SEBI Master Direction On investor protection, market integrity, and compliance

SEBI Master Direction On investor protection, market integrity, and compliance

The Securities and Exchange Board of India (SEBI) released the "Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities (REs)" on August 20, 2024.


This framework isdesigned to promote investor protection, maintain market integrity, and ensure adherence by enhancing the cybersecurity stance of SEBI-regulatedentities.

Key Highlights

Key Highlights

Scope and Applicability

Scope and Applicability

Scope and Applicability

The CSCRF applies to all SEBI-regulated entities such as stock exchanges, depositories, mutual funds, and other intermediaries. It requires these entities to frame strong cybersecurity and cyber resilience policies to protect their information assets and ensure the integrity of the securities market.

The CSCRF applies to all SEBI-regulated entities such as stock exchanges, depositories, mutual funds, and other intermediaries. It requires these entities to frame strong cybersecurity and cyber resilience policies to protect their information assets and ensure the integrity of the securities market.

The CSCRF applies to all SEBI-regulated entities such as stock exchanges, depositories, mutual funds, and other intermediaries. It requires these entities to frame strong cybersecurity and cyber resilience policies to protect their information assets and ensure the integrity of the securities market.

Governance and Oversight

Organizations must develop an overall cybersecurity policy endorsed by their Board of Directors or other governing body. The policy should define the model for identifying, evaluating, and managing cybersecurity risk.

Organizations must develop an overall cybersecurity policy endorsed by their Board of Directors or other governing body. The policy should define the model for identifying, evaluating, and managing cybersecurity risk.

Organizations must develop an overall cybersecurity policy endorsed by their Board of Directors or other governing body. The policy should define the model for identifying, evaluating, and managing cybersecurity risk.

Minimum Security Measures

Minimum Security Measures

The instructions instruct for minimum security measures and promote compliance with the new standards for safety and security for payment systems.

The instructions instruct for minimum security measures and promote compliance with the new standards for safety and security for payment systems.

The instructions instruct for minimum security measures and promote compliance with the new standards for safety and security for payment systems.

Monitoring and Detection

Monitoring and Detection

There must be continuous monitoring mechanisms to detect anomalies and likely cybersecurity incidents early. This is done by putting in place SIEM systems and other monitoring equipment.

There must be continuous monitoring mechanisms to detect anomalies and likely cybersecurity incidents early. This is done by putting in place SIEM systems and other monitoring equipment.

There must be continuous monitoring mechanisms to detect anomalies and likely cybersecurity incidents early. This is done by putting in place SIEM systems and other monitoring equipment.

Incident Response

Incident Response

Incident response plan clearly defining procedures to handle cybersecurity incidents is a necessity. Organizations must report serious incidents to SEBI within defined timelines.

Incident response plan clearly defining procedures to handle cybersecurity incidents is a necessity. Organizations must report serious incidents to SEBI within defined timelines.

Incident response plan clearly defining procedures to handle cybersecurity incidents is a necessity. Organizations must report serious incidents to SEBI within defined timelines.

Training and Awareness

Training and Awareness

There should be regular training sessions to raise employee awareness regarding cybersecurity threats and best practices. This helps ensure that employees are capable of identifying and addressing potential security threats.

There should be regular training sessions to raise employee awareness regarding cybersecurity threats and best practices. This helps ensure that employees are capable of identifying and addressing potential security threats.

There should be regular training sessions to raise employee awareness regarding cybersecurity threats and best practices. This helps ensure that employees are capable of identifying and addressing potential security threats.

Third-Party Risk Management

Third-Party Risk Management

Organizations need to evaluate and manage cybersecurity risks emanating from their relationships with third-party service providers. This involves ensuring vendors meet proper cybersecurity standards.

Organizations need to evaluate and manage cybersecurity risks emanating from their relationships with third-party service providers. This involves ensuring vendors meet proper cybersecurity standards.

Organizations need to evaluate and manage cybersecurity risks emanating from their relationships with third-party service providers. This involves ensuring vendors meet proper cybersecurity standards.

