According to a circular, the incident will also be reported to the Indian Computer Emergency Response Team as per the guidelines issued by CERT-In from time to time.
According to a circular, the incident will also be reported to the Indian Computer Emergency Response Team as per the guidelines issued by CERT-In from time to time.
Capital markets regulator Securities and Exchange Board of India (SEBI) has asked KYC registration agencies (KRAs) to report all cyber attacks, threats and breaches experienced by them within six hours of detection of such incidents.
According to a circular, the incident will also be reported to the Indian Computer Emergency Response Team (CERT-In) as per the guidelines issued by CERT-In from time to time.
Additionally, KRAs, whose systems have been identified as ‘protected systems’ by the National Center for Protection of Critical Information Infrastructure (NCIIPC), will also report such incidents to the NCIIPC.
The regulator said on July 5, “All cyber attacks, threats, cyber incidents and breaches experienced by the KRA shall be reported to SEBI within six hours of the detection/detection of such incidents or taking notice of such incidents.” Will report.”
Quarterly report containing information on cyber attacks, threats, cyber incidents and measures taken to mitigate breaches and vulnerabilities experienced by stockbrokers and depository participants, including information on bug vulnerabilities, threats that may be shared by others may be useful, must be presented. to SEBI within 15 days from the end of each quarter.
This information will be shared with SEBI through a dedicated e-mail ID. Last month, the regulator came out with a similar directive for stock brokers and depository participants.