Securities and Exchange Board of India (Sebi) has issued fresh guidelines on Friday to enhance cyber security and resilience for managing directors or CEOs of stock exchanges and other market infrastructure institutions (MIIs).
The new framework, effective immediately, aims to bolster cyber security measures across MIIs, including stock exchanges, clearing corporations, and depositories. As part of the guidelines, MIIs are mandated to conduct a cyber audit at least twice during a financial year.
Sebi has instructed all MIIs to obtain a compliance declaration from their MD or CEO. This declaration should confirm the implementation of comprehensive processes, including incentivization or disincentivisation structures, for the identification and resolution of vulnerabilities within the organization's IT systems.
Additionally, MIIs are required to ensure that they have adequate resources for staffing their Security Operations Center (SOC) and that they adhere to all cyber security-related circulars and advisories issued by Sebi.
For MIIs whose systems have been designated as 'critical information infrastructure' by the National Critical Information Infrastructure Protection Centre (NCIIPC), a further mandate is to provide regular updates on vulnerabilities in their "protected systems" to NCIIPC.
MIIs are also directed to communicate the implementation status of the new guidelines to Sebi within a 30-day period.