All Your Cyber Security Requirements Under One Roof
Let us help you in securing your organization through our proactive, active and reactive cyber security solutions.
On June 7, 2022, the Securities and Exchange Board of India (SEBI) released a circular amending its previous one, SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018, which established a framework for cyber security and resilience.
We Will Help You To Choose The Best Plan!
PART - 1
Stockbrokers
Depositories
Wealth Management
Asset Management
Applicable - The circular's provisions shall take effect immediately.
Identifying and classifying critical assets according to their significance and sensitivity to business services, data management, and operations. Up-to-date inventory of hardware, software, and information assets must be kept, and the Board, Partners, and Proprietor must approve the list of critical systems.
To identify vulnerabilities in the IT environment and conduct a thorough assessment of the security posture, In-Depth vulnerability assessment and penetration testing (VAPT) must be performed on essential assets and infrastructure components such servers, security devices, and networking systems.
Conducting VAPT at least once per year is mandatory for stockbrokers and depository participants. All stockbrokers and depository participants may only conduct VAPT transactions through CERT-IN Empanelled Organizations. After receiving the Technology Committee's approval and within a month of the VAPT's completion, the final report must be submitted to the stock exchange or depository.
Any gaps or vulnerabilities found during In- Depth VAPT must be closed right away, and compliance with all findings must be presented within three months of the final VAPT report's submission.
Further, Comprehensive Cyber Audit must be conducted once in a year. A declaration from the Board/ Partners/ Proprietors certifying compliance must be submitted to the Stock Exchange/Depository with all the SEBI Circulars and advisories related to cyber security.
PART - 2
On June 9,2022 the Securities Exchange Board of India (SEBI) released a
circular amending its previous one, SEBI/HO/IMD/DF2/CIR/P/2019/12
dated 10
January 2019 establishing a framework for Cyber Security and resilience for
Mutual Funds/ Asset Management Companies (AMCs).
Mutual Funds All Organisations
Asset Management Company
Board of Trustee of Mutual Funds
Association of Mutual Funds in India
Applicable - The circular's provisions shall be effective as of July 15, 2022.
Identifying and classifying critical assets according to their significance and sensitivity to business services, data management, and operations. Up-to-date inventory of hardware, software, and information assets must be kept, and the Board, and Trustees of AMCs must approve the list of critical assets.
Mutual funds shall perform routine VAPT at least once a year on critical assets and infrastructure components, including servers, security devices, and networking systems, in order to conduct VAPT using the "audit the auditor approach" and to identify security vulnerabilities in the IT environment and to carry out a comprehensive assessment of security posture. Mutual funds that have been designated by NCIIPC as "protected systems" must undergo VAPT at least twice a year.
Any gaps or vulnerabilities identified during VAPT shall be immediately filled, and compliance with all findings shall be submitted within three months after the submission of the final VAPT report.
Prior to commissioning a new system that is a crucial system, Mutual Funds/AMCs are required to do vulnerability scanning and penetration testing.
Any cyber risks, incidents, or breaches discovered by Mutual Funds/AMCs must be notified to SEBI to CERT-IN within six hours. Systems designated as protected systems are required to notify NCIIPC of these threats. Within 15 days of the end of the quarter, the quarterly reports must be submitted to SEBI.
Comprehensive Cyber Audit must be conducted twice in a year. A declaration from the Managing Director/ Chief Executive Officer certifying compliance must be submitted to the Mutual Funds/ AMCs with all the SEBI Circulars and advisories related to cyber security.
Kratikal Tech. Pvt. Ltd. is the trusted
standard for companies and
individuals acquiring services to protect their brands, business and dignity from baffling
Cyber-attacks.
Hundreds of brands trust Kratikal
Kratikal Tech. Pvt. Ltd. is the trusted
standard for companies and
individuals acquiring services to protect their brands, business and dignity from baffling
Cyber-attacks.
Hundreds of brands trust Kratikal
Let us help you in securing your organization through our proactive, active and reactive cyber security solutions.
Kratikal Tech. Pvt. Ltd. is the trusted
standard for companies and
individuals acquiring services to protect their brands, business and
dignity from baffling cyber-attacks.
Hundreds of brands trust Kratikal
Kratikal Tech. Pvt. Ltd. is the trusted
standard for companies and
individuals acquiring services to protect their brands, business and dignity from baffling
Cyber-attacks.
Hundreds of brands trust Kratikal