Capital markets regulator Securities and Exchange Board of India (SEBI) has informed on Thursday, April 4, that it has successfully obtained the ISO/IEC 27001:2022 certification for its information security management systems.

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

As per a statement issued by SEBI, it has attained the certification for its — 

(1) Information Security Management System at the Primary Data Centre,

(2) Security Operations Control (SOC) and Network Operations Control (NOC) Operations, and;

(3) Information Security Management System at the Disaster Recovery site.

Sebi stated that as part of its "continuous commitment to set benchmarks for cyber security standards in the Indian Securities Market, it was decided to obtain ISO/IEC 27001:2022 certification by ensuring that Sebi’s information technology systems meet the standards of a comprehensive evaluation and audit process undertaken by the certification body accredited by NABCB."

And that the certification underscores its commitment to continuous improvement and enhancement of its systems and controls to achieve Confidentiality, Integrity, and Availability (CIA) of data and operations.

The markets regulator said in the statement that the certification was secured after rigorous evaluation by the certification body under accreditation of National Accreditation Board for Certification Bodies (NABCB) - which is a member of International Accreditation Forum (IAF).

What are ISO/IEC certifications? 

International Organisation for Standardisation - ISO / International Electrotechnical Commission- IEC 27001:2002 is an internationally recognized standard for ISMS that enables organizations to identify, prevent, and defend potential security vulnerabilities. 

ISO says on its website [www.iso.org/standard/27001] that ISO/IEC 27001 “promotes a holistic approach to information security: vetting people, policies and technology. An information security management system implemented according to this standard is a tool for risk management, cyber-resilience and operational excellence”.