With the new norms, to be effective from April 2019, stock brokers and depository participants would be required to define the responsibilities of individuals, including outsourced staff, who have privileged access to the networks.
Besides, the watchdog has said that no person should have any intrinsic right to access confidential data by virtue of their rank or position.
In a circular, Sebi said that rapid technological developments in securities market have highlighted the need for maintaining robust cybersecurity and cyber resilience framework to protect the integrity of data and guard against breaches of privacy.
As per the regulator, cybersecurity framework includes measures, tools and processes that are intended to prevent cyber-attacks and improve cyber resilience.
Cyber resilience is an organisation's ability to prepare and respond to such attacks and to continue operation during and recover from cyberattacks.
Since stock brokers and depository participants perform significant functions in providing services to holders of securities, it is desirable that these entities have robust cybersecurity and cyber resilience framework in order to provide essential facilities and perform systemically critical functions relating to securities market, it added.
Accordingly, Sebi has asked brokers and depository participants to formulate a comprehensive cybersecurity and cyber resilience policy document encompassing the framework.
The policy document should be approved by the board or proprietor of the broker and depository participants.
In case of deviations from the suggested framework, reasons for such deviations, technical or otherwