SEBI issues diktat for robust cyber security framework
Published: Sep 09, 2017
By TIOLCORPLAWS News Service
MUMBAI, SEPT 09, 2017: THE watchdog of stock market, Securities and Exchange Board of India (SEBI) has directed large registrars and share transfer agents to put in place a robust cyber security framework, including ‘minimum physical access of critical systems' by staff and ‘stringent supervision' of outsourced staff.
The market regulator, SEBI's move also comes at a time when there are rising incidents of cyber attacks and in recent times, exchanges have also warned of Ransomwares. In a circular on cyber security and cyber resilience framework for registrars to issue or share transfer agents (RTAs), the SEBI said the policy in this regard should be approved by the respective boards and any access to QRTA's (Qualified Registrar and Transfer Agent) systems, applications, networks, databases, should be for a defined purpose and for a defined period. The circular will be applicable to RTAs servicing more than 2 crore folios. Such
Apart from annual audits of its systems, QRTAs have been directed to ensure that suitable alerts are generated in the event of detection of unauthorised or abnormal system activities or unusual online transactions. The audit report, along with comments from the board of QRTA has to be submitted to the SEBI within three months from the end of the financial year.
To ensure strong cyber security framework, the regulator has also said that QRTAs have to formulate a policy to regulate the use of internet and internet-based services, including social media sites and cloud-based internet storage sites.
The regulator has also told the RTAs to designate a senior official as Chief Information Security Officer (CISO) to assess, identify and reduce cyber security risks, respond to incidents, establish appropriate standards and controls, and direct the establishment and implementation of processes and procedures as per the cyber security and resilience policy approved by the boards of the RTAs.