aadhaar based authentication need to undergo periodic annual auditing or need basis, by Information Systems Auditors certified by CERT-IN. The compliance audit report is then to be submitted to UIDAI or shared upon request. The assessment is mandatory for any organization that wants to comprise Aadhar based authentication in their business process.

As a CERT-IN empaneled body, QRC is authorized to help you understand, manage and comply with UIDAI Security Audit & Compliance requirements that are released on a periodic basis.

As a CERT-In empaneled auditor, through the AUA KUA audits, QRC will help your organization assess your information security risks and determine the effectiveness of controls across various resources and assets, that support operations in your organization and meet UIDAI compliance. Our assessment approach is as follows:

Information Gathering & Documentation Review

We assess the client location for the inherent compliance framework and business process and necessary evidence is collected on the architecture, implementation and controls to understand data flow in your organization as per the UIDAI requirements. The policies, procedures and other documents of the organization are reviewed.

Audit Process

Post scope definition and initial engagement, we will conduct an initial audit of the in scope applications, systems and servers evaluating the entire ecosystem including any sub-contracting agencies or any sub-AUAs. Once the gaps are identified, areas of improvements are suggested wherever possible.


As per the assessment, and the identification of the payment data, QRC will provide remediation support for complying with the UIDAI requirements incorporating all latest UIDAI’s policy updates.

Report & Confirmation Letter

Post assessment and remediation, we will review your evidence on the closure of the Action phase as identified during the audit. On successful closure, we will share the confirmation letter and final report, discussing the findings.

As a qualified payment security assessor and CERTAIN-empaneled auditor, our in-depth knowledge in payment security projects the strong capability to conduct AUA/KUA Audit.

Benefits Of AUA/KUA Compliance Audit

  1. The AUA / KUA compliance audit framework focuses on evaluation of the risk management systems to meet regulatory compliance and helps in anticipating areas of potential risks and mitigating such risks.
  2. Ensures data security of the information stored and strengthens the security of applications and devices, networks and systems.
  3. Strengthen your digital technology and processes by Complying with the requirements of standard to reduce reputation loss because of the data breach.

Improve your overall cyber security preparedness and defense.

Get Free Consultation