SEBI Cyber Security

As a CERT-In Empaneled Security Auditor, QRC will help you understand and comply with the guidelines prescribed in the SEBI Cyber Security and Cyber Resilience Framework on a periodic basis. The SEBI Cyber Resilience Framework is crucial to comply with all Stockbrokers, Depository Participants, Mutual Funds, Asset Management Companies (AMCs), Stock Exchanges, Clearing Corporations and Depositories.

The SEBI circular SEBI/HO/MIRSD/CIR/PB/2018/147 directed that all stockbrokers must comply with the SEBI cyber security framework to maintain robust cyber security and cyber resilience framework to protect the integrity of data and privacy. The main objective of the audit is :

  • Monitor the activities of the stock exchange and ensure integrity and privacy of data is maintained.

  • Safeguard the rights of the investors

  • Ensure that Cyber Security and Cyber Resilience Framework is robust

  • Ensure compliance with SEBI guidelines and ToR (Terms of Reference)

  • Curb fraudulent practices by maintaining a balance between statutory regulations and self-regulation.

  • The audit governs data created, received or maintained by trading entities and wherever these data records are and whatever form they are in, while carrying out their designated duties and functions.  The following outlines the key provisions for consideration:

  • Identify and Protect

  • Detect and Respond

  • Remediate and Recover

Understanding the importance of having a third-party auditor to ensure your compliance, as a CERT-IN empaneled body, QRC ensures that it fits your requirements and budget and creates more value to help you remain SEBI cyber security compliant.

Audit Approach

SEBI Cyber Security

Business Understanding

Evaluating business process and environment to understand the in-scope elements

SEBI Cyber Security

Audit Scope Finalization

Detailed questionnaire is shared with your teams to aid in the scope definition, planning and preparation of the audit and objectives

SEBI Cyber Security

Initial/Readiness Assessment

As per the SEBI guidelines, we will conduct an initial audit measuring the IT related risks to enhance the reliability of processes, critical system platforms, networks and physical components.

SEBI Cyber Security

Risk Assessment

Identifying and analysing the risks in the information security posture.

SEBI Cyber Security

Data Flow Assessment

Conducting thorough systems analysis to evaluate data flow and possible leakages

SEBI Cyber Security

Remediation Support

As per the assessment QRC will provide remediation support for complying with the SEBI Security framework.

SEBI Cyber Security

Scans And Testing

Identify critical vulnerabilities in your system with a robust testing approach

SEBI Cyber Security

Evidence Review

Review of the evidence collected to assess their maturity, in line with the compliance

SEBI Cyber Security

Final Audit

Post remediation, we conduct a final audit and review your evidence as identified during the audit. On successful closure, we will share the confirmation letter that all assets defined as per the scope meet the prescribed guidelines.

SEBI Cyber Security

Concise Reporting

Our team documents a comprehensive report detailing all findings covered during the assessment cycle.

Related Updates




LinkedIn Facebook Twitter Youtube

We use cookies to enhance your user experience. By continuing to browse, you hereby agree to the use of cookies. Know more Privacy Policy & Cookies Policy.

X