Cyber Security and Cyber Resilience Audit of Trading Members (Type-III)

NOTICES

Notice No.		20241011-4		Notice Date		11 Oct 2024
Category		Others		Segment		General
Subject		Cyber Security and Cyber Resilience Audit of Trading Members (Type-III)
Attachments		CSAR_Annexure_V.pdf ; CSAR_Audit_TOR III.pdf ; CSAR_Annexure III.pdf ; CSAR_Annexure_IV.pdf ; CSAR_Annexure_II.pdf ; CSAR_Annexure_I.pdf ;
Content

To?All Members,<_o3a_p>

In accordance with SEBI circular no. SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018, SEBI/HO/MIRSD/DOP/CIR/P/2019/109 dated October 15, 2019, SEBI/HO/MIRSD/TPD/P/CIR/2022/80 dated June 07, 2022 and SEBI/HO/MIRSD/TPD/P/CIR/2022/93 dated June 30, 2022 and Exchange circular no. 20191022-27 dated October 22, 2019 in relation to Cyber Security & Cyber Resilience framework for Stock Brokers / Depository Participants, Stock Brokers who have used Algorithmic Trading facility (Type III brokers) to trade for the half year ended September 30, 2024, are required to conduct Cyber Security and Cyber Resilience Audit for the period April 01, 2024 to September 30, 2024.<_o3a_p>

The Trading Members are required to note the following:<_o3a_p>

Last Date for Submission<_o3a_p>
Type of Trading Members<_o3a_p>	Preliminary Audit report<_o3a_p>	Corrective Action Report<_o3a_p>
QSB & Non QSB<_o3a_p>	November 30, 2024<_o3a_p>	February 28, 2025<_o3a_p>

All Trading members are requested to take note that, for each non-compliance reported by the auditor, trading members are required to submit corrective action taken report as per above mentioned timelines. On review of details of corrective action submitted by trading member, the auditor shall submit the status of compliance as Compliant or Non-Compliant on BESF. The process for submitting the details of corrective action taken by trading member through ATR and auditor's confirmation on compliance status of ATR shall be provided through separate circular.<_o3a_p>

Further, based on audit findings and related risks, auditor should indicate if a follow-on audit is required to review the status of NCs (Non-Compliances). To ensure timely corrective actions are taken by the Trading members, follow-on audit, if any, shall be scheduled by the trading member as per above mentioned timelines.<_o3a_p>

Submission of Cyber Security and Cyber Resilience Audit shall be considered complete only after trading member submits the report to the Exchange after providing management comments. Further, the auditor must provide compliance status for each TOR item as Compliant/Non-Compliant/Not Applicable and in case of any TOR item which is not applicable, auditor is required to provide justification for the non-applicability of said TOR.<_o3a_p>

Trading members shall comply with any non-compliance/ non-conformities (NCs) pending submissions for Cyber Security and Cyber Resilience Audit for the previous audit period by submitting ATR and/or Follow -on audit report through BEFS Portal.<_o3a_p>

Trading members are requested to take note of the Exchange circular 20231005-54 dated October 05, 2023, regarding "Revised Penalties/disciplinary action(s)/charges for System Audit Report & Cyber Security and Cyber Resilience Audit Report related submissions".<_o3a_p>

The following penalty/disciplinary actions as provided in Table A would be initiated against the Trading Member for Delay/Non-submission of Preliminary Audit Report / Corrective Action Taken Report related submissions". The details of Penalties/disciplinary action(s)/charges have been provided in Annexure V.<_o3a_p>

The link for the submission of Cyber Security Audit report shall be available from October 18, 2024.<_o3a_p>

Submission of Cyber Security and Cyber Resilience Audit shall be considered complete only after trading member submits the report to the Exchange after providing management comments. Further, auditor must provide compliance status for each TOR item as Compliant/Non-Compliant and Not Applicable and in case of any TOR item which is not applicable, auditor is required to provide justification for the non-applicability of said TOR.<_o3a_p>

Trading members shall comply with any Non-Compliance pending for Cyber Security and Cyber Resilience Audit for the previous audit period by submitting ATR report as the case may be through BEFS.<_o3a_p>

Stockbrokers are requested to refer to the following guideline documents while submitting the Cyber Security and Cyber Resilience Audit.<_o3a_p>

<_o3a_p>

Ø Auditor Selection Process - Annexure I<_o3a_p>Ø Audit Process - Annexure II<_o3a_p>Ø Auditor User Manual - Annexure III<_o3a_p>Ø Member User Manual - Annexure IV<_o3a_p>Ø Cyber Terms of Reference (TOR) - III<_o3a_p>

<_o3a_p>

It may be noted that submission of Cyber Security and Cyber Resilience Audit shall be considered complete only after Member submits the report to the Exchange and receives an acknowledgment email. Saved reports/reports submitted by auditor will not be considered as final submission to Exchange.<_o3a_p>

Members are requested to take note of the above and ensure compliance to avoid disincentives.<_o3a_p>

<_o3a_p>

In case of any queries/clarifications, you may contact at the following numbers as mentioned in the table 2 below.<_o3a_p>

<_o3a_p>

Table 2: Submission Related Contacts<_o3a_p>
Purpose<_o3a_p>	Contact Nos.<_o3a_p>	Email ID<_o3a_p>
Cyber Security and Cyber Resilience Audit XBRL related issues<_o3a_p>	+91 9316749660<_o3a_p>	bse.xbrl(at)bseindia.com<_o3a_p>
Cyber Security and Cyber Resilience Audit Process related<_o3a_p>	022- 22725841<_o3a_p>	bse.msc(at)bseindia.com<_o3a_p>

<_o3a_p>

For and on behalf of BSE Ltd. <_o3a_p>

<_o3a_p>

<_o3a_p>

<_o3a_p>

Devendra Kulkarni <_o3a_p>

<_o3a_p>

Additional General Manager<_o3a_p>

<_o3a_p>

Public link

Please use the above public link if you want to share this noodl on another website.