As a CERT-In Empaneled organization, DigiFortex offers a complete SEBI Cyber Security & Cyber Resilience Framework (CSCRF) solution designed to strengthen organizations' cybersecurity defenses and lower their risk of cyberattacks. We follow detailed, step-by-step procedures to help you gain a solid understanding of the CSCRF and implement it effectively. We begin by analyzing your cybersecurity setup, identifying any gaps based on SEBI’s guidelines that apply to Stockbrokers, Depository Participants, Mutual Funds, AMCs, Stock Exchanges, Clearing Corporations, and Depositories and then creating clear steps to improve and secure your systems.
Reach out to us to learn more about the Cyber Security & Cyber Resilience Framework and how DigiFortex can support you in meeting SEBI's requirements.
Request free consultation - Click Here
What is SEBI – Cyber Security & Cyber Resilience Framework
The SEBI mandate, outlined in circular SEBI/HO/MIRSD/CIR/PB/2018/147, requires all stockbrokers to adopt a robust cyber security and resilience framework, prioritizing data integrity and privacy.
The CSCRF is built on established standards and incorporates five key cyber resilience goals inspired by the Cyber Crisis Management Plan (CCMP) from the Indian Computer Emergency Response Team (CERT-In): Anticipate, Withstand, Contain, Recover, and Evolve. These goals align with core cybersecurity functions, including Governance, Identify, Protect, Detect, Respond, and Recover.
Cyber Capability Index (CCI)The CSCRF introduces a Cyber Capability Index (CCI), which allows organizations to assess and rate their cybersecurity and resilience controls. MIIs (Market Infrastructure Institutions) and Qualified REs (Regulated Entities) will use the CCI to submit their scores, enabling them to track and evaluate their progress in cyber resilience over time.
Our aims:- Monitor trading activities while safeguarding data integrity and privacy
- Protect investor rights
- Ensure a strong cyber security and resilience framework
- Maintain compliance with SEBI’s guidelines and Terms of Reference (ToR)
- Prevent fraudulent practices by balancing regulatory requirements and self-regulation
Our Proven Audit Approach
Our approach is organized into four key phases:
Phase 1: Audit PlanningWe define the audit’s scope and objectives, setting a clear plan for the entire process.
Phase 2: Risk Assessment and Business Process AnalysisWe assess, measure, and control IT-related risks to strengthen the reliability of business processes and the information system as a whole.
Phase 3: Audit Execution (Compliance and System Review)We evaluate controls over essential systems, network and physical components, and IT infrastructure that support critical business functions.
Phase 4: ReportingWe provide a detailed report of the audit findings, conclusions, and recommendations, highlighting areas of compliance, non-compliance, and potential improvements.
We focus on secure data management across all forms and locations where trading entities create, receive, or maintain data as they carry out their duties. Our key focus areas include:
- Identification and Protection
- Detection and Response
- Remediation and Recovery
Implementation Timeline
For six categories of REs that already have a cybersecurity and cyber resilience circular, compliance is required by January 1, 2025. For other REs where the CSCRF is newly issued, the deadline for implementation is April 1, 2025.
Why DigiFortex?
As a CERT-In empaneled and ISO 27001:2022 certified organization, DigiFortex is globally recognized in providing Information Security consulting. Our team started McAfee in India and holds 17 US patents.
Our team is composed of globally certified experts, including ISO 27001 Lead Auditors for Information Security, Certified Information Privacy Professionals for Europe (CIPP/E) from the International Association of Privacy Professionals (IAPP), DSCI Certified Privacy Lead Assessors (DCPLA), CCSA, CISM, CISA, ISO 27001 LA, CEH, CRTP and more. Backed by diverse industry experience, our professionals provide comprehensive security and privacy solutions tailored to meet the highest standards.
A small glimpse of DigiFortex’s globally recognized work
-
Completed the Prepaid Payment Instrument (PPI) audit for Amazon Pay, which included:
- IS Audit (Information System Audit)
- V-KYC (Video-based Know Your Customer)
- VAPT (Vulnerability Assessment and Penetration Testing)
- SAR (Security Assessment Report)
- RBI Data Localization compliance
- Conducted security assessments for the #1 U.S. financial institution, covering 17 of their websites across 17 countries.
- Performed a comprehensive Cloud Security Assessment for HDFC Bank.
- Provided IT audit services for the integration of HDFC’s system with the Government of India’s Solar Energy Corporation of India (SECI).
- Selected by Indian Bank to conduct a full security assessment of their data centers in Chennai and Mumbai.
We provide tailored guidance for implementing and complying with the SEBI Cyber Security & Cyber Resilience Framework (CSCRF) based on your organization’s unique needs. Our experienced leaders ensure you have a strong foundation and a clear path forward in meeting SEBI’s standards.
Dedicated Support TeamOur team of skilled cybersecurity professionals is ready to assist you throughout the compliance process. From daily cybersecurity tasks to complex compliance activities, our team supports your organization at every step.
Comprehensive Compliance TrackingWe design and implement a detailed SEBI CSCRF compliance tracking system aligned with your business goals. This allows for real-time monitoring of compliance progress, ensuring you stay on track and meet all requirements effectively.
Adherence to Industry StandardsOur SEBI CSCRF compliance program is aligned with globally recognized cybersecurity standards, including ISO 27001 and NIST, ensuring robust security practices that meet the highest industry benchmarks.
Request free consultation - Click Here
