- Security Audit Request is Submitted Online/Offline by Auditee organisation or Department.
- Application Assessment by COE security audit team/Management and the Organizations is informed about the Security Audit Request Status.
- The Auditee Dept. or organisation reverts back with Security Audit Details & signed NDA.
- MAP_IT shares the Audit Plan with relevant stakeholders in audit and auditee organizations.
- After setting up test URL, Auditee organization submits Level 1 testing initiation request on portal.
- Security Assessment is conducted by COE, MAPIT for Level 1 Testing Report.
- Concern Department is communicated for Level 1 bug fixation and identification.
- Steps 5, 6 & 7 are repeated for Level 2 & Level 3 Testing until 100% vulnerabilities are fixed.
- On Completion of Security Audit Process ,Security Certificate and Final Report is issued.
- Security Certificate is valid for One Year OR any Change in the Source Code whichever is earlier from the date of issues. In case of expiry of the certificate whole process shall be initiated again.
Note**: Average time to complete whole process is about 45 days, if defects are fixed by Auditee organization in couple of days.