KYC Registration Agencies must report cyber incidents within six hours and provide quarterly incident reports for regulatory oversight. KRAs must report all cyber-attacks, threats, incidents and breaches within six hours of detection and notify the national computer emergency response body; systems designated as protected must also notify the national critical information infrastructure authority. KRAs must submit quarterly reports on incidents, vulnerabilities and mitigation measures within 15 days of quarter-end using the prescribed format and dedicated e-mail, and put in place systems to implement these requirements immediately.
Cases where this provision is explicitly mentioned in the judgment/order text; may not be exhaustive. To view the complete list of cases mentioning this section, Click here.
Provisions expressly mentioned in the judgment/order text.
KYC Registration Agencies must report cyber incidents within six hours and provide quarterly incident reports for regulatory oversight.
KRAs must report all cyber-attacks, threats, incidents and breaches within six hours of detection and notify the national computer emergency response body; systems designated as protected must also notify the national critical information infrastructure authority. KRAs must submit quarterly reports on incidents, vulnerabilities and mitigation measures within 15 days of quarter-end using the prescribed format and dedicated e-mail, and put in place systems to implement these requirements immediately.
Full Summary is available for active users!
Note: It is a system-generated summary and is for quick reference only.