Securities and Exchange Board of India (“SEBI”) has issued framework for Cybersecurity and Cyber Resilience (“CSCR”) to be implemented by the Regulated Entities (RE). This framework supersedes the existing framework for CSCR as previously issued.
Key highlights of the Circular are mentioned below:
- The objective of CSCR framework is to address evolving cyber threats, to align with the industry standards, to encourage efficient audits, and to ensure compliance by SEBI REs.
- It follows a graded approach and classifies the REs in the five categories as mentioned below based on their span of operations and certain thresholds like number of clients, trade volumes, asset under management etc.
- Market Infrastructure Institutions (MIIs)
- Qualified REs
- Mid-size REs
- Small-size REs
- Self-certification REs
- It provides a structured methodology to implement various solutions for CSCR.
- It is to be adopted by six categories of REs where CSCR framework already exists by 01.01.2025 for other REs CSCR framework is issued for the first time by 01.04.2025.
- REs to put in place appropriate systems and procedures to ensure compliance with the provisions (i.e., applicable standards and guidelines) of CSCR framework, and conduct cyber audit.
Detailed framework is mentioned below in the hyperlink for ease of reference.
Source – Securities and Exchange Board of India (SEBI)