As a CERT-In Empaneled Security Auditor, QRC will help you understand and comply with the guidelines prescribed in the SEBI Cyber Security and Cyber Resilience Framework on a periodic basis. The SEBI Cyber Resilience Framework is crucial to comply with all Stockbrokers, Depository Participants, Mutual Funds, Asset Management Companies (AMCs), Stock Exchanges, Clearing Corporations and Depositories.
The SEBI circular SEBI/HO/MIRSD/CIR/PB/2018/147 directed that all stockbrokers must comply with the SEBI cyber security framework to maintain robust cyber security and cyber resilience framework to protect the integrity of data and privacy. The main objective of the audit is :
The audit governs data created, received or maintained by trading entities and wherever these data records are and whatever form they are in, while carrying out their designated duties and functions. The following outlines the key provisions for consideration:
Understanding the importance of having a third-party auditor to ensure your compliance, as a CERT-IN empaneled body, QRC ensures that it fits your requirements and budget and creates more value to help you remain SEBI cyber security compliant.
Working alongside the SEBI Guidelines, QRC assesses your organization with a wholesome approach, dealing with sensitive data of the customers. Our approach for assessment is as follows:
Information Gathering & Documentation Review
We provide a detailed questionnaire, shared with your teams along with other documentation, and evidence is collected on the architecture, implementation and controls to understand data flow.
Post scope definition and initial engagement, we will conduct an initial audit for understanding the infra of the organization and help our clients in identifying all the critical system platforms, network and physical components, storage locations of the sensitive information as per business requirement.
As per the assessment, and the identification of the data assets, QRC will provide remediation support for the infrastructure supporting relevant business processes and complying with the SEBI Security framework.
Reporting & Confirmation Letter
Post assessment and remediation, we will review your evidence on the closure of the Action phase as identified during the audit. On successful closure, we will share the confirmation letter that all the security controls are implemented as per the framework.