New Delhi:
Capital markets regulator SEBI on Friday laid out a comprehensive testing framework for information technology (IT) systems of stock exchanges and other market infrastructure institutions (MIIs).
Throughout the lifecycle of MII’s IT systems – stock exchanges, clearing corporations, and depositories – there will be a framework that can assist MII in conducting a thorough risk assessment prior to deploying any IT systems in production or live environments.
According to a circular, under the framework, all MIIs have been asked to conduct extensive testing, validation and documentation whenever new systems or changes to existing systems are introduced prior to deployment in production/live environments.
In addition, they will have to establish a comprehensive methodology for system testing, functional testing and application security testing, and this will need to be approved by the Standing Committee on Technology (SCOT) of the respective MII.
The scope of testing includes business logic, system function, security controls, and system performance under load and stress conditions. Furthermore, any dependencies on existing systems will be properly tested.
“The test should be conducted in an isolated environment that replicates/mirrors the production environment to minimize any interference,” Sebi said.
According to the regulator, all issues identified from the test, including system defects or software bugs, should be properly tracked and fixed immediately.
In addition, major issues causing damage to the MII should be reported to their SCOT and addressed prior to deployment in a production environment.
In addition, MII has been asked to establish policies and procedures on the use of third-party systems or software code to ensure that these systems are subject to review and testing before being integrated with its systems.
MIIs are directed to perform white box testing or structural testing, which involves analysis of data flow, control flow, information flow, coding practices, exception and error handling within the system.
Further, they have been asked to submit the test framework of all their IT systems after SCOT approval within 30 days.
(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)