12/29/2023 | Press release | Distributed by Public on 12/29/2023 06:13
Notice No. | 20231229-23 | Notice Date | 29 Dec 2023 | |||
Category | Others | Segment | General | |||
Subject | Quarterly incident reporting for the period ended on December 31, 2023, through BEFS only (BSE Electronic Filling System) | |||||
Attachments | Member User Manual for Cyber Incident Reporting (CIR).pdf ; | |||||
Content |
This is with reference to SEBI circular No. SEBI/HO/MIRSD/CIR/PB/2018/147; dated December 03, 2018, and SEBI/HO/MIRSD/DOP/CIR/P/2019/109 dated October 15, 2019 and Exchange notice no. 20190716-9 dated 16 July 2019 , wherein members were informed to submit the Quarterly Cyber Security Incident reporting through BSE E-Filing System "BEFS" only, within 15 days from end of the quarter.
<_o3a_p>
A. Quarterly Incident Reporting: -<_o3a_p>
Members are requested to submit digitally signed quarterly report on cyber alert / attacks for the quarter ending December 2023 through BSE E-Filing System "BEFS" only. Please note that the timeline for submission of the report shall be 15 days from the end of the quarter.<_o3a_p>
Web-Link of the Quarterly Incident Reporting system is given below:<_o3a_p>
https://befs.bseindia.com -> Cyber Incident Report -> Quarterly Incident Reporting<_o3a_p>
Further please note that submission process will be completed when acknowledgement mail is received.<_o3a_p>
B. Immediate Incident Reporting: -<_o3a_p>
Members may please note that Immediate Incident Reporting to be done only if applicable as per Exchange notice no. 20220712-1 dated July 12, 2022, details of which are reproduced as below:<_o3a_p>
"Designated Officer on receipt of any information with respect to all Cyber-attacks, threats, cyber-incidents and breaches experienced as prescribed in the said SEBI Circular SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018, and SEBI/HO/MIRSD/TPD/P/CIR/2022/93 dated June 30, 2022, shall inform the Exchange within 6 hours of receipt of such information".<_o3a_p>
Web-Link of the Immediate Incident Reporting system is given below:<_o3a_p>
https://befs.bseindia.com -> Cyber Incident Report> Immediate Incident Reporting<_o3a_p>
User manual for the reference has been attached. <_o3a_p>
In case of non-compliances observed, disincentives including financial disincentives and disciplinary action are applicable and can be referred to as per the Exchange Notice no 20230704-27 on 4th July 2023; summary details of which are listed in Table 1 below.<_o3a_p>
<_o3a_p>
Table 1: Late-Submission and Related Actions<_o3a_p> |
||
Details of Violation/contravention<_o3a_p> |
Penalty/disciplinary actions<_o3a_p> |
Penalty/disciplinary action in case of Repeat violation/contravention<_o3a_p> |
Non-submission of Cyber Incident reporting (Quarterly Submission) within the time specified by the Exchange<_o3a_p> |
1. For 1st week after due date, Charges of Rs. 2,500/- per day <_o3a_p> <_o3a_p> 2. Charges of Rs. 5000/- per day from second week after due date <_o3a_p> <_o3a_p> 3. In case of non-submission within three weeks from the due date of submission, new client registration to be prohibited and notice of 7 days for disablement of trading facility till submission of data/report. The disablement notice issued to the member shall be shared with all the Exchanges for information. <_o3a_p> <_o3a_p> 4. In case of non-submission within four weeks from the due date of submission, Member shall be disabled in all segments till submission of data/report<_o3a_p> |
In case of a repeat instance by the Member, levy of applicable monetary penalty along with an escalation of 50%. <_o3a_p> <_o3a_p> In case of non-submission within three weeks from the due date of submission, new client registration to be prohibited and notice of 7 days for disablement of trading facility till submission of data/report. The disablement notice issued to the member shall be shared with all the Exchanges for information. <_o3a_p> <_o3a_p> In case of non-submission within Four weeks from the due date of submission, Member shall be disabled in all segments till submission of data/report.<_o3a_p> |
<_o3a_p> Non-submission of Cyber Incident reporting (Immediate Submission) within the time (within 24 hours) specified by the Exchange.<_o3a_p> |
<_o3a_p> If the incident not reported within 24 hours. Rs. 20,000/- per day till the incident is reported subject to a maximum of Rs.2 lakhs per incident.<_o3a_p> |
<_o3a_p> In case of a repeat instance by the Member, levy of applicable monetary penalty along with an escalation of 50%.<_o3a_p> <_o3a_p> |
<_o3a_p>
Members are requested to take note of the above and ensure compliance.<_o3a_p>
<_o3a_p>
In case of any queries/clarifications, you may reach us on the following contact details.<_o3a_p>
Email ID: - msc(dot)qcir(at)bseindia(dot)com<_o3a_p>
<_o3a_p>
For and on behalf of BSE Ltd<_o3a_p>
<_o3a_p>
<_o3a_p>
Shri. Balaji Venketeshwar<_o3a_p> |
Shri. Devendra Kulkarni<_o3a_p> |
Chief Information Security Officer<_o3a_p> |
Additional General Manager<_o3a_p> |
<_o3a_p>