Sebi plans to rope in agency to conduct risk assessment of IT infra

By: |
December 22, 2020 5:20 PM

The risk assessment needs to include identification of foreseeable threats, assessment of the likelihood and potential damage of these threats, and the sufficiency of controls to mitigate risks.

In addition, design specification document need to be prepared for all the selected processes for automation, it added.In addition, design specification document need to be prepared for all the selected processes for automation, it added.

Capital markets regulator Sebi is looking to rope in an agency for performing in-depth risk assessment of its information technology (IT) infrastructure.

The risk assessment needs to include identification of foreseeable threats, assessment of the likelihood and potential damage of these threats, and the sufficiency of controls to mitigate risks.

In a notice last week, the regulator has invited expression of interest (EoI) from solution providers to conduct risk assessment of IT infrastructure, prepare policy documents, standard operating procedures (SOPs), documentation of procedures and processes and other IT documents.

In addition, design specification document need to be prepared for all the selected processes for automation, it added.

“Bidder is supposed to conduct risk assessment of IT infrastructure deployment at Sebi annually, calculate risk score accordingly, review controls and its impact on policies and SOPs and changes required in the reviewed policies and SOPs,” the regulator said.

Sebi noted that IT risk assessment helps to determine the vulnerabilities in information systems and the broader IT environment, assess the likelihood that a risky event will occur, and rank risks based on the risk estimate combined with the level of impact that it would cause if it occurs.

It will also help in identifying controls and measures required to be included in IT policies and SOP, it added.

The concept of risk is a key consideration in policy making and a well written organisation level IT policy, procedure and manual reduces operating costs and improves performance by enhancing consistency and establishing clear criteria for computer, network, hardware, software, information security, and IT vendor management.

Establishing consistent IT SOP best practices and operational methods are an important component in safeguarding information systems, IT assets, and IT investment, Sebi noted.

The agencies are required to submit their applications with the the regulator till January 8, the Securities and Exchange Board of India (Sebi) said.

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1BofA Securities expects Nifty to touch 15K by CY2021-end
2Global rally pushes mkts to fresh records; auto, IT shine
3Government to get Rs 1,544 crore from IRFC IPO