NBBL Security & Risk Certifications
NPCI Bharat BillPay Limited (NBBL) has been certified for ISO 22301:2019 (Business Continuity Management System) and ISO 27001:2022 (Information Security Management systems) and ISO 27701:2019 (Privacy Information Management System) across all our office locations.
These certifications apply to NBBL’s products including
These certifications apply to NBBL’s products including
- Bharat Connect
- Bharat Connect for Business
- Banking Connect
- ISO 22301:2019 Standard – NBBL is certified for a Business Continuity Management System (BCMS) that supports availability of services during disruptions. It includes defined recovery targets, resilient architecture, disaster recovery readiness, and periodic drills to help ensure continuity.
- ISO 27001:2022 Standard – NBBL is certified for an Information Security Management System (ISMS) that helps protect information and systems through a structured, risk-based approach. This includes defined security policies, strong access controls, encryption for data in transit and at rest, secure key management, secure development practices, and continuous monitoring.
- ISO 27701:2019 Standard – NBBL has achieved certification for a Privacy Information Management System (PIMS) which demonstrates dedication to protecting privacy and handling personal information responsibly. ISO 27701 extends the principles of ISO 27001, ensuring a thorough approach to managing information security and privacy.
Our Commitment to Security & Compliance (SOC 2 Type II)
NBBL maintains compliance with Service Organization Control 2 (SOC 2) standards, as established by the American Institute of Certified Public Accountants (AICPA). We have successfully obtained SOC 2 Type II attestation reports for NBBL operations, reflecting our commitment to strong security practices, reliable service delivery, and responsible data handling.
What This Means for You
A SOC 2 Type II report provides independent third-party assurance on both:
Trust Services Criteria Coverage
Our SOC 2 Type II attestation covers controls aligned to the Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
Continuous Assurance
SOC 2 Type II reflects an ongoing commitment—not a one-time check. NBBL undergoes periodic independent audits and continuously strengthens controls to maintain high standards of security and operational excellence, helping ensure transactions remain secure, reliable, and compliant with global best practices.
NBBL maintains compliance with Service Organization Control 2 (SOC 2) standards, as established by the American Institute of Certified Public Accountants (AICPA). We have successfully obtained SOC 2 Type II attestation reports for NBBL operations, reflecting our commitment to strong security practices, reliable service delivery, and responsible data handling.
What This Means for You
A SOC 2 Type II report provides independent third-party assurance on both:
- the design of our controls, and
- the operating effectiveness of those controls over a defined period of time.
Trust Services Criteria Coverage
Our SOC 2 Type II attestation covers controls aligned to the Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
Continuous Assurance
SOC 2 Type II reflects an ongoing commitment—not a one-time check. NBBL undergoes periodic independent audits and continuously strengthens controls to maintain high standards of security and operational excellence, helping ensure transactions remain secure, reliable, and compliant with global best practices.