TMI BlogModification in Cyber Security and Cyber Resilience Framework of Mutual Funds/ Asset Management Companies (AMCs)X X X X Extracts X X X X X X X X Extracts X X X X ..... er Security and Cyber Resilience for Mutual Funds / Asset Management Companies (AMCs). 2. In partial modification to Annexure 1 of SEBI circular dated January 10, 2019 : i. To have uniformity for identifying and classifying critical assets, across the industry, paragraph 11 on section Identify of the circular shall be read as under: 11. Mutual Funds/ AMCs shall identify and classify critical assets based on their sensitivity and criticality for business operations, services and data management. The critical assets shall include business critical systems, internet facing applications/ systems, systems that contain sensitive data, sensitive personal data, sensitive financial data, Personally Identifiable Information (PII) data, ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... by National Critical Information Infrastructure Protection Centre (NCIIPC) under the Information Technology (IT) Act, 2000, VAPT shall be conducted at least twice in a financial year. Further, all Mutual Funds/ AMCs shall engage only Indian Computer Emergency Response Team (CERT-In) empanelled organizations for conducting VAPT. The final report on said VAPT shall be submitted to SEBI after approval from Technology Committee of respective Mutual Funds/ AMCs, within 1 month of completion of VAPT activity. 41. Any gaps or vulnerabilities detected shall be remedied on immediate basis and compliance of closure of findings identified during VAPT shall be submitted to SEBI within 3 months post the submission of final VAPT report. 42 ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ov.in and cybersecurity_amc@sebi.gov.in 3. Further, the Mutual Funds/ AMCs are mandated to conduct comprehensive cyber audit at least 2 times in a financial year. Along with the cyber audit reports, henceforth, all Mutual Funds/ AMCs are directed to submit a declaration from the Managing Director (MD)/ Chief Executive Officer (CEO) certifying compliance by the Mutual Funds/ AMCs with all SEBI Circulars and advisories related to cyber security from time to time. 4. Mutual Funds/ AMCs are required to take necessary steps to put in place systems for implementation of the circular, including modification of internal policies, if any. 5. Applicability: The provisions of this Circular shall come into force with effect from July 15, 2022. ..... X X X X Extracts X X X X X X X X Extracts X X X X
|
