As a CERT-in empaneled company, DigiFortex offers specialized SEBI cyber security audits for mutual funds and asset management companies (AMCs) based on SEBI’s System Audit Framework. This framework includes essential cybersecurity and resilience controls, ensuring regulatory compliance, operational integrity, and risk management.
Request free consultation - Click Here
What is the System Audit Framework for Mutual Funds – SEBI Compliance?
The System Audit Framework for Mutual Funds is a regulatory requirement established by the Securities and Exchange Board of India (SEBI) to ensure that mutual funds and asset management companies (AMCs) maintain robust cybersecurity, data integrity, and operational resilience. This framework mandates periodic audits to assess and strengthen critical areas such as governance, risk management, and business continuity.
Requirements
Following the advice of SEBI’s High Powered Steering Committee on Cyber Security, it has been decided that the System Audit framework outlined in SEBI Master Circular SEBI/HO/IMD/IMD-PoD-1/P/CIR/2024/90, dated June 27, 2024, specifically in Clause 6.15 regarding the System Audit Program, will apply to all Mutual Funds and Asset Management Companies (AMC).
Key Controls in the SEBI Framework:
Governance: Defining and enforcing policies to safeguard operations.
Information Security: Protecting sensitive data from unauthorized access.
Access Management: Controlling access to information systems.
Incident Management: Proactively addressing security incidents.
Monitoring & Detection: Continuously monitoring for threats.
Backup & Recovery:Ensuring data and system recovery capabilities.
Business Controls: Maintaining effective control over operational processes.
Our approach to achieving SEBI compliance
Assessment: Reviewing current systems and processes against SEBI’s standards.
Implementation: Integrating necessary controls and enhancements.
Monitoring and Reporting: Continuous assessment and adjustment to maintain compliance.
Why DigiFortex?
As a CERT-IN empaneled body, DigiFortex provides insurers with expert guidance on System Audit Framework, ensuring robust compliance and risk management. We offer detailed assessments, proactive risk mitigation, and actionable support, enabling insurers to maintain high standards of data protection and regulatory compliance.
Our team of skilled auditors and consultants prioritizes transparency, accuracy, and actionable insights, helping you not only meet compliance but also enhance the integrity and resilience of your information systems. DigiFortex goes beyond basic auditing by offering guidance to strengthen your IT processes, protect assets, and secure data integrity, ensuring your systems function effectively under all conditions.
A small glimpse of DigiFortex’s globally recognized work
-
Completed the Prepaid Payment Instrument (PPI) audit for Amazon Pay, which included:
- IS Audit (Information System Audit)
- V-KYC (Video-based Know Your Customer)
- VAPT (Vulnerability Assessment and Penetration Testing)
- SAR (Security Assessment Report)
- RBI Data Localization compliance
- Conducted security assessments for the #1 U.S. financial institution, covering 17 of their websites across 17 countries.
- Performed a comprehensive Cloud Security Assessment for HDFC Bank.
- Provided IT audit services for the integration of HDFC’s system with the Government of India’s Solar Energy Corporation of India (SECI).
- Selected by Indian Bank to conduct a full security assessment of their data centers in Chennai and Mumbai.
Our consultants are equipped to guide your organization through this framework, ensuring you meet SEBI's regulatory standards and strengthen trust with stakeholders. Contact us today to learn more about how we can support your compliance journey.
Request free consultation - Click Here
