Sebi plans to implement governance structure to ensure ongoing compliance
New Delhi: Markets regulator Sebi is looking to prepare and implement a governance structure, which is custom-made to suit to the needs of business, and advising its "staff of their obligations to ensure ongoing compliance".
The regulator plans to prepare policy documents, standard operating procedures (SOPs) and other IT documents through consultations as Sebi has certain policy documents in place which might require variations as per the best industry standards and practices.
Accordingly, the markets watchdog has invited expressions of interest (EoI) from agencies for consultation for information technology (IT) policy preparation, risk assessment and SOP documentation at Sebi.
"Sebi expects to prepare and implement a suitable governance structure i.e. comprehensive policy and procedure documents that are custom-made to suit to the needs of the business and advising staff of their obligations to ensure ongoing compliance," the markets regulator said in a notice.
Sebi is of the view that a well-written organisation-level IT policies, procedures and manuals reduce operating costs and improve performance by enhancing consistency and establishing clear criteria for computer, network, hardware, software, information security, and IT vendor management.
It, further, said establishing a consistent IT SOP best practices and operational methods are an important component in safeguarding information systems, IT assets as well as IT investments.
The agency is required to form in-depth risk assessment for IT infrastructure deployment. The risk assessment needs to include identification of foreseeable threats, assessment of the likelihood and potential damage of these threats, and the sufficiency of controls to mitigate risks.
The agency needs to conduct risk assessment of IT infrastructure deployment at Sebi annually, calculate risk score accordingly, review controls and its impact on
policies and SOPs and changes required in the reviewed policies and SOPs. After completion of risk assessment, the agency is expected to review all the existing policies and SOPs.
