SEBI Cyber Security and Cyber Resilience Framework Audit

SEBI Cyber Security and Cyber Resilience Framework Audit

As a CERT-In Empaneled Security Auditor, QRC will help you understand and comply with the guidelines prescribed in the SEBI Cyber Security and Cyber Resilience Framework on a periodic basis. The SEBI Cyber Resilience Framework is crucial to comply with all Stockbrokers, Depository Participants, Mutual Funds, Asset Management Companies (AMCs), Stock Exchanges, Clearing Corporations and Depositories.

The SEBI circular SEBI/HO/MIRSD/CIR/PB/2018/147 directed that all stockbrokers must comply with the SEBI cyber security framework to maintain robust cyber security and cyber resilience framework to protect the integrity of data and privacy. The main objective of the audit is :

  • Monitor the activities of the stock exchange and ensure integrity and privacy of data is maintained.
  • Safeguard the rights of the investors
  • Ensure that Cyber Security and Cyber Resilience Framework is robust
  • Ensure compliance with SEBI guidelines and ToR (Terms of Reference)
  • Curb fraudulent practices by maintaining a balance between statutory regulations and self-regulation.

The audit governs data created, received or maintained by trading entities and wherever these data records are and whatever form they are in, while carrying out their designated duties and functions.  The following outlines the key provisions for consideration:

  • Identify and Protect
  • Detect and Respond
  • Remediate and Recover

Understanding the importance of having a third-party auditor to ensure your compliance, as a CERT-IN empaneled body, QRC ensures that it fits your requirements and budget and creates more value to help you remain SEBI cyber security compliant.

Our Approach:

Working alongside the SEBI Guidelines, QRC assesses your organization with a wholesome approach, dealing with sensitive data of the customers. Our approach for assessment is as follows:

Information Gathering & Documentation Review

We provide a detailed questionnaire, shared with your teams along with other documentation, and evidence is collected on the architecture, implementation and controls to understand data flow.

Audit Process

Post scope definition and initial engagement, we will conduct an initial audit for understanding the infra of the organization and help our clients in identifying all the critical system platforms, network and physical components, storage locations of the sensitive information as per business requirement.


As per the assessment, and the identification of the data assets, QRC will provide remediation support for the infrastructure supporting relevant business processes and complying with the SEBI Security framework.

Reporting & Confirmation Letter

Post assessment and remediation, we will review your evidence on the closure of the Action phase as identified during the audit. On successful closure, we will share the confirmation letter that all the security controls are implemented as per the framework.

  • With extensive experience under our belt, QRC can ensure that you comply with the SEBI Cyber Security and Cyber Resilience Framework guidelines and implement them correctly.
  • As a CERT-IN empaneled body, our solutions and implementation follow complete guidelines and are easy to combine with the infrastructure.
  • Apart from the audit support, we assist you with Cyber Security Incidents and Events, measuring the Control Effectiveness, calculating the Overall Risk Score, Policies, Procedures and User Training and Awareness.
  • The 56 provisions made in the guideline by large can be mapped to the NIST framework, focusing on industries vital to national and economic security, and be incorporated in the overall cybersecurity structure of the organization. This helps in strengthening the posture when preparing for compliance as per other international frameworks.

Get Free Consultation