NSDL circular on Facility for submission of Half yearly and Annual Cyber Audit Report in electronic form through e- PASS
secmarkupdates
Highlights of the Circular :
Attention of Participants is invited to NSDL Circular No. NSDL/POLICY/2025/0163 dated December 12, 2025, regarding ‘Implementation of SEBI’s CSCRF Circular for Cyber Audit Report Submission’ wherein the detailed guidelines pertaining to auditor selection norms and the guidelines to be adhered to by auditors/Regulated Entities (REs) for the conduct of the Cyber Security Audit, in accordance with the provisions of the CSCRF, are provided under Annexure A.
Further, the detailed Terms of Reference (TOR) applicable for the conduct of the Cyber Security Audit, as per the CSCRF framework, are provided under Annexure B thereto.
In this regard, Participants are required to ensure that the cyber security audit is conducted in accordance with the said TOR.
In this context, Participants are hereby informed that a facility has been developed for the submission of half-yearly and annual Cyber Security Audit reports through the e-PASS portal.
The detailed guidelines for adding auditor details and the procedure for submission of Cyber Security Audit reports through the e-PASS portal are enclosed as Annexure A to this circular. Participants are required to adhere to the prescribed process for electronic submission of audit reports through the e-PASS application.
Further, Participants are required to submit an Auditor’s Declaration, in the prescribed format provided under Annexure C of aforesaid circular and upload in e-pass application while submission of audit report. The compliance status for the closure of findings identified in the cybersecurity report shall be submitted to NSDL within three (3) months from the date of submission of the initial cybersecurity report.
The timelines for submission of the audit report and the action taken report (ATR) if any, have been specified as below attached in the circular.
Additionally, Participants shall email a copy of their Cyber audit reports along with Annexure to Dpa...@nsdl.com in case they face any technical issues while uploading the report through the e-PASS application. However, the submission made through the e-PASS application shall be considered as the final submission.
Participants are further advised to note that non-submission of the Cyber Security Audit report within the specified timelines shall be treated as regulatory non-compliance and may attract penalty and/or further action, as per the NSDL Business Rules as amended from time to time.