Quarterly incident reporting for the period ended on December 31, 2023, through BEFS only (BSE Electronic Filling System)

NOTICES

Notice No.		20231229-23		Notice Date		29 Dec 2023
Category		Others		Segment		General
Subject		Quarterly incident reporting for the period ended on December 31, 2023, through BEFS only (BSE Electronic Filling System)
Attachments		Member User Manual for Cyber Incident Reporting (CIR).pdf ;
Content

This is with reference to SEBI circular No. SEBI/HO/MIRSD/CIR/PB/2018/147; dated December 03, 2018, and SEBI/HO/MIRSD/DOP/CIR/P/2019/109 dated October 15, 2019 and Exchange notice no. 20190716-9 dated 16 July 2019 , wherein members were informed to submit the Quarterly Cyber Security Incident reporting through BSE E-Filing System "BEFS" only, within 15 days from end of the quarter.

<_o3a_p>

A. Quarterly Incident Reporting: -<_o3a_p>

Members are requested to submit digitally signed quarterly report on cyber alert / attacks for the quarter ending December 2023 through BSE E-Filing System "BEFS" only. Please note that the timeline for submission of the report shall be 15 days from the end of the quarter.<_o3a_p>

Web-Link of the Quarterly Incident Reporting system is given below:<_o3a_p>

https://befs.bseindia.com -> Cyber Incident Report -> Quarterly Incident Reporting<_o3a_p>

Further please note that submission process will be completed when acknowledgement mail is received.<_o3a_p>

B. Immediate Incident Reporting: -<_o3a_p>

Members may please note that Immediate Incident Reporting to be done only if applicable as per Exchange notice no. 20220712-1 dated July 12, 2022, details of which are reproduced as below:<_o3a_p>

"Designated Officer on receipt of any information with respect to all Cyber-attacks, threats, cyber-incidents and breaches experienced as prescribed in the said SEBI Circular SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018, and SEBI/HO/MIRSD/TPD/P/CIR/2022/93 dated June 30, 2022, shall inform the Exchange within 6 hours of receipt of such information".<_o3a_p>

Web-Link of the Immediate Incident Reporting system is given below:<_o3a_p>

https://befs.bseindia.com -> Cyber Incident Report> Immediate Incident Reporting<_o3a_p>

User manual for the reference has been attached. <_o3a_p>

In case of non-compliances observed, disincentives including financial disincentives and disciplinary action are applicable and can be referred to as per the Exchange Notice no 20230704-27 on 4th July 2023; summary details of which are listed in Table 1 below.<_o3a_p>

<_o3a_p>

Table 1: Late-Submission and Related Actions<_o3a_p>
Details of Violation/contravention<_o3a_p>	Penalty/disciplinary actions<_o3a_p>	Penalty/disciplinary action in case of Repeat violation/contravention<_o3a_p>
Non-submission of Cyber Incident reporting (Quarterly Submission) within the time specified by the Exchange<_o3a_p>	1. For 1st week after due date, Charges of Rs. 2,500/- per day <_o3a_p> <_o3a_p> 2. Charges of Rs. 5000/- per day from second week after due date <_o3a_p> <_o3a_p> 3. In case of non-submission within three weeks from the due date of submission, new client registration to be prohibited and notice of 7 days for disablement of trading facility till submission of data/report. The disablement notice issued to the member shall be shared with all the Exchanges for information. <_o3a_p> <_o3a_p> 4. In case of non-submission within four weeks from the due date of submission, Member shall be disabled in all segments till submission of data/report<_o3a_p>	In case of a repeat instance by the Member, levy of applicable monetary penalty along with an escalation of 50%. <_o3a_p> <_o3a_p> In case of non-submission within three weeks from the due date of submission, new client registration to be prohibited and notice of 7 days for disablement of trading facility till submission of data/report. The disablement notice issued to the member shall be shared with all the Exchanges for information. <_o3a_p> <_o3a_p> In case of non-submission within Four weeks from the due date of submission, Member shall be disabled in all segments till submission of data/report.<_o3a_p>
<_o3a_p> Non-submission of Cyber Incident reporting (Immediate Submission) within the time (within 24 hours) specified by the Exchange.<_o3a_p>	<_o3a_p> If the incident not reported within 24 hours. Rs. 20,000/- per day till the incident is reported subject to a maximum of Rs.2 lakhs per incident.<_o3a_p>	<_o3a_p> In case of a repeat instance by the Member, levy of applicable monetary penalty along with an escalation of 50%.<_o3a_p> <_o3a_p>

<_o3a_p>

Members are requested to take note of the above and ensure compliance.<_o3a_p>

<_o3a_p>

In case of any queries/clarifications, you may reach us on the following contact details.<_o3a_p>

Email ID: - msc(dot)qcir(at)bseindia(dot)com<_o3a_p>

<_o3a_p>

For and on behalf of BSE Ltd<_o3a_p>

<_o3a_p>

<_o3a_p>

Shri. Balaji Venketeshwar<_o3a_p>	Shri. Devendra Kulkarni<_o3a_p>
Chief Information Security Officer<_o3a_p>	Additional General Manager<_o3a_p>

<_o3a_p>

Public link

Please use the above public link if you want to share this noodl on another website.