Securities and Exchange Board of India
Circular No. SEBI/HO/MRD/TPD/P/CIR/2023/146 Dated: August 29, 2023
To,
All Stock Exchanges,
All Clearing Corporations,
All Depositories
Sir/ Madam,
Subject: – Guidelines for MIIs regarding Cyber security and Cyber resilience
1. Market Infrastructure Institutions (i.e. Stock Exchanges, Clearing Corporations and Depositories) are systemically important institutions as they, inter-alia, provide infrastructure necessary for the smooth and uninterrupted functioning of the securities market. As part of the operational risk management, these Market Infrastructure Institutions (MIIs) need to have robust cyber security framework to provide essential facilities and perform systemically critical functions relating to trading, clearing and settlement in securities market. It is also important that MIIs establish and continuously improve their Information Technology(IT) processes and controls to preserve confidentiality, integrity and availability of data and IT systems.
2. With the change in market dynamics in the Indian Securities markets, the interdependence among the MIIs has seen significant increase. Considering the interconnectedness and interdependency of the MIIs to carry out their functions, the cyber risk of any given MII is no longer limited to the MII’s owned or controlled systems, networks and assets.
3. In view of the above, based on the recommendations of the High Powered Steering Committee on Cyber Security of SEBI and in consultation with MIIs, it has been decided to issue guidelines for strengthening the existing cyber security and cyber resilience framework of MIIs. The said guidelines are placed at Annexure-A and MIIs are required to comply with the same.
4. These guidelines should be read in conjunction with the applicable SEBI circulars (including but not limited to that relating to Cybersecurity and Cyber Resilience framework, System and Network Audit framework, etc.) and subsequent updates issued by SEBI from time to time.
5. The compliance of the guidelines shall be provided by the MIIs along with their cybersecurity audit report (conducted as per the applicable SEBI Cybersecurity and Cyber Resilience framework). The compliance shall be submitted as per the existing reporting mechanism.
For full notification please refer to the attachment
Guest
Notification No : SEBI/HO/MRD/TPD/P/CIR/2023/146Published in Shares & Stock
Source : https://www.sebi.gov.in/legal/circulars/aug-2023/guidelines-for-miis-regarding-cyber-security-and-cyber-resilience_76056.html