SEBI Circular on: Modification in Cyber Security and Cyber resilience framework for Stock Brokers / Depository Participants

314 views
Skip to first unread message

Updates from SecMark

unread,
Jun 9, 2022, 8:39:54 AM6/9/22
to Group

Facing issues in day to day processes, feeling inadequate control over your business.

“DESIGN & IMPLEMENT STANDARD OPERATING PROCEDURES”

Contact: 9869265949, 9870210171, in...@secmark.in, kaushik@secmark.in


          Date        

Issuer

Subject

Topic

07-06-2022

SEBI

Modification in Cyber Security and Cyber resilience framework for Stock Brokers / Depository Participants

Cyber Security

 

Highlights of SEBI Circular dated June 07, 2022

Modification in Cyber Security and Cyber resilience framework for Stock Brokers / Depository Participants

SEBI has partially modified provisions of para 11, 41, 42 and 44 of its Circular no. SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018, specifying the framework for Cyber Security and Cyber Resilience for Stock Brokers / Depository Participants.

 

The details of the same are as follows:

 

Para

Modified provision

11

Stock Brokers / Depository Participants shall identify and classify critical assets based on their sensitivity and criticality for business operations, services and data management. The critical assets shall include business critical systems, internet facing applications /systems, systems that contain sensitive data, sensitive personal data, sensitive financial data, Personally Identifiable Information (PII) data, etc. All the ancillary systems used for accessing/communicating with critical systems either for operations or maintenance shall also be classified as critical system. The Board/Partners/Proprietor of the Stock Brokers / Depository Participants shall approve the list of critical systems.

 

To this end, Stock Brokers / Depository Participants shall maintain up-to-date inventory of its hardware and systems, software and information assets (internal and external), details of its network resources, connections to its network and data flows.

41

Stock Brokers / Depository Participants shall carry out periodic Vulnerability Assessment and Penetration Tests (VAPT) which inter-alia include critical assets and infrastructure components like Servers, Networking systems, Security devices, load balancers, other IT systems pertaining to the activities done as Stock Brokers / Depository Participants etc., in order to detect security vulnerabilities in the IT environment and in-depth evaluation of the security posture of the system through simulations of actual attacks on its systems and networks.

42

Stock Brokers / Depository Participants shall conduct VAPT at least once in a financial year. All Stock Brokers / Depository Participants are required to engage only CERT-In empaneled organizations for conducting VAPT. The final report on said VAPT shall be submitted to the Stock Exchanges / Depositories after approval from Technology Committee of respective Stock Brokers / Depository Participants, within 1 month of completion of VAPT activity.

 

In addition, Stock Brokers / Depository Participants shall perform vulnerability scanning and conduct penetration testing prior to the commissioning of a new system which is a critical system or part of an existing critical system.

44

Any gaps/vulnerabilities detected shall be remedied on immediate basis and compliance of closure of findings identified during VAPT shall be submitted to the Stock Exchanges / Depositories within 3 months post the submission of final VAPT report.

 

 

SEBI has further mandated the Stock Brokers / DPs to conduct comprehensive cyber audit at least once in a financial year. All Stock Brokers / DPs are required to submit to Stock Exchange/Depository a declaration from the MD/ CEO/ Partners/ Proprietors certifying compliance by the Stock Brokers / DPs with all SEBI Circulars and advisories related to Cyber security from time to time, along with the Cyber audit report.

 

SEBI has further directed all Stock Brokers / DPs to communicate the status of the implementation of the provisions of this circular to Stock Exchanges / Depositories within 10 days from the date of this Circular.

 

The provisions of the Circular shall come into force with immediate effect.

 

SEBI Circular no. SEBI/HO/MIRSD/TPD/P/CIR/2022/80 dated June 07, 2022 is enclosed herewith for your ready reference

In case of any clarification or assistance required in implementation of this circular you may contact

Vandana Vania– van...@secmark.in / 9223303460       

Kaushik Jethwa – kau...@secmark.in / 9870210171

 

Cracking your trading password can be easier than it appears.

“VULNERABILITY ASSESSMENT AND PENETRATION TESTING”

Contact: 9869265949, 9870210171, in...@secmark.inkau...@secmark.in

--
Regards


www.secmark.in

Email: in...@secmark.in
Mobile: 9869265949, 9870210171
2022 06 07-SEBI-Modification in Cyber Security and Cyber resilience framework for Stock Brokers-DPs.pdf
Reply all
Reply to author
Forward
0 new messages