SEBI issues framework on Cyber Security & Cyber Resilience for Mutual Funds /Asset Management Companies (AMCs), effective April 1, 2019

SEBI issues framework on Cyber Security & Cyber Resilience for Mutual Funds /Asset Management Companies (AMCs), effective April 1, 2019

January 28, 2019 CORP, Industries, states 0

The Securities and Exchange Board of India (“SEBI”) has issued a circular dated January 10, 2019 to specify the Cyber Security & Cyber Resilience framework for Mutual Funds and Asset Management Companies (AMCs). The framework aims at protecting the interests of investors in securities and to promote the development of, and to regulate the securities market. The guidelines will gain effect from April 1,2019.

Background:

With rapid technological advancement in securities market there is need for maintaining robust cyber security and to have cyber resilience framework to protect integrity of data and guard against breaches of privacy. The Mutual Funds / Asset Management Companies (AMCs) need to have robust cyber security and cyber resilience framework in order to provide essential facilities and services and perform critical functions in securities market.

Mutual Funds / AMCs shall comply with the provisions of Cyber Security and Cyber Resilience and are required to take necessary steps to put in place systems for implementation of the framework.

The framework specifies guidelines for cyber security on the following heads:

  1. Governance
  2. Identification -of critical assets and the cyber risks that it may face
  3. Access Control
  4. Physical Security
  5. Network security management
  6. Data Security- identification and encryption of critical data and restriction on access
  7. Hardening of Hardware and Software
  8. Application Security in Customer Facing Applications
  9. Certification of off-the-shelf products
  10. Patch Management Procedures
  11. Disposal of data, systems and storage devices
  12. Conduction of Vulnerability Assessment and Penetration Testing (VAPT)
  13. Security Monitoring and Detection systems
  14. Response and Recovery upon alerts
  15. Sharing of Information
  16. Training and Education of staff
  17. Periodic Audit
  18. Appropriate Monitoring of Vendors and Service Providers

Source: Securities and Exchange Board of India

Share this:

About the author

Lexplosion:

0 Comments

Would you like to share your thoughts?

Your email address will not be published. Required fields are marked *

Leave a Reply