SEBI Issues Advisory for Regulated Entities for Best Cybersecurity Practices

  • Blog|News|Company Law|
  • 2 Min Read
  • By Taxmann
  • |
  • Last Updated on 24 February, 2023

Cybersecurity practices

Circular No. SEBI/HO/ITD/ITD_VAPT/P/CIR/2023/032, Dated 22.02.2023

The SEBI noticed that efficient and effective responses to and recovery from a cyber-incident by REs are essential to limit any related financial stability risks. For ensuring the same, Financial Computer Security Incident Response Team (CSIRT-Fin) has provided important recommendations to SEBI.

The compliance of the advisory shall be provided by the REs along with the cybersecurity audit. The compliance shall be submitted according to the existing reporting mechanism and frequency of the respective cybersecurity audit. The applicable recommendations in the form of advisory are enclosed in Annexure-A attached to the circular.

REs are advised to define the roles and responsibilities of the Chief Information Security Officer (CISO) and other senior personnel. Reporting and compliance requirements shall be clearly specified in the security policy.

The SEBI has also prescribed measures for Data Protection and Data breaches. Some of them are:

(a) REs are advised to prepare a detailed incident response plan.

(b) Enforce effective data protection, backup, and recovery measures.

(c) Encryption of the data at rest should be implemented to prevent the attacker from accessing the unencrypted data.

(d) Identify and classify sensitive and Personally Identifiable Information (PII) data and apply measures for encrypting such data in transit and at rest.

(e) Deploy data leakage prevention (DLP) solutions/processes.

Further, a Strong password policy should be implemented. The policy should include a clause for periodic review of accounts of ex-employees Passwords should not be reused across multiple accounts or a list of passwords should not be stored on the system.

Also, the REs are also advised to go for ISO certification as the same provides a reasonable assurance on the preparedness of the RE with respect to cybersecurity. Due diligence with respect to the audit process and tools used for such audits needs to be undertaken to ensure the competence and effectiveness of audits.

Click Here To Read The Full Circular

Disclaimer: The content/information published on the website is only for general information of the user and shall not be construed as legal advice. While the Taxmann has exercised reasonable efforts to ensure the veracity of information/content published, Taxmann shall be under no liability in any manner whatsoever for incorrect information, if any.

Leave a Reply

Your email address will not be published. Required fields are marked *

Everything on Tax and Corporate Laws of India

To subscribe to our weekly newsletter please log in/register on

Author: Taxmann

Taxmann Publications has a dedicated in-house Research & Editorial Team. This team consists of a team of Chartered Accountants, Company Secretaries, and Lawyers. This team works under the guidance and supervision of editor-in-chief Mr Rakesh Bhargava.

The Research and Editorial Team is responsible for developing reliable and accurate content for the readers. The team follows the six-sigma approach to achieve the benchmark of zero error in its publications and research platforms. The team ensures that the following publication guidelines are thoroughly followed while developing the content:

  • The statutory material is obtained only from the authorized and reliable sources
  • All the latest developments in the judicial and legislative fields are covered
  • Prepare the analytical write-ups on current, controversial, and important issues to help the readers to understand the concept and its implications
  • Every content published by Taxmann is complete, accurate and lucid
  • All evidence-based statements are supported with proper reference to Section, Circular No., Notification No. or citations
  • The golden rules of grammar, style and consistency are thoroughly followed
  • Font and size that's easy to read and remain consistent across all imprint and digital publications are applied