Annual system audit requirement ensures independent IT controls assessment, documented non compliances and mandated regulatory reporting. SEBI mandates an Annual System Audit for Market Infrastructure Institutions covering IT environment, governance, security, change control, business continuity and vendor/HR practices. Auditors must meet selection and rotation norms, be free of conflicts, have sector experience and CERT In empanelment. Audit reports must document findings with evidence, risk ratings, remediation plans and timelines, address previous open items, be placed before the Governing Board, and be submitted to SEBI within prescribed timelines along with an MD/CEO security declaration; follow on audits or verified Action Taken Reports are required as applicable.
Cases where this provision is explicitly mentioned in the judgment/order text; may not be exhaustive. To view the complete list of cases mentioning this section, Click here.
Provisions expressly mentioned in the judgment/order text.
Annual system audit requirement ensures independent IT controls assessment, documented non compliances and mandated regulatory reporting.
SEBI mandates an Annual System Audit for Market Infrastructure Institutions covering IT environment, governance, security, change control, business continuity and vendor/HR practices. Auditors must meet selection and rotation norms, be free of conflicts, have sector experience and CERT In empanelment. Audit reports must document findings with evidence, risk ratings, remediation plans and timelines, address previous open items, be placed before the Governing Board, and be submitted to SEBI within prescribed timelines along with an MD/CEO security declaration; follow on audits or verified Action Taken Reports are required as applicable.
Full Summary is available for active users!
Note: It is a system-generated summary and is for quick reference only.