Market regulator SEBI has tightened the scrutiny around technology set-up at stock exchanges and put the onus of ensuring accuracy on the Standing Committee on Technology (SCOT) of the respective exchanges. The tightening of rules by SEBI would mainly impact exchanges that want to change their technology providers.
In a circular issued recently, SEBI has said that SCOT will be responsible for approving the methodology of system testing, functional testing, system performance under stress conditions and application security testing. Major issues that could have an adverse impact should be reported to SCOT and addressed prior to deployment to the production environment. SEBI has mandated that exchanges do extensive testing, validation and documentation whenever new systems/ applications or changes to existing systems/applications are introduced before the deployment in a production/live environment. Such documentation has to be comprehensive.
All the market infrastructure institutions (MIIs), i.e. the stock exchanges, will now have to form policies and procedures on the use of third systems/applications/software codes to ensure these systems are subject to review and testing before they are integrated with the systems of the MIIs.
SEBI has said that the scope of testing should cover business logic, system function, security controls and system performance under load and stress conditions. Any dependency on the existing systems should be properly tested. The testing environment should replicate the production environment, and testing methods should be provided in the nitty-gritty. Documentation must now be verified by the system audit auditor considering key aspects like time value and manpower cost. Also, auditors will be responsible for all testing results, including results of User Acceptance Testing (UAT), that were conducted and documented in the test report.
All MIIs should ensure that core code components operate as intended and do not produce unintended consequences. Further, any new code should be fine with the existing functionality. All MIIs must ensure that Application Programming Interface Testing is done so that the concerned application can interact with other applications without causing disruptions. Test code coverage tool is mandated. MIIs need to develop expertise and also procure tools.
- Editorial.SEBI scores high on IOSCO’s review
As per SEBI, all MIIs should periodically conduct non-functional testing such as volume testing, resilience testing, scalability testing, performance testing, stress testing, application security testing, BCP testing, negative/destructive testing etc., for all IT systems/applications throughout their life cycle (pre-implementation, post-implementation, after changes). All MIIs should perform white box testing or structural testing, which should include analysing data flow, control flow, information flow, coding practices, exception and error handling within the system.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.