Information Security Governance: In order to recognize risk exposures with remedial steps and residual risks, the entities shall carry out a comprehensive security risk assessment of their people, IT, business process environment, etc. This may be an internal security audit or an external security audit carried out by an independent security auditor or an impaneled auditor of CERT. https://corpzoventuresprivatelimited.wordpress.com/2022/10/02/rbi-guidelines-also-define-the-following-in-reference-to-obtainment-of-payment-aggregator-license/