Modification in Cyber Security and Cyber resilience framework of Qualified Registrars to an Issue and Share Transfer Agents (“QRTAs”)

May 27, 2022

To,
Registered Registrar to an Issue and Share Transfer Agents

Dear Sir/ Madam,

1. SEBI vide circular SEBI/HO/MIRSD/CIR/P/2017/100 dated September 08, 2017 prescribed framework for Cyber Security and Cyber Resilience for Qualified Registrars to an Issue and Share Transfer Agents (“QRTAs”)

1. 2. In partial modification to Annexure A of SEBI circular dated September 08, 2017, the paragraph-11, 40, 41 and 42 shall be read as under :
2. 1. 1.1 QRTAs shall identify and classify critical assets based on their sensitivity and criticality for business operations, services and data management. The critical assets should include business critical systems, internet facing applications /systems, systems that contain sensitive data, sensitive personal data, sensitive financial data, Personally Identifiable Information (PII) data, etc. All the ancillary systems used for accessing/communicating with critical systems either for operations or maintenance should also be classified as critical system. The Board of the QRTAs shall approve the list of critical systems.
   3. To this end, QRTAs should maintain up-to-date inventory of its hardware and systems, software and information assets (internal and external), details of its network resources, connections to its network and data flows.

To Read More….
Click the link below….

Circular : https://www.dropbox.com/s/cymrhan44s4jx34/Modification%20in%20Cyber%20Security%20and%20Cyber%20resilience%20framework%20of%20Qualified%20Registrars%20to%20an%20Issue%20and%20Share%20Transfer%20Agents%20%28%E2%80%9CQRTAs%E2%80%9D%29.pdf?dl=0