Cyber security obligations require registrars to classify critical systems, conduct VAPT and biannual cyber audits, and report compliance. QRTAs must identify and classify critical assets-including systems with sensitive or PII data-and maintain an approved inventory; conduct VAPT (covering servers, networking and security devices) at least annually (or biannually for designated protected systems) using CERT In empaneled organisations; submit Technology Committee approved VAPT reports to SEBI within one month; remediate vulnerabilities immediately and report closure within three months; perform pre commissioning testing of critical systems; carry out biannual cyber audits and furnish an MD/CEO compliance declaration with audit reports; implement measures and report status to SEBI within ten days, effective immediately.
Cases where this provision is explicitly mentioned in the judgment/order text; may not be exhaustive. To view the complete list of cases mentioning this section, Click here.
Provisions expressly mentioned in the judgment/order text.
Cyber security obligations require registrars to classify critical systems, conduct VAPT and biannual cyber audits, and report compliance.
QRTAs must identify and classify critical assets-including systems with sensitive or PII data-and maintain an approved inventory; conduct VAPT (covering servers, networking and security devices) at least annually (or biannually for designated protected systems) using CERT In empaneled organisations; submit Technology Committee approved VAPT reports to SEBI within one month; remediate vulnerabilities immediately and report closure within three months; perform pre commissioning testing of critical systems; carry out biannual cyber audits and furnish an MD/CEO compliance declaration with audit reports; implement measures and report status to SEBI within ten days, effective immediately.
Full Summary is available for active users!
Note: It is a system-generated summary and is for quick reference only.