MANU/SSMD/0025/2022

Ministry : Securities and Exchange Board of India

Department/Board : Market Intermediaries Regulation and Supervision Department

Circular No. : SEBI/HO/MIRSD/TPD/P/CIR/2022/80

Date : 07.06.2022

Notification/ Circulars Referred : Circular SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018 MANU/SDEP/0005/2018

Citing Reference:
Circular SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018 MANU/SDEP/0005/2018  Referred

To

All Recognised Stock Exchanges and Depositories

Dear Sir/Madam,

Modification in Cyber Security and Cyber resilience framework for Stock Brokers/Depository Participants

1. SEBI vide circular SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018 prescribed framework for Cyber Security and Cyber Resilience for Stock Brokers/Depository Participants.

2. In partial modification to Annexure-1 of SEBI circular dated December 03, 2018, the paragraph-11, 41, 42 and 44 shall be read as under:

11. Stock Brokers/Depository Participants shall identify and classify critical assets based on their sensitivity and criticality for business operations, services and data management. The critical assets shall include business critical systems, internet facing applications/systems, systems that contain sensitive data, sensitive personal data, sensitive financial data, Personally Identifiable Information (PII) data, etc. All the ancillary systems used for accessing/communicating with critical systems either for operations or maintenance shall also be classified as critical system. The Board/Partners/Proprietor of the Stock Brokers/Depository Participants shall approve the list of critical systems.

To this end, Stock Brokers/Depository Participants shall maintain up-to-date inventory of its hardware and systems, software and information assets (internal and external), details of its network resources, connections to its network and data flows.