As per a mandate by SEBI, the KYC Registration Agencies (KRAs) will have to conduct a comprehensive cyber audit at least twice in a fiscal year. They will also have to submit a statement from the Managing Director and Chief Executive Officer certifying compliance by them with SEBI’s cyber-security related guidelines and notices issued periodically, SEBI said in a circular on Monday.
The new rules say that KRAs will have to identify and classify critical assets based on their sensitivity and criticality to business operations, services and data management. SEBI said the critical assets should include business-critical systems, Internet-facing applications/systems, systems containing sensitive data, sensitive personal data, sensitive financial data, personally-identifiable information data, among others. It added that all ancillary systems utilised to access or communicate with critical systems, must also be classified as critical systems. The KRAs’ boards are also required to approve the list of critical systems now.
‘’To this end, KRA must maintain an up-to-date inventory of its hardware and systems, software and information assets (internal and external), details of its network resources, connections to its network and data flows,’‘ SEBI said.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.