SEBI issues circular on cyber security & cyber resilience framework for KYC Registration Agencies

Oct 16, 2019 | by Avantis RegTech Legal Research Team

The Securities and Exchange Board of India (SEBI) on October 15, 2019 has issued circular on cyber security & cyber resilience framework for KYC Registration Agencies (KRAs) to protect the integrity of data and provide guard against breaches of privacy. 

The KRAs should have robust cyber security and cyber resilience framework to provide essential facilities and perform systemically critical functions relating to securities market as it maintains the KYC records of the clients in the securities market. Thus, the framework on Cyber Security and Cyber Resilience should be made applicable for KRAs and the framework placed at Annexure A from page 2 to page 8 is to be complied by the KRAs. KRAs are directed to take necessary steps to put in place systems for implementation of this circular by January 01, 2020.

KRAs should formulate a comprehensive cyber security and cyber resilience policy document encompassing the framework and it is to be approved by the Board of KRAs and reviewed annually. It should include the process to identify, assess, and manage cyber security risk associated with processes, information, networks and systems and define the responsibilities of its employees, outsourced staff, and employees of vendors, members or participants and other entities, who may have access or use KRA’s systems or networks, towards ensuring the goal of cyber security. 

KRAs should provide access control, physical security, network security management, security data, hardening of hardware and software, Application Security and Testing Patch Management, disposal of systems and storage devices, Vulnerability Assessment and Penetration Testing (VAPT) to ensure the cyber security.




Related Updates

Alternate Text

Get updates on the go on RuleZbook Mobile App.