*****SEBI mandates cyber security audit for KRAs – The Hindu BusinessLine

lipped from: https://www.thehindubusinessline.com/markets/sebi-mandates-cyber-security-audit-for-kras/article65476529.ece

KYC Registration Agencies should conduct a comprehensive cyber audit at least twice in a fiscal year

As per a mandate by SEBI, the KYC Registration Agencies (KRAs) will have to conduct a comprehensive cyber audit at least twice in a fiscal year. They will also have to submit a statement from the Managing Director and Chief Executive Officer certifying compliance by them with SEBI’s cyber-security related guidelines and notices issued periodically, SEBI said in a circular on Monday. 

The new rules say that KRAs will have to identify and classify critical assets based on their sensitivity and criticality to business operations, services and data management. SEBI said the critical assets should include business-critical systems, Internet-facing applications/systems, systems containing sensitive data, sensitive personal data, sensitive financial data, personally-identifiable information data, among others. It added that all ancillary systems utilised to access or communicate with critical systems, must also be classified as critical systems. The KRAs’ boards are also required to approve the list of critical systems now.

‘’To this end, KRA must maintain an up-to-date inventory of its hardware and systems, software and information assets (internal and external), details of its network resources, connections to its network and data flows,’‘ SEBI said.

Published on May 30, 2022

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s