On 06-07-2022, Securities and Exchange Board of India (‘SEBI’) issued a circular on framework for Cyber Security and Cyber Resilience for all Qualified Registrars to an Issue and Share Transfer Agents (‘QRTAs’) to protect the interests of investors in securities and to promote the development of, and to regulate the securities market.
KEY POINTS:
- Two other circulars dated 08-09-2017 and 15-10-2019 were issued by SEBI prescribing framework for Cyber Security and Cyber Resilience QRTAs.
- Para 51 of Annexure A of circular dated 08-09-2017 was partially modified, stating-
- Cyber Attacks, threats, cyber incidents and breaches experienced by QRTAs must be reported to SEBI within 6 hours of detection.
- Indian Computer Emergency Response team (‘CERT-In’) must also be informed about the same in accordance with the guidelines/ directions issued by it.
- QRTAs whose systems are identified as “Protected system” by National Critical Information Infrastructure Protection Centre (‘NCIIPC’) have to report it to NCIIPC.
- Quarterly reports including any or all information that may be useful for QRTAs have to be submitted to SEBI within 15 days from the quarter ended June, September, December and March.
