Circular No. SEBI/HO/MRD/TPD/P/CIR/ 2023/147, Dated: 24.08.2023
Earlier, SEBI prescribed a framework for Cyber Security and Cyber Resilience for stock exchanges, clearing corporations & depositories. Now, SEBI has modified the said framework.
Now, MIIs are mandated to conduct comprehensive cyber audit at least 2 times in a financial year. Along with cyber audit reports, henceforth, MIIs are directed to submit a declaration from the MD/CEO certifying that:
(a) Comprehensive measures and processes including suitable incentive/disincentive structures, have been put in place for identification/detection and closure of vulnerabilities in the organization’s IT systems.
(b) Adequate resources have been hired for staffing their Security Operations Center (SOC).
(c) There is compliance by the MII with all SEBI circulars and advisories related to cyber security.
Further, MIIs, whose systems have been identified as Critical Information Infrastructure (CII) by the National Critical Information Infrastructure Protection Centre (NCIIPC), are mandated to send regular updates/closure status of the vulnerabilities found in their respective “protected systems” to NCIIPC.
The provisions of the circular shall come into force with an immediate effect.
Click Here To Read The Full Circular
The post SEBI Mandates MIIs to Regularly Report Vulnerability Status of Their “Protected System” to NCIIPC appeared first on Taxmann Blog.
