SEBI Master Direction On investor protection, market integrity, and compliance
SEBI Master Direction On investor protection, market integrity, and compliance
The Securities and Exchange Board of India (SEBI) released the "Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities (REs)" on August 20, 2024.
This framework isdesigned to promote investor protection, maintain market integrity, and ensure adherence by enhancing the cybersecurity stance of SEBI-regulatedentities.
Key Highlights
Key Highlights
Scope and Applicability
Scope and Applicability
Scope and Applicability
The CSCRF applies to all SEBI-regulated entities such as stock exchanges, depositories, mutual funds, and other intermediaries. It requires these entities to frame strong cybersecurity and cyber resilience policies to protect their information assets and ensure the integrity of the securities market.
The CSCRF applies to all SEBI-regulated entities such as stock exchanges, depositories, mutual funds, and other intermediaries. It requires these entities to frame strong cybersecurity and cyber resilience policies to protect their information assets and ensure the integrity of the securities market.
The CSCRF applies to all SEBI-regulated entities such as stock exchanges, depositories, mutual funds, and other intermediaries. It requires these entities to frame strong cybersecurity and cyber resilience policies to protect their information assets and ensure the integrity of the securities market.
Governance and Oversight
Organizations must develop an overall cybersecurity policy endorsed by their Board of Directors or other governing body. The policy should define the model for identifying, evaluating, and managing cybersecurity risk.
Organizations must develop an overall cybersecurity policy endorsed by their Board of Directors or other governing body. The policy should define the model for identifying, evaluating, and managing cybersecurity risk.
Organizations must develop an overall cybersecurity policy endorsed by their Board of Directors or other governing body. The policy should define the model for identifying, evaluating, and managing cybersecurity risk.
Minimum Security Measures
Minimum Security Measures
The instructions instruct for minimum security measures and promote compliance with the new standards for safety and security for payment systems.
The instructions instruct for minimum security measures and promote compliance with the new standards for safety and security for payment systems.
The instructions instruct for minimum security measures and promote compliance with the new standards for safety and security for payment systems.
Monitoring and Detection
Monitoring and Detection
There must be continuous monitoring mechanisms to detect anomalies and likely cybersecurity incidents early. This is done by putting in place SIEM systems and other monitoring equipment.
There must be continuous monitoring mechanisms to detect anomalies and likely cybersecurity incidents early. This is done by putting in place SIEM systems and other monitoring equipment.
There must be continuous monitoring mechanisms to detect anomalies and likely cybersecurity incidents early. This is done by putting in place SIEM systems and other monitoring equipment.
Incident Response
Incident Response
Incident response plan clearly defining procedures to handle cybersecurity incidents is a necessity. Organizations must report serious incidents to SEBI within defined timelines.
Incident response plan clearly defining procedures to handle cybersecurity incidents is a necessity. Organizations must report serious incidents to SEBI within defined timelines.
Incident response plan clearly defining procedures to handle cybersecurity incidents is a necessity. Organizations must report serious incidents to SEBI within defined timelines.
Training and Awareness
Training and Awareness
There should be regular training sessions to raise employee awareness regarding cybersecurity threats and best practices. This helps ensure that employees are capable of identifying and addressing potential security threats.
There should be regular training sessions to raise employee awareness regarding cybersecurity threats and best practices. This helps ensure that employees are capable of identifying and addressing potential security threats.
There should be regular training sessions to raise employee awareness regarding cybersecurity threats and best practices. This helps ensure that employees are capable of identifying and addressing potential security threats.
Third-Party Risk Management
Third-Party Risk Management
Organizations need to evaluate and manage cybersecurity risks emanating from their relationships with third-party service providers. This involves ensuring vendors meet proper cybersecurity standards.
Organizations need to evaluate and manage cybersecurity risks emanating from their relationships with third-party service providers. This involves ensuring vendors meet proper cybersecurity standards.
Organizations need to evaluate and manage cybersecurity risks emanating from their relationships with third-party service providers. This involves ensuring vendors meet proper cybersecurity standards.
Through the implementation of the CSCRF, SEBI seeks to enhance the cybersecurity framework of regulated entities and thus safeguard investors and ensure faith in the financial markets.
Through the implementation of the CSCRF, SEBI seeks to enhance the cybersecurity framework of regulated entities and thus safeguard investors and ensure faith in the financial markets.
Through the implementation of the CSCRF, SEBI seeks to enhance the cybersecurity framework of regulated entities and thus safeguard investors and ensure faith in the financial markets.
Mandatory regulated entities under SEBI’s Compliance Mandate
Mandatory regulated entities under SEBI’s Compliance Mandate
Mandatory regulated entities under SEBI’s Compliance Mandate
Stock Exchanges
Depositories
KRAs
QRTAs
Clearing Corporations
AIFs
DPs
Research Analysts
Merchant Bankers
Mutual Funds/AMCs
Venture Capital Funds
To get a detailed understanding, please signup and connect with our escrow expert.
To get a detailed understanding, please signup and connect with our escrow expert.
To get a detailed understanding, please signup and connect with our escrow expert.

