N O T I C E
Dated:
27th December, 2018
Trading Members are hereby informed that
the Exchange has received a Circular from SEBI Vide Ref. No. CIR/MRD/CSC/151/2018, Dated December 14, 2018 regarding Cyber
Security Operations Center for SEBI registered intermediaries. The contents of the said
circular are reproduced hereunder for information of trading members.
Quote: -
CIRCULAR
CIR/MRD/CSC/151/2018
December 14, 2018
To,
All Stock
Exchanges, Clearing Corporations and Depositories (except Commodities
Derivatives Exchanges and their Clearing Corporations).
Dear Sir /
Madam,
Cyber Security Operations Center for SEBI registered
intermediaries
1.
Recognizing the need for a robust Cyber Security and Cyber Resilience framework
at Market Infrastructure Institutions (MIIs), i.e. Stock Exchanges, Clearing
Corporations and Depositories, SEBI vide Circular CIR/MRD/DP/13/2015 dated July
06, 2015, prescribed a detailed regulatory framework on cyber security and
cyber resilience.
2. With the
view to further strengthening cyber security in securities market the Cyber
Security and Cyber Resilience framework has been extended to Stock Brokers/
Depository Participants vide circular SEBI/HO/MIRSD/CIR/PB/2018/147 dated
December 03, 2018.
3. During
the discussions held with the market participants, it was gathered that
compliance with the cyber security guidelines may be onerous for smaller intermediaries
because of the lack of knowledge in cyber security and also the cost factor
involved in setting up own Security Operations Center (SOC). These
intermediaries may utilize the services of Market SOC which is proposed to be
set up by MIIs with the objective of providing cyber security solution to such
intermediaries. The intermediaries’ membership in Market SOC is non mandatory.
4.
The particulars of the Market SOC will be as follows:
4.1. The Market
SOC shall be set up as a separate entity and MIIs shall have at least 51% stake
in the new entity.
4.2.
Intermediaries who don’t have capability to set up a SOC on their own can opt
for the Market SOC.
4.3.
The Market SOC should be in accordance to the circular
SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018 and should ensure that
participating intermediaries are in compliance to the said circular, should
they opt for the market SOC. Market SOC would provide only the technology
perspective for the abovementioned cyber security guidelines and the people &
process perspectives of cyber security as mandated by the aforementioned
circular would still be have to be managed by the intermediaries.
4.4. The
Market SOC should be evolving continuously in order to be able to manage new
security controls and guidelines that may issue by SEBI from time to time.
4.5. The
Market SOC to ensure that intermediaries participating in their SOC should
adhere to the minimum IT guidelines and security protocols all the time.
4.6. MII
will carry out audit of their Market SOC activity annually and submit the
report to SEBI.
4.7. The
Market SOC will issue an audit report as prescribed in the circular SEBI/HO/MIRSD/CIR/PB/2018/147
dated December 03, 2018, to the participating intermediary.
4.8. If an
intermediary is subscribed to Market SOC, audit report submitted by
intermediary through the Market SOC would be deemed compliant.
4.9.
Approval for the Market SOC which is to be set up as a separate entity would be
in terms of Regulation 38 of Securities Contracts (Regulation) (Stock Exchanges
and Clearing Corporations) Regulations, 2018.
5. MIIs are
directed to take necessary steps to put in place appropriate systems and
processes for implementation of the circular, including necessary amendments to
the relevant bye-laws, rules and regulations, if any, within six months from
the date of the circular.
6.
This circular is being issued in exercise of powers conferred under Section 11
(1) of the Securities and Exchange Board of India Act, 1992 and Section 19 of
the Depositories Act, 1996 to protect the interests of investors in securities
and to promote the development of, and to regulate the securities market.
Yours
faithfully,
Bithin Mahanta
Deputy General Manager
Cyber Security Cell
Market Regulation Department
Email: bithinm@sebi.gov.in
Unquote: -
Trading Members are requested to take note of the aforesaid guidelines
of SEBI and act accordingly.
Dhiraj Chakraboty
Deputy General Manager