Sebi proposes framework for regulated entities to address risks associated with cloud-based solutions
时间:2024-06-29 02:59:20 阅读(143)
Capital markets regulator Sebi has proposed a cloud framework for its regulated entities, highlighting key risks and control measures such entities need to consider before adopting cloud-based solutions.
The proposed framework outlines the regulatory and legal expectations from Sebi-regulated entities (REs) if they adopt cloud computing solutions.
“While cloud solutions offer multiple advantages — ready to scale, ease of deployment, no overhead of maintaining physical infrastructure among others — an RE should also be aware of the new cyber security risks and challenges which cloud solutions introduce,” the regulator said in its consultation paper.
Accordingly, a cloud framework has been drafted to address the risks effectively and ensure legal and regulatory compliance. The Securities and Exchange Board of India (Sebi) has sought comments on the proposal till November 14.
Also Read: Bombay Dyeing in SAT against Sebi
Under the proposal, Sebi said there are no limitations on using any cloud deployment model. An RE may adopt cloud computing depending on their business and technology risk assessment.
Although IT services can be outsourced to a cloud- based solution, an RE would be solely accountable for all aspects related to cloud services including confidentiality, security of its data and logs, and ensuring compliance with rules.
Accordingly, the RE would be held accountable for any violation of the same, the consultation paper noted.
“The cloud services should be taken only from the MeitY (Ministry of Electronics and Information Technology) empanelled cloud service provider’s (CSP’s) data centres,” Sebi said.
There should be a demarcation of responsibilities with respect to all activities — technical, managerial, governance related — of cloud services between the RE and CSP. The same should be a part of the agreement between the RE and the CSP.
As part of system audit conducted by the RE, the auditor should verify whether there is a clear demarcation of roles and responsibilities for each function between the RE and the CSP.
“Data shall be encrypted at any lifecycle stage, source or location to ensure confidentiality, privacy and integrity. RE shall retain complete ownership of its data and associated data, encryption keys, logs etc. residing in the cloud,” it added.
The proposed cloud framework has suggested nine high-level principles — Governance, Risk and Compliance (GRC); data localization; data ownership and process visibility; access, risk assessment and due-diligence on CSPs; security controls; legal and regulatory obligations; Business Continuity Planning (BCP), Disaster Recovery & Cyber Resilience ; and vendor lock-in.
The consultation paper is based on a lengthy and exhaustive study, survey, and consultations with market participants, brokers, regulators, cloud associations, cloud service providers, government agencies, and Sebi’s Steering Committee.
上一篇:Morocco Earthquake- Buildings razed to rubble, powerful quake wipes out village – See pictures
下一篇:Windfall tax cut on crude oil; levy on diesel, ATF export hiked in eighth fortnightly review
猜你喜欢
- Wipro share buyback- Board to mull 5th buyback in 7 years, to announce on 27 April along with Q4FY23 results
- Nifty fresh rally possible above 17620, market texture volatile; Buy HDFC Bank, SBI Life, charts show strength
- MSMEs secured Rs 23
- Zephyr Peacock plans 7-9 investments from $100-million third fund in next 2 years
- Need good quality cotton seeds to boost productivity- Piyush Goyal
- Worried over future contracts, farmers hold on to soyabean stocks, seek better prices
- ZEE shares gain 2% despite posting Q4 loss; should you buy, sell or hold Zee Entertainment Enterprises stock-
- Zomato, PNB, KPI Green Energy, TVS Motor, TCS, Apollo Hospitals, Wipro stocks in focus on F&O expiry
- Nifty breakout band appears to be 17800-18270; Bank Nifty downside marker placed near 42200 level