Through the implementation of the CSCRF, SEBI seeks to enhance the cybersecurity framework of regulated entities and thus safeguard investors and ensure faith in the financial markets.

Through the implementation of the CSCRF, SEBI seeks to enhance the cybersecurity framework of regulated entities and thus safeguard investors and ensure faith in the financial markets.

Through the implementation of the CSCRF, SEBI seeks to enhance the cybersecurity framework of regulated entities and thus safeguard investors and ensure faith in the financial markets.

Mandatory regulated entities under SEBI’s Compliance Mandate

Mandatory regulated entities under SEBI’s Compliance Mandate

Mandatory regulated entities under SEBI’s Compliance Mandate

  • Stock Exchanges

  • Depositories

  • KRAs

  • QRTAs

  • Clearing Corporations

  • AIFs

  • DPs

  • Research Analysts

  • Merchant Bankers

  • Mutual Funds/AMCs

  • Venture Capital Funds

To get a detailed understanding, please signup and connect with our escrow expert.

To get a detailed understanding, please signup and connect with our escrow expert.

To get a detailed understanding, please signup and connect with our escrow expert.

Lowest Price Guaranteed

CastlerCode is a groundbreaking cloud-native software escrow solution. It offers seamless integration, automates source code deposits, and grants you secure access from anywhere, anytime. CastlerCode is amongst the world's first cloud-native software escrow solution offering cloud-storage for Software, Source-Code & SaaS in an escrow environment.

Other Business Solutions

Castler Escrow Banking, India's Largest Escrow-as-a-Service Platform, automates the Escrow account management and improves the user experience for managing payments and settlements. By leveraging technology to streamline these transactions, Castler makes the process more efficient, secure and convenient for its users.

Talk to our Experts

Software Escrow

Escrow Solution

Information Escrow

IP Protection

Document Escrow

Trade Secret Escrow

Register Data Escrow

Data Escrow

Intellectual Property Archive

Intellectual Property Audit

Verification Service

L1 Verification

L2 Verification

Copyright @2025 CastlerCode (Ncome Tech Solutions Pvt. Ltd.) All rights reserved. | Made in India 🇮🇳

CastlerCode is a groundbreaking cloud-native software escrow solution. It offers seamless integration, automates source code deposits, and grants you secure access from anywhere, anytime. CastlerCode is amongst the world's first cloud-native software escrow solution offering cloud-storage for Software, Source-Code & SaaS in an escrow environment.

Other Business Solutions

Castler Escrow Banking, India's Largest Escrow-as-a-Service Platform, automates the Escrow account management and improves the user experience for managing payments and settlements. By leveraging technology to streamline these transactions, Castler makes the process more efficient, secure and convenient for its users.

Talk to our Experts

Software Escrow

Escrow Solution

Information Escrow

IP Protection

Document Escrow

Trade Secret Escrow

Register Data Escrow

Data Escrow

Intellectual Property Archive

Intellectual Property Audit

Verification Service

L1 Verification

L2 Verification

Copyright @2025 Castler. All rights reserved.


Made in India 🇮🇳

CastlerCode is a groundbreaking cloud-native software escrow solution. It offers seamless integration, automates source code deposits, and grants you secure access from anywhere, anytime. CastlerCode is amongst the world's first cloud-native software escrow solution offering cloud-storage for Software, Source-Code & SaaS in an escrow environment.

Other Business Solutions

Castler Escrow Banking, India's Largest Escrow-as-a-Service Platform, automates the Escrow account management and improves the user experience for managing payments and settlements. By leveraging technology to streamline these transactions, Castler makes the process more efficient, secure and convenient for its users.

Talk to our Experts

Software Escrow

Escrow Solution

Information Escrow

IP Protection

Document Escrow

Trade Secret Escrow

Register Data Escrow

Data Escrow

Intellectual Property Archive

Intellectual Property Audit

Verification Service

L1 Verification

L2 Verification

Copyright @2025 Castler. All rights reserved. Made in India 🇮🇳