TaxTMI 
TaxTMI 
Modification in Cyber Security and Cyber Resilience Framework of Mutual Funds/ Asset Management Companies (AMCs)
X X X X Extracts X X X X
X X X X Extracts X X X X
....al Funds / Asset Management Companies (AMCs). 2. In partial modification to Annexure 1 of SEBI circular dated January 10, 2019: i. To have uniformity for identifying and classifying critical assets, across the industry, paragraph 11 on section "Identify" of the circular shall be read as under: "11. Mutual Funds/ AMCs shall identify and classify critical assets based on their sensitivity and criticality for business operations, services and data management. The critical assets shall include business critical systems, internet facing applications/ systems, systems that contain sensitive data, sensitive personal data, sensitive financial data, Personally Identifiable Information (PII) data, etc. All the ancillary systems used for accessin....
X X X X Extracts X X X X
X X X X Extracts X X X X
.... Centre (NCIIPC) under the Information Technology (IT) Act, 2000, VAPT shall be conducted at least twice in a financial year. Further, all Mutual Funds/ AMCs shall engage only Indian Computer Emergency Response Team (CERT-In) empanelled organizations for conducting VAPT. The final report on said VAPT shall be submitted to SEBI after approval from Technology Committee of respective Mutual Funds/ AMCs, within 1 month of completion of VAPT activity. 41. Any gaps or vulnerabilities detected shall be remedied on immediate basis and compliance of closure of findings identified during VAPT shall be submitted to SEBI within 3 months post the submission of final VAPT report. 42. In addition, Mutual Funds/ AMCs shall perform vulnerability scann....