SEBI vide circular dated March 29, 2023 has issued Cyber Security and Cyber Resilience framework for Portfolio Managers. The cyber security and cyber resilience policy should include the following process to identify, assess, and manage cyber security risks associated with processes, information, networks, and systems;
- Identify critical IT assets and risks associated with such assets.
- ‘Protect’ assets by deploying suitable controls, tools, and measures.
- ‘Detect’ incidents, anomalies,and attacks through appropriate monitoring tools/processes.
- ‘Respond’ by taking immediate steps after identification of the incident, anomaly, or attack.
- ‘Recover’ from incident through incident management, disaster recovery, and business continuity framework.
Guidelines annexed with this circular shall be effective from October 01, 2023