BSE revises reporting requirements under the cyber security and cyber resilience framework of SEBI; reports for first quarter to be submitted by August 30, 2019
The Bombay Stock Exchange (“BSE”) has, in a notice dated August 16, 2019, issued certain clarifications/ revisions to the reporting requirement under Cyber Security & Cyber Resilience framework for Stock Brokers/Depository Participants.
The Securities and Exchange Board of India had previously in a circular dated December 3, 2018, shared a framework on cyber security and cyber resilience to protect the integrity of data and guard against breaches of privacy.
Pursuant to this, the BSE had issued a notice, dated 16th July, 2019 specifying the format, mode and timeline for sending in the reports. As per the said notice, the reports were to be sent to firstname.lastname@example.org for each quarter, on 1st of the next month, i.e. for July-September quarter, the report were to be sent on October 1, 2019.
Now, the BSE has issued a fresh circular providing clarity on certain points and revising the reporting requirements.
- Any cyber security incident(s) impacting the business must be reported on a quarterly basis.
- The reporting format has been revised. Part I of the form is mandatory for the quarterly report, Part II is to be submitted on the occurrence of an incident which impacted the business.
- The reports must be sent to email@example.com and the scanned copies must be signed by Designated Officer appointed for assessing, identifying, and reducing security and Cyber Security risks.
- The earlier notice sated that submissions were to be made from the quarter ending September onwards. Now, the new notice specifies that the report for the first quarter ending on June 30, 2019 must be submitted on or before August 30, 2019.
- The timeline for the quarterly submission is also revised and now the reports must be submitted within 15 days from the end of respective quarter as opposed to the previous timeline of 1st of the next month.
- The Designated Officer on receipt of any information with respect to the unusual activities and events must inform the BSE within 24 hours of receipt of such information.
BSE has also informed that an electronic interface to submit this report will be notified in the near future.
Source: Bombay Stock Exchange