SEBI modifies cyber security and cyber resilience framework for stock brokers/depository participants.

The Securities and Exchange Board of India on 7th June 2022, has modified the cyber security and cyber resilience framework for stock brokers/depository participants by mandating them to conduct comprehensive cyber audit at least once in a financial year.

All Stock Brokers / Depository Participants shall submit with Stock Exchange/Depository a declaration from the MD/ CEO/ Partners/ Proprietors certifying compliance by the Stock Brokers / Depository Participants with all SEBI Circulars and advisories related to Cyber security from time to time, along with the Cyber audit report.

Further the Stock Brokers / Depository Participants shall carry out periodic Vulnerability Assessment and Penetration Tests (VAPT) which inter-alia include critical assets and infrastructure components like Servers, Networking systems, Security devices, load balancers, other IT systems pertaining to the activities done as Stock Brokers / Depository Participants etc., in order to detect security vulnerabilities in the IT environment and in-depth evaluation of the security posture of the system through simulations of actual attacks on its systems and networks. Stock Brokers / Depository Participants shall conduct VAPT at least once in a financial year.

The critical assets shall include business critical systems, internet facing applications /systems, systems that contain sensitive data, sensitive personal data, sensitive financial data, Personally Identifiable Information (PII) data, etc. All the ancillary systems used for accessing/communicating with critical systems either for operations or maintenance shall also be classified as critical system.

RECENT UPDATES

Aircraft Objects Bill, 2025

The bill aims to align India’s aircraft leasing and financing ecosystem with global standards and marks a critical step in deepening investor confidence in India’s

Read More »