CastlerCode is a groundbreaking cloud-native software escrow solution. It offers seamless integration, automates source code deposits, and grants you secure access from anywhere, anytime. CastlerCode is amongst the world's first cloud-native software escrow solution offering cloud-storage for Software, Source-Code & SaaS in an escrow environment.
Other Business Solutions
Castler Escrow Banking, India's Largest Escrow-as-a-Service Platform, automates the Escrow account management and improves the user experience for managing payments and settlements. By leveraging technology to streamline these transactions, Castler makes the process more efficient, secure and convenient for its users.
Talk to our Experts
Software Escrow
Escrow Solution
Information Escrow
IP Protection
Document Escrow
Trade Secret Escrow
Register Data Escrow
Data Escrow
Intellectual Property Archive
Intellectual Property Audit
Verification Service
L1 Verification
L2 Verification
Copyright @2025 CastlerCode (Ncome Tech Solutions Pvt. Ltd.) All rights reserved. | Made in India 🇮🇳

CastlerCode is a groundbreaking cloud-native software escrow solution. It offers seamless integration, automates source code deposits, and grants you secure access from anywhere, anytime. CastlerCode is amongst the world's first cloud-native software escrow solution offering cloud-storage for Software, Source-Code & SaaS in an escrow environment.
Other Business Solutions
Castler Escrow Banking, India's Largest Escrow-as-a-Service Platform, automates the Escrow account management and improves the user experience for managing payments and settlements. By leveraging technology to streamline these transactions, Castler makes the process more efficient, secure and convenient for its users.
Talk to our Experts
Software Escrow
Escrow Solution
Information Escrow
IP Protection
Document Escrow
Trade Secret Escrow
Register Data Escrow
Data Escrow
Intellectual Property Archive
Intellectual Property Audit
Verification Service
L1 Verification
L2 Verification
Copyright @2025 Castler. All rights reserved.
Made in India 🇮🇳

CastlerCode is a groundbreaking cloud-native software escrow solution. It offers seamless integration, automates source code deposits, and grants you secure access from anywhere, anytime. CastlerCode is amongst the world's first cloud-native software escrow solution offering cloud-storage for Software, Source-Code & SaaS in an escrow environment.
Other Business Solutions
Castler Escrow Banking, India's Largest Escrow-as-a-Service Platform, automates the Escrow account management and improves the user experience for managing payments and settlements. By leveraging technology to streamline these transactions, Castler makes the process more efficient, secure and convenient for its users.
Talk to our Experts
Software Escrow
Escrow Solution
Information Escrow
IP Protection
Document Escrow
Trade Secret Escrow
Register Data Escrow
Data Escrow
Intellectual Property Archive
Intellectual Property Audit
Verification Service
L1 Verification
L2 Verification
Copyright @2025 Castler. All rights reserved. Made in India 🇮🇳