MCX circular on: Submission of VAPT report and/or Action taken report (ATR)/Compliance Report -Reminder
secmarkupdates
Cracking your trading password can be easier than it appears.
“VULNERABILITY ASSESSMENT AND PENETRATION TESTING”
Contact: 9869265949, 9870210171, in...@secmark.in, kau...@secmark.in
Issuer: MCX
Submission of VAPT report and/or Action taken report (ATR)/Compliance Report -Reminder
Highlights of MCX
Circular dated November 17, 2023
This is with reference to Exchange Circular no.
MCX/TECH/340/2022 dated June 10,2022, MCX/TECH/491/2022 dated August 24, 2022,
MCX/TECH/544/2022 dated September 21, 2022 on ‘Modification in Cyber Security
and Cyber resilience framework for Stockbrokers/ Depository Participants’,
MCX/TECH/011/2023 dated January 05, 2023 and MCX/TECH/641/2023 dated September
25, 2023 on Submission of VAPT report and/or Action taken report (ATR)/Compliance
Report.
Members are required to conduct and complete the VAPT during the period September to November for FY 2023-24 and the final report shall be submitted through member portal to the Stock Exchanges within one month from the date of completion of VAPT after approval from Technology Committee of respective Stockbrokers.
The detailed VAPT report along with summary of report (as per format specified in Annexure A) as a single document shall be digitally signed by CERT-In empaneled entity to be submitted to Exchange by December 31, 2023 through online Member Portal –https://member.mcxindia.com. Help file ‘VAPT–help file’ is available on the VAPT submission online portal and on https://sftp.mcxindia.com/Common/Online portal help file folder.
Further, as per para 44 of SEBI Circular No. SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018 amended vide SEBI Circular No. SEBI/HO/MIRSD/TPD/P/CIR/2022/80 dated June 07, 2022 requires that any gaps / vulnerabilities detected shall be remedied on immediate basis and compliance of closure of findings identified during VAPT shall be submitted to the Stock Exchanges within 3 months post the submission of final VAPT report. For any open vulnerabilities as reported & submitted in VAPT report, members are required to submit Compliance Report in the format attached as Annexure – B digitally signed by the CERT-In empaneled entity as appointed by the Member.
Accordingly, members are required to submit VAPT Compliance Report/ Action Taken Report (ATR) for FY 2023-24, as per format specified in Annexure B by 31st March 2024, on member portal.
In view of the above, Stockbrokers/Trading Members/Qualified Stockbrokers are advised as under:
a) Adherence with the reporting timelines for submission of VAPT report and Compliance report/Action Taken Report (ATR) to the Exchange.
b) Ensure that all open gaps / vulnerabilities are closed within prescribed timelines and are accordingly confirmed in the Compliance report.
In order to ensure strict adherence to the regulatory requirements by Members with the prescribed framework applicable for VAPT/Compliance Report submission and timely closure of vulnerabilities, penalties/disciplinary actions will be communicated through separate circular shortly.
Further, Non-compliant members shall render themselves liable for action as may be deemed fit by the Exchange.
Member brokers and are advised to take note of above and ensure compliance.
In case of any clarification or assistance required in implementation of this circular you may contact
Vandana Vania - van...@secmark.in / 9223303460
Kaushik Jethwa - kau...@secmark.in / 9870210171Facing issues in day to day processes, feeling inadequate control over your business.
“DESIGN & IMPLEMENT STANDARD OPERATING PROCEDURES”
Contact: 9869265949, 9870210171, in...@secmark.in, kaushik@secmark.in