Home>>Business>>Sebi asks bourses to conduct ‘comprehensive’ cyber audit twice a year
Business

Sebi asks bourses to conduct ‘comprehensive’ cyber audit twice a year

Markets regulator Securities and Exchange Board of India (Sebi) on Friday directed exchanges to conduct “comprehensive” cyber audit twice within a fiscal year.
The market watchdog in a circular said that the market infrastructure institutions (MIIs) “are mandated to conduct comprehensive cyber audit at least two times in a financial year”.
Along with the cyber audit reports, all MIIs are directed to submit a declaration from the managing director or chief executive officer “certifying compliance by the MII with all Sebi circulars and advisories related to cyber security issued from time to time”, the market regulator added.
The bourses, alongside cyber audits, are also required to carry out periodic vulnerability assessment and penetration testing (VAPT), which includes an inspection of all critical assets and infrastructure components like servers, networking systems, security devices, load balancers and other IT systems, the circular said.
While the VAPT is required to be conducted once in a fiscal year, MIIs whose systems have been identified as “protected system” by National Critical Information Infrastructure Protection Centre (NCIIPC) would be required to undertake the exercise twice, the circular noted.
Any gaps or vulnerabilities detected during the VAPT should be “remedied on immediate basis” and a compliance of closure of findings should be submitted to Sebi within 90 days post the submission of final assessment report, it added.
The above norms, as stated in the circular, will come into force “with immediate effect”, the regulator said, adding that the exchanges are required to “communicate the status of the implementation of the provisions of this circular to Sebi within 10 days”.

Leave a Reply

Your email address will not be published. Required fields are marked *