SEBI vide its circular dated 24th Aug 2023 has made Modification in the Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing Corporations and Depositories
Regard, clause 3 of SEBI circular dated May 20, 2022, shall now be read as under:
3. MIIs are mandated to conduct comprehensive cyber audits at least 2 times in a financial year. Along with cyber audit reports, henceforth, MIIs are directed to submit a declaration from the MD/CEO certifying that:
i. Comprehensive measures and processes including suitable incentive/disincentive structures, have been put in place for identification/detection and closure of vulnerabilities in the organization’s IT systems.
ii. Adequate resources have been hired for staffing their Security Operations Center(SOC).
iii. There is compliance by the MII with all SEBI circulars and advisories related to cyber security
MIIs, whose systems have been identified as Critical Information Infrastructure (CII) by the National Critical Information Infrastructure Protection Centre (NCIIPC), are mandated to send regular updates/closure status of the vulnerabilities found in their respective “protected systems” to NCIIPC.
MIIs are required to take necessary steps to put in place systems for implementation of the circular, including necessary amendments to the relevant bylaws, rules and regulations, if any.
MIIs are directed to communicate the status of the implementation of the provisions of this circular to SEBI within 30 days from the date of this Circular.
The provisions of the Circular shall come into force with immediate effect.
About the Author
