New Delhi: Markets regulator Sebi on Friday came out with fresh guidelines for managing directors or chief executive officers of stock exchanges and other market infrastructure institutions (MIIs) to boost cyber security and cyber resilience.
The new framework will come into force with immediate effect, the Securities and Exchange Board of India (Sebi) said in a circular. MIIs - stock exchanges, clearing corporations and depositories -- are required to conduct a comprehensive cyber audit at least two times in a financial year. Along with this cyber audit report, all MIIs have been directed by Sebi to submit a declaration of compliance from their MD or CEO certifying that comprehensive processes, including suitable incentive or disincentive structures, have been put in place for identification as well as closure of vulnerabilities in the organisation’s IT systems.
Also, they need to certify that adequate resources have been hired for staffing their Security Operations Center (SOC) and there is compliance by the MII with all Sebi circulars and advisories related to cyber security. Further, MIIs, whose systems have been identified as ‘critical information infrastructure’ by National Critical Information Infrastructure Protection Centre (NCIIPC), have been mandated to send regular updates of the vulnerabilities found in their respective “protected systems” to NCIIPC.
