ISO 27001:2022 compliance is required under SEBI’s Cybersecurity and Cyber Resilience Framework (CSCRF), but it is not mandated universally for all types of REs (Regulatory Entities). Instead, the requirement depends on the RE’s size and impact level:
However, as mentioned SEBI encourages Other REs to incorporate best practices from standards like ISO 27001 and ISO 27002 as part of their cybersecurity measures. This adoption of ISO standards is suggested to bolster information security management systems (ISMS), ensuring a proactive approach to cybersecurity, even though ISO 27001 certification itself is only mandatory for Market Infrastructure Institutions (MIIs) and Qualified REs.
We at AmbiSure, are helping organizations align with ISO 27001 for REs or checklist for Other REs to strengthen their security posture, meeting SEBI’s resilience objectives.
As per SEBI strong recommendation to implement security practices consistent with ISO 27001, Our expert team is equipped to help you especially in areas such as risk management, incident response, and data protection, to maintain baseline security and resilience across the financial sector.