Sigmify GRC helps you comply with the guidelines prescribed by the regulatory authorities.
SEBI
The Securities and Exchange Board of India’s (SEBI) Cybersecurity and Cyber Resilience Framework (CSCRF) outlines guidelines for SEBI-regulated entities (REs) to improve their cybersecurity.
The CSCRF aims to make sure that REs have strong defences against cyber threats.
Some of the high-level requirements in CSCRF are:
- Cybersecurity policy: REs must have a cybersecurity policy that’s approved by top management.
- Risk management: REs must assess risks, identify critical assets, and define acceptable risk levels.
- Data security: REs must encrypt sensitive data in transit and at rest.
- Security Operations Center (SOC): REs must have a SOC to monitor and respond to security incidents.
- Audits: REs must have regular cybersecurity audits by CERT-In empanelled auditors.
- Red teaming: REs should incorporate red teaming exercises into their cybersecurity strategy.
- Incident response: REs should have an Incident Response Management plan and a Cyber Crisis Management Plan (CCMP).
CSCRF applicability
The CSCRF applies to various organizations, including stock brokers, mutual funds, asset management companies, and stock exchanges.
CSCRF goals
The CSCRF is based on five cyber resiliency goals from the Indian Computer Emergency Response Team (CERT-In). These goals are: anticipate, withstand, contain, recover, and evolve.
How can Sigmify GRC help?
Sigmify’s GRC solution has been helping companies manage and fulfill their compliance and reporting requirements.
Sigmify GRC helps in
- defining and managing updations to control libraries and checklists;
- provides an operational platform to perform compliance tasks and record evidence; and
- improves the visibility in the compliance program with insightful dashboards
