SEBI Cybersecurity Checklist

SEBI's Cybersecurity and Cyber Resilience Framework mandates specific security controls for stockbrokers, depository participants, and other capital market intermediaries. This checklist helps you assess your compliance posture.

SEBI's Cybersecurity and Cyber Resilience Framework (CSCRF) 2023 is applicable to all SEBI-regulated entities including stockbrokers, mutual funds, portfolio managers, investment advisers, and depositories. The framework introduces a risk-based approach with mandatory controls categorised by entity type and size. All regulated entities are required to achieve compliance by specified deadlines and submit annual audit reports. This checklist covers all requirements across both Annexure I and Annexure II of the framework, mapped to practical implementation steps — helping your compliance team prepare for audits and demonstrate readiness to SEBI.

What's inside:

• Complete SEBI cybersecurity framework requirements mapping
• Annex 1 and Annex 2 compliance checklists
• Incident reporting requirements and templates
• Vendor risk assessment for critical third parties
• Business continuity planning requirements
• Annual audit preparation checklist