Sebi takes up cloud framework
Issues guidelines for cloud services adoption
New Delhi: Markets watchdog Sebi came out with a framework for the adoption of cloud services by stock exchanges, clearing corporations and other regulated entities.
The cloud framework has been drafted to provide baseline standards of security and for the legal and regulatory compliances by the Regulated Entities (REs). It will be in addition to the existing circulars/guidelines/advisories of Sebi.
"The major purpose of this framework is to highlight the key risks, and mandatory control measures which REs need to put in place before adopting cloud computing. The document also sets out the regulatory and legal compliances by REs if they adopt such solutions," it said in a circular.
The framework will come into force immediately for all new or proposed cloud onboarding assignments/projects of the REs. For REs that are currently availing cloud services should ensure that wherever applicable, all such arrangements are revised and they should be in compliance with the framework within 12 months. In recent times, the dependence on cloud computing for delivering the IT services has been on the rise. "While cloud computing offers multiple advantages viz. ready to scale, ease of deployment, no overhead of maintaining physical infrastructure etc., the RE should also be aware of the new cyber security risks and challenges which cloud computing introduces," Sebi noted.
According to the regulator, the cloud framework is a principle-based framework that covers Governance, Risk and Compliance (GRC), selection of Cloud Service Providers (CSPs), data ownership and data localisation, due- diligence by REs, security controls, legal and regulatory obligations, among others. The REs include depositories, stock brokers through exchanges, Asset Management Companies (AMCs)/mutual funds and KYC Registration Agencies (KRAs).