HOME |SEBI-CSCRF
SEBI-CSCRF
SEBI-CSCRF (Consolidated Cybersecurity and Cyber Resilience Framework)
The use of Information Technology has grown rapidly in securities market and has become a critical component of SEBI Regulated Entities (REs). However, with these swift technological advancements, protection of IT infrastructure and data through cybersecurity measures has become a key concern for SEBI and its REs. In order to enhance the scope of cybersecurity and cyber resilience framework, to address the need of uniformity of cybersecurity guidelines for all REs and to strengthen the mechanism to deal with cyber risks / threats / incidents, the master framework on cybersecurity and cyber resilience has been drafted. The framework provides a common structure for multiple approaches to cybersecurity to prevent any cyber-risks / incidents. The framework follows graded approach and divides the guidelines in three parts:
- Applicable to all REs (SEBI registered / recognised intermediaries (for example brokers, mutual funds, KYC Registration Agencies, QRTAs, etc.)
- Applicable to specified REs2
- Applicable to Market Infrastructure Institutions (MIIs)- Stock Exchanges, Depositories and Clearing Corporations
The framework shall be applicable to the following REs:
- Stock Exchanges
- Clearing Corporations
- Depositories
- Stock Brokers through Exchanges
- Depository Participants through Depositories
- Asset Management Companies (AMCs)/ Mutual Funds (MFs)
- Qualified Registrars to an Issue and Share Transfer Agents
- KYC Registration Agencies (KRAs)
SEBI-CSCRF compliance services can include:
Framework Compliance, Audit, Report submission, and Timeline:
This section provides details regarding submission of compliance to this master framework, ISO audit, VAPT, Cyber audit, and timelines for these audits and compliance. The framework is based on five concurrent and continuous functions of cybersecurity as defined by NIST – Identify, Protect, Detect, Respond, and Recover. It references globally recognized standards, e.g., NIST Special Publication 800-53 Revision 5, COBIT 5, and CIS controls for cybersecurity controls, outcomes, and guidance to achieve those outcomes. It can be managed by
- Measures against Phishing attacks/ websites
- Roles and Responsibilities of Chief Information Security Officer (CISO)/Designated Officer
- Patch Management and Vulnerability Assessment and Penetration Testing (VAPT)
- Measures for Data Protection and Data breach
- Log retention
- Password Policy/ Authentication Mechanisms
- Privilege Management
- Cybersecurity Controls
- Security of Cloud Services
- Implementation of CERT-In/ CSIRT-Fin Advisories Concentration Risk on Outsourced Agencies
- Audit and Certification of ISO 27001
SEBI-CSCRF compliance services can be a valuable investment for organizations of all sizes. By implementing SEBI-CSCRF compliance services, organizations can reduce their risk of data breaches and protect their customer’s data.
NISHAJ OFFERINGS
The best service offered by Nishaj for SEBI-CSCRF compliance services will vary depending on the specific needs of the organization. However, some of the most common services offered by us include:
- Assessment:This involves evaluating an organization's compliance with the SEBI-CSCRF.
- Gap analysis:This involves identifying the gaps between an organization's current security practices and the requirements of the SEBI-CSCRF.
- Training:This involves providing training to an organization's employees on SEBI-CSCRF compliance.
- Consulting:This involves providing advice and guidance to an organization on how to improve its compliance with the SEBI-CSCRF.
- Implementation:This involves helping an organization implement the necessary security controls to achieve SEBI-CSCRF compliance
- Remediation: This involves helping an organization remediate any compliance gaps that have been identified.
- Monitoring:This involves providing ongoing monitoring and support to help an organization maintain SEBI-CSCRF compliance.
Our services offered for SOC Service compliance will vary depending on the specific needs of the organization. However, some of our services include:
- Assessment: This involves evaluating an organization's current compliance with the applicable SOC standard.
- Gap analysis : This involves identifying the gaps between an organization's current compliance and the requirements of the applicable SOC standard.
- Training : This involves providing training to an organization's employees on the applicable SOC standard and security best practices.
- Consulting : This involves providing advice and guidance to an organization on how to improve its compliance with the applicable SOC standard.
- Implementation : This involves helping an organization implement the necessary controls to achieve SOC compliance.
- Remediation : This involves helping an organization remediate any compliance gaps that have been identified.
- Monitoring : This involves providing ongoing monitoring and support to help an organization maintain SOC compliance.
If you are considering implementing SOC services, we can help you to choose the right services for your organization and implement them effectively. Call us now.
Need a Cyber Security/Information Security or ComplianceExpert?
Use the field below to allow us to understand the topic you want to discuss. Nishaj representative will reach out you to confirm your issue and connect you with an expert for your requirement related 30-minute consultation via phone or web means.