ALSO READWhat you need to know about India's first cyber security start-up This startup builder tackles cyber security with army experience Sebi plans to beef up cyber security, hire advisor to tackle tech glitches Sebi to chart out long term cyber security plan amid data breach scare Is cyber security on your board's agenda?
The regulator's move also comes at a time when there are rising incidents of cyber attacks and in recent times, exchanges have also warned of ransomware.
In the circular on 'Cyber Security and Cyber Resilience framework for Registrars to an Issue/ Share Transfer Agents' (RTAs), the watchdog said the policy in this regard should be approved by the respective boards.
Such entities have been asked to put in place requisite systems by December 1, 2017, according to the regulator.
Sebi's High Powered Steering Committee (Cyber Security) has decided that the framework for cyber security prescribed in July 2015 should be broadly applicable to QRTAs.
"Employees and outsourced staff such as employees of vendors or service providers, who may be given authorised access to the QRTA's critical systems, networks and other computer resources, should be subject to stringent supervision, monitoring and access restrictions," the circular said.
Apart from annual audits of its systems, QRTAs have been asked to ensure that suitable alerts are generated in the event of detection of unauthorised or abnormal system activities or unusual online transactions.
The audit report, along with comments from the board of QRTA has to be submitted to Sebi within three months from the end of the financial year.
"No person by virtue of rank or position should have any intrinsic right to access confidential data, applications, system resources or facilities," Sebi said.
To ensure strong cyber security framework, the regulator has said QRTAs also have to formulate a policy to regulate the use of internet and internet-based services, including social media sites and cloud-based internet storage sites.
"Proper end of life mechanism should be adopted to deactivate access privileges of users who are leaving the organisation or whose access privileges have been withdrawn," the circular said.
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)