UIDAI Compliance Audit

An Authentication User Agency (AUA) is an entity that offers Aadhaar Enabled Services to individuals possessing Aadhaar numbers, utilizing the authentication process facilitated by the Authentication Service Agency (ASA).

An Authentication User Agency (AUA) is an entity dedicated to providing Aadhaar Enabled Services to holders of Aadhaar numbers, using authentication processes facilitated by the Authentication Service Agency (ASA). An AUA, which may be a government, public, or private legal agency registered in India, employs UIDAI’s Aadhaar authentication services to enable its services or business functions.

As per UIDAI Guidelines, the client application undergoes a UIDAI compliance audit, conducted by information systems auditors certified by CERT-IN. The compliance audit report is subsequently submitted to UIDAI.

CERT-IN (Computer Emergency Responses Team – India) serves as the central nodal agency responsible for addressing computer security incidents in the Indian subcontinent. Empanelled auditors appointed by CERT-IN assess information security risks, evaluate the effectiveness of information security controls supporting operations in audited organizations, and conduct UIDAI compliance audits, providing a comprehensive report upon request. During these audits, activities such as interviewing key personnel, conducting vulnerability assessments and penetration testing, documenting existing security policies and controls, and examining IT assets are undertaken.