https://www.taxtmi.com/circulars?id=62816 KRAs must implement a Board approved Cyber Security and Cyber Resilience policy by January 1, 2020, appoint a CISO, form a Technology Committee for quarterly reviews, and follow an identify protect detect respond recover lifecycle. Required measures include least privilege access and two factor authentication, encrypted logging and data, baseline hardening, network security devices, VAPT including annual penetration testing and pre commissioning testing, continuous monitoring and alerting, incident forensic analysis and drills, quarterly reporting of cyber incidents to SEBI, and annual independent audits with Board comments. en-us Tue, 15 Oct 2019 00:00:00 +0530 Wed, 11 Feb 2026 15:58:35 +0530 TaxTMI RSS Generator https://www.taxtmi.com/circulars?id=62816 KRAs must implement a Board approved Cyber Security and Cyber Resilience policy by January 1, 2020, appoint a CISO, form a Technology Committee for quarterly reviews, and follow an identify protect detect respond recover lifecycle. Required measures include least privilege access and two factor authentication, encrypted logging and data, baseline hardening, network security devices, VAPT including annual penetration testing and pre commissioning testing, continuous monitoring and alerting, incident forensic analysis and drills, quarterly reporting of cyber incidents to SEBI, and annual independent audits with Board comments. Circulars SEBI Tue, 15 Oct 2019 00:00:00 +0530 https://www.taxtmi.com/circulars?id=62816