Industry Insights • 10 ΜΙΝ READ

New SEBI Cybersecurity & Cyber Resilience Framework. What Compliance Measures Mean for India-Based Business

by Eleanor Barlow • Sep 2024

The ‘Security and Exchange Board of India’ (SEBI) has announced a new Cybersecurity and Cyber Resilience Framework (CSCRF) listing how all SEBI-registered entities must have a Security Operations Center (SOC).

These SOCs can be either:

  1. In-house
  2. Through a group entity
  3. Via a third-party provider

Deadlines and Goals

Deadlines: Existing entities must comply by January 1, 2025. New entities have until April 1, 2025.

The Goal: The framework aims to help entities anticipate, withstand, contain, recover, and evolve from cyber threats

‘The key objective of CSCRF is to address evolving cyber threats, to align with the industry standards, to encourage efficient audits, and to ensure compliance by SEBI REs. The CSCRF also sets out standards formats for reporting by REs.’ – SEBI

Who Will These Requirements Impact?

This requirement will impact all Sebi-registered entities, including:

  • All Alternative Investment Funds (AIFs)
  • All Bankers to an Issue (BTI) and Self Certified Syndicate Banks (SCSBs)
  • All Clearing Corporations
  • All Collective Investment Schemes (CIS)
  • All Credit Rating Agencies (CRAs)
  • All Custodian
  • All Debenture Trustees (DTs)
  • All Depositories
  • All   Designated Depository Participants (DDPs)
  • All Depository Participants through Depositories
  • All Investment Advisors (IAs) / Research Analysts (RAs)
  • All KYC Registration Agencies (KRAs)
  • All Merchant Bankers (MBs)
  • All Mutual Funds (MFs)
  • Asset Management Companies (AMCs)
  • All Portfolio Managers
  • All Registrar to an Issue and Share Transfer Agents (RTAs)
  • All Stock Brokers through Exchanges
  • All Stock Exchanges
  • All Venture Capital Funds (VCFs)

The National Stock Exchange (NSE) and Bombay Stock Exchange (BSE) will set up M-SOCs to help smaller entities that can’t maintain their SOCs.

‘As compliance with the cybersecurity guidelines may be onerous for smaller REs due to the lack of knowledge and expertise in cybersecurity and the cost factor involved in setting up own SOC. Therefore, CSCRF mandates NSE and BSE to set up Market SOC(M-SOC) with the objective of providing cybersecurity solutions to such categories of REs.’ – SEBI

The Benefits of CSCRF

SecurityHQ is aware of the threats that third parties and supply chain attacks pose to businesses. A key element this governance aims to support is highlighting supply chain risk management.

‘CSCRF highlights the importance of governance and supply chain risk Management and at the same time, it focuses on evolving security guidelines such as data classification and localization, Application Programming Interface (API) security, Security Operations Centre (SOC), and measuring its efficacy, Software Bill of Materials (SBOM), etc.’ – SEBI

‘The Cybersecurity and Cyber Resilience Framework (CSCRF) built by SEBI is comprehensive and robust and is in the best interest of SEBI registered entities and their end consumers. Holistic adoption of this framework needs commitment from the entities and their SOC partners to ensure implementation and compliance.‘ – Sanket Khanolkar, COO & Chief People Officer, SecurityHQ

With this requirement in place, it will make it easier for businesses to:

  1. Report incidents promptly.
  2. Establish a comprehensive Incident Response Management plan and applicable SOPs.
  3. Formulate an up-to-date Cyber Crisis Management Plan.
  4. Conduct root cause analysis in the event of an incident.
  5. Have access to forensic analysis if detailed investigation is required.

How SecurityHQ Can Support You Through the Transition

Based in Pune, India, one of SecurityHQ’s global SOC teams is there to provide customers with the help they need to implement a SOC, meet certain objectives, and implement standards and mandatory guidelines.

‘SecurityHQ is currently the trusted SOC partner for several enterprise-grade BFSIs in India which need to comply with both SEBI’s (CSCRF) and RBI guidelines. These are household names, and they take their cyber security very seriously. As their SOC partner, SecurityHQ has consistently demonstrated improvement in their security posture and compliance with the SEBI’s framework along with other relevant global ones like ISO 27001 & ISO 27701.

Today, SecurityHQ is one of the most advanced SOC partners in India with proven experience in helping its clients comply with SEBI’s CSCRF. Our proven track record gives us the conviction to appeal to other BFSI entities in India to confidently reach out to us and experience our service to comply with the framework.’ – Sanket Khanolkar, COO & Chief People Officer, SecurityHQ

Fill out a form here, to solve this issue quickly and securely, with SecurityHQ.