+91 22 1234 5678 info@mehtacs.com
ICSI Registered | Est. 1990
SEBI Updates

SEBI Update- Framework for Adoption of Cloud Services by SEBI Regulated Entities (REs)- 6th March, 2023

SEBI Updates
SEBI Update 10 March 2023

SEBI Update- Framework for Adoption of Cloud Services by SEBI Regulated Entities (REs)- 6th March, 2023


SEBI vide its Circular dated 6 th March, 2023 unveiled a framework for the adoption of cloud services.

Background:

Cloud computing is becoming increasingly popular for delivering IT services, thanks to its scalability, ease of deployment, and lower maintenance costs. However, it also introduces new cyber security risks and challenges that businesses need to be aware of. To help regulated entities(REs) navigate these risks, SEBI vide circular no. SEBI/HO/ITD/ITD_VAPT/P/CIR/2023/033, dated March 6, 2023 has introduced a cloud framework that sets baseline standards for security and regulatory compliances. This framework is a crucial addition to SEBI's existing guidelines on cloud computing and is designed to help REs implement secure and compliant cloud adoption practices.

Objective:

The main objective of the framework for adoption of cloud services by SEBI regulated entities (REs) is to identify and address the critical risks associated with cloud computing and to establish mandatory control measures that REs must implement before adopting cloud services. By following the guidelines outlined in the framework, REs can establish a robust risk management approach for cloud adoption, which includes assessing risks, implementing appropriate controls, monitoring compliance, and ensuring regulatory compliance.

Transition Period:

The transition Period for Regulated Entities is as follows:

For the REs which are not utilizing any cloud services currently, the framework shall be applicable/ come into force from the date of issuance.

For REs currently utilizing cloud services, SEBI has allowed a grace period of up to 12 months to comply with the framework, during which they must provide milestone-based updates to demonstrate their progress towards full compliance. Additionally, such REs shall provide regular milestone-based updates as follows:

Sr No. Timeline Milestone 1. Within one (1) month of issuance of framework REs shall provide details of the cloud services, if any, currently deployed by them. 2. Within three (3) months of issuance of framework The REs shall submit a roadmap (including details of major activities, timelines, etc.) for the implementation of the framework. 3. From three (3) to twelve (12) months of issuance of framework Quarterly progress report as per the roadmap submitted by the RE. 4. After twelve (12) months of issuance of framework Compliance with respect
Back to SEBI Updates