Yes, auditing is a continuous process. According to the Rules under the IT Act 2000.
- The CA shall get its operations audited annually by an auditor and such audit shall include security policy and planning, physical security, technology evaluation, CA's services administration, compliance to CPS, contracts/agreements, regulation prescribed by CCA, policy requirement of CA Rules, 2000.
The CA shall conduct -
- Half yearly internal audit of security policy, physical security and planning of its operation,