CIRCULAR, CIR/MRD/DMS/ 03 /2014, dated 21.01.2014
(Information Technology) IT Governance for
Depositories
1. SEBI constituted the Depository System
Review Committee (DSRC) to undertake a comprehensive review of the Indian
depository system. Based on the recommendations of DSRC, following guidelines
are issued to strengthen the Information Technology (IT) governance framework
of depositories.
2. Depositories shall formulate an IT
strategy committee at the Board level of depository to provide insight
and advice to the Board in various areas that may include:
a. Developments in
IT from a business perspective.
b. The alignment
of IT with the business direction.
c. The
availability of IT resources to meet strategic objectives.
d. Competitive
aspects of IT Investments.
e. Alignment of
the IT architecture to the organization needs and its approval.
f. Setting
priorities and milestones.
3. Depositories shall formulate an
executive level IT Steering Committee to assist the IT Strategy
Committee in Implementation of IT strategy. The IT steering committee shall
comprise of representatives from IT, Human Resources (HR), Legal and various
business functions as felt appropriate.
4. The Depositories shall formulate an IT
strategy document and an Information Security policy which should be approved
by the Board and reviewed annually.
5. The Depositories shall create an Office
of Information Security and designate a senior official as Chief Information
Security Officer (CISO) whose work would be to assess, identify and reduce
information technology (IT) risks, respond to incidents, establish appropriate
standards and controls, and direct the establishment and implementation of
policies and procedures.
6. SEBI has laid down Guidelines for
Business Continuity Plan (BCP) and Disaster Recovery (DR) for stock exchange
and depositories vide circular CIR/MRD/DMS/12/2012 dated April 13, 2012 and
CIR/MRD/DMS//17/2012 dated June 22, 2012. In Addition to the requirements of
the aforementioned circulars, depositories shall designate a senior official as
the head of BCP function.
7. Depositories are directed to:
a. Take necessary
step and put in place necessary systems for implementation of the above.
b. Make necessary
amendments to the relevant bye-laws, rules and regulations for the
implementations of the above decisions, wherever applicable.
8. This circular is being issued in
exercise of powers conferred under Section 11 (1) of the Securities and
Exchange Board of India Act, 1992 read with Sections 19 of the Depositories
Act,1996 to protect the interested of investors in securities and to promote
the development of, and to regulate the Securities market.
.
.
.
0 comments:
Post a Comment