Modification in Cyber Security and Cyber resilience framework for Stock Brokers / Depository Participants - SEBI - SEBI/HO/MIRSD/TPD/P/CIR/2022/80
Extract
..... he paragraph-11, 41, 42 and 44 shall be read as under: 11. Stock Brokers / Depository Participants shall identify and classify critical assets based on their sensitivity and criticality for business operations, services and data management. The critical assets shall include business critical systems, internet facing applications /systems, systems that contain sensitive data, sensitive personal data, sensitive financial data, Personally Identifiable Information (PII) data, etc. All the ancillary .....
..... system through simulations of actual attacks on its systems and networks. 42. Stock Brokers / Depository Participants shall conduct VAPT at least once in a financial year. All Stock Brokers / Depository Participants are required to engage only CERT-In empaneled organizations for conducting VAPT. The final report on said VAPT shall be submitted to the Stock Exchanges / Depositories after approval from Technology Committee of respective Stock Brokers / Depository Participants, within 1 month of c .....
..... Depository Participants shall take necessary steps to put in place systems for implementation of the circular. 5. All Stock Brokers / Depository Participants are directed to communicate the status of the implementation of the provisions of this circular to Stock Exchanges / Depositories within 10 days from the date of this Circular. 6. Stock Exchanges and Depositories shall; a) make necessary amendments to the relevant byelaws, rules and regulations for the implementation of the above direction .....