SEBI Notifies Modification In Cyber Security, Cyber Resilience Framework Of Stock Exchanges, Clearing Corporations & Depositories

Update: 2023-08-26 08:00 GMT
Click the Play button to listen to article
story

In a recent development, the Securities and Exchange Board of India (SEBI) has announced a notable modification in the Cyber Security and Cyber Resilience framework for Stock Exchanges, Clearing Corporations, and Depositories. SEBI's latest circular dated August 24, 2023, revises certain aspects of the existing cybersecurity guidelines. These changes stem from previous circulars,...

Your free access to Live Law has expired
Please Subscribe for unlimited access to Live Law Archives, Weekly/Monthly Digest, Exclusive Notifications, Comments, Ad Free Version, Petition Copies, Judgement/Order Copies.

In a recent development, the Securities and Exchange Board of India (SEBI) has announced a notable modification in the Cyber Security and Cyber Resilience framework for Stock Exchanges, Clearing Corporations, and Depositories. SEBI's latest circular dated August 24, 2023, revises certain aspects of the existing cybersecurity guidelines.

These changes stem from previous circulars, specifically SEBI/CIR/MRD/DP/13/2015 dated July 06, 2015, and SEBI/HO/MRD1/MRD1_DTCS/P/CIR/2022/68 dated May 20, 2022.

The revised framework mandates that Market Infrastructure Institutions (MIIs) must carry out comprehensive cyber audits at least twice during a financial year. Alongside the audit reports, MIIs are required to submit a certification from their MD/CEO affirming several key points.

These include the implementation of robust measures and processes to identify, detect, and close vulnerabilities in their IT systems. Additionally, MIIs are directed to have adequate resources in place for staffing their Security Operations Centers (SOCs). The certification also ensures that the MII is in compliance with all SEBI circulars and advisories pertaining to cybersecurity.

Furthermore, MIIs whose systems have been categorized as Critical Information Infrastructure (CII) by the National Critical Information Infrastructure Protection Centre (NCIIPC) are obligated to provide regular updates and closure status of vulnerabilities found in their "protected systems" to NCIIPC.

The circular mandates MIIs to initiate the necessary measures to incorporate the changes within their systems. This involves making any required amendments to relevant bylaws, rules, and regulations. MIIs are also directed to communicate the status of the implementation of these provisions to SEBI within 30 days from the date of the circular.

The revised provisions, as detailed in the circular, come into effect immediately. The authority to issue this circular is derived from the powers conferred under Section 11(1) of the Securities and Exchange Board of India Act, 1992. This is in conjunction with Regulation 51 of the Securities Contracts (Regulation) (Stock Exchanges and Clearing Corporations) Regulations, 2018, as well as Section 19 of the Depositories Act, 1996, and Regulation 97 of the Securities and Exchange Board of India (Depositories and Participants) Regulations, 2018.

Click Here To Read/Download Circular

Tags:    

Similar News