Driven by excellence, focused on strategies for the longer term.

This is the crux of who we are. It is an articulation of precision in purpose, from the Firm’s beginnings to where we are today. Our collective eye is unerringly trained on tomorrow.

Deep sectoral expertise across services and industries.

Our insistence on strategic advisory exacts an in-depth understanding of and involvement with our clients’ businesses and industries. We engage not just individual businesses, but also contribute to the country’s legal and regulatory frameworks.

Personal commitment supported by experience and grit.

We commit early. We pull together internally for greater support. Every effort is sincere, every individual deeply dedicated to their task, their role, to the Firm.

Our undertakings for long-term impact are an organic extension of our purpose.

They are to employ our deep knowledge of the law beyond the business, the transaction, the deal. To use the opportunities and skills we possess, to reflect on the culture we’re creating. Individually and collectively, these are our efforts to help shape the thinking of our future generations, and arm them with strategies for true, sustainable growth.

Knowledge-sharing is intrinsic to equity and inclusivity.

This is a repository of thought leadership, deep insights and strong viewpoints, legal and other news and events and how they impact the industry and our clients.

Relevance is critical to growth. It necessitates a firm that is dynamic and responsive.

Amplifying intrinsic talent, sharpening skills, expanding knowledge, is vital to leading. It defines every aspect of how our firm functions and transacts. This is how we create new benchmarks and set industry standards.

  • Connect
Mar 31, 2023

SEBI Circular on Cybersecurity Practices

On February 23, 2023, SEBI released the Advisory for SEBI Regulated Entities (‘REs’) regarding Cybersecurity best practices (‘Circular’), in light of the increasing cybersecurity threats to the securities market and financial institutions.

The Circular lists recommendations by the Financial Computer Security Incident Response Team (‘CSIRT-Fin’) to be implemented by REs and compliance is to be reported along with their cybersecurity audit report as per the applicable SEBI Cybersecurity and Cyber Resilience framework.  The requirements set out in the Circular are as follows:

i.     Defined roles: Roles and responsibilities of the Chief Information Security Officer or Designated Officer and other senior personnel are to be clearly specified in the security policy of the RE;

ii.    Patch Management, Vulnerability Assessment and Penetration Testing (‘VAPT’): To be ensured by updating operating systems and applications with the latest patches, setting up virtual patching, conducting regular security audits and VAPT and reporting any gaps;

iii.   Log retention: Implementation of a strong log retention policy as per applicable regulations with log collection audits, monitoring log events and identifying unusual patterns;

iv.   Password policy / Authentication Mechanism: Conducting reviews of obsolete accounts, enabling multi-factor authentication.;

v.    Privilege Management: Implementing Maker-Checker framework and zero trust models with identity verification;

vi.    Cybersecurity controls: Including but not limited to deploying web/email filters on the network, scanning email content;

vii.   Outsourced Agencies: Analysing concentration risk when outsourcing several critical services to the same vendor; and

viii. Audit and ISO certification: SEBI instructions on external audits of REs by independent auditors empaneled with CERT-In to be complied with and ISO certification to be obtained and audit process due diligence to be conducted.

Additional requirements include taking measures to avoid phishing and data protection breach, strengthening cloud service security and implementation of advisories by CSIRT-Fin/CERT.

TAGS

SHARE

Subscribe

DISCLAIMER

These are the views and opinions of the author(s) and do not necessarily reflect the views of the Firm. This article is intended for general information only and does not constitute legal or other advice and you acknowledge that there is no relationship (implied, legal or fiduciary) between you and the author/AZB. AZB does not claim that the article's content or information is accurate, correct or complete, and disclaims all liability for any loss or damage caused through error or omission.

RELATED READING

Inter Alia

Amendments to Disclosure and Compliance Requirements with respect to Listed Non-Convertible Debt Securities

Oct 30, 2024 | Regulatory & Securities
Inter Alia

Supreme Court Clarifies Relevant Date for Determining Conversion Rate of Foreign Arbitral Award Expressed in Foreign Currency

Oct 30, 2024 | Dispute Resolution
Inter Alia

Bombay High Court Strikes Down Goa Government’s Circular on Use of Sound Recordings During Weddings

Oct 30, 2024 | Intellectual Property