What is a Securities and Exchange Board of India Audits and Cyber Security Framework?

The SEBI circular SEBI/HO/MIRSD/CIR/PB/2018/147 dated on December 03, 2018 made it mandatory for all stockbrokers must comply with the SEBI cyber security framework to maintain robust cyber security and cyber resilience framework to protect the integrity of data and privacy. 

It focuses on protecting the data and the privacy of security holders by improving the Cyber Security and Cyber Resilience of the Stockbrokers and Depository Participants. It governs data created, received, or maintained by them wherever these data records are and whatever form they are in, while carrying out their designated duties and functions.

Applicability

The applicability of the guidelines issued by SEBI extend to the following:

  1. Dec 03, 2018: SEBI Guidelines for Stockbrokers and Depository Participants.
  2. Jan 10, 2019, SEBI Guidelines for Mutual Funds / Asset Management Companies (AMCs).
  3. Dec 07, 2018, SEBI Guidelines for Stock Exchanges, Clearing Corporations and Depositories.

All the stockbrokers are required to conduct audit and ensure compliance to the guidelines as mentioned above by CISA certified auditor.

Objective

The objectives  of conduct SEBI System Audit: 

    • To monitor the activities of the stock exchange and ensure integrity and privacy of data is  maintained.
    • To safeguard the rights of the investors
    • Cyber Security and Cyber Resilience Framework is robust
    • To ensure compliance with SEBI guidelines and ToR (Terms of Reference)
    • To curb fraudulent practices by maintaining a balance between statutory regulations and self-regulation.

Approach

Our approach has been covered in  4 phases as mentioned below: 

Phase 1: Audit Planning
Planning and preparation of the audit scope and objectives. 

Phase 2: Risk Assessment and Business Process Analysis
Assessment, measuring, managing, and controlling IT-related risks, thus enhancing the reliability of processes and the entire information system. 

Phase 3: Audit Performance (Compliance and System Review) 
Assessment of controls over critical system platforms, network and physical components, IT infrastructure supporting relevant business processes.

Phase 4: Reporting
Report audit findings, conclusions, and recommendations of the audit in terms of conformance, non-conformance, and opportunities to improve. 

      Why CyberSRC®?

      1. We are team of qualified professionals with rich experience of multiple industries such as Manufacturing, BFSI, Insurance, Healthcare, NBFCs & others. Our consultants are industry experts and have proven track records, some of the renowned certificates that our consultants hold such as CISA, CISSP, COBIT, CEH, CCNA, OSCP, ISO 9001 LA/LI, ISO 27001, ITIL LA/LI, PMP, to name a few. 
      2. We believe in adding value to your business which is enabled through our Centre of Excellence (Coe) and, we have end-to-end capability for Program Build – Operations – Transformation. We can jump start and execute projects in Managed Services mode globally and flexible delivery models. 
      3. Our Vision is to be one of the World’s most trusted advisory & solution provider for Cyber Security, Data Protection an Assurance practices.