You are here: Home » Markets » News
Business Standard

Sebi asks registrars to have robust cyber security framework

The regulator's move comes at a time when there are rising incidents of cyber attacks

Press Trust of India  |  New Delhi 

Sebi asks registrars to have robust cyber security framework

today asked large registrars and share transfer agents to put in place a robust framework, including stringent supervision of outsourced staff having access to critical systems.

The regulator's move also comes at a time when there are rising incidents of cyber attacks and in recent times, exchanges have also warned of ransomware.

In the circular on 'and Cyber Resilience framework for Registrars to an Issue/ Share Transfer Agents' (RTAs), the watchdog said the policy in this regard should be approved by the respective boards.

It would be applicable for servicing more than two crore folios and such entities are also referred to as Qualified (QRTAs).

Such entities have been asked to put in place requisite systems by December 1, 2017, according to the regulator.

Sebi's High Powered Steering Committee (Cyber Security) has decided that the framework for prescribed in July 2015 should be broadly applicable to

"Employees and outsourced staff such as employees of vendors or service providers, who may be given authorised access to the QRTA's critical systems, networks and other computer resources, should be subject to stringent supervision, monitoring and access restrictions," the circular said.

Apart from annual audits of its systems, have been asked to ensure that suitable alerts are generated in the event of detection of unauthorised or abnormal system activities or unusual online transactions.

The audit report, along with comments from the board of QRTA has to be submitted to within three months from the end of the financial year.

"No person by virtue of rank or position should have any intrinsic right to access confidential data, applications, system resources or facilities," said.

To ensure strong cyber security framework, the regulator has said also have to formulate a policy to regulate the use of internet and internet-based services, including social media sites and cloud-based internet storage sites.

"Proper end of life mechanism should be adopted to deactivate access privileges of users who are leaving the organisation or whose access privileges have been withdrawn," the circular said.

(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)

First Published: Fri, September 08 2017. 17:10 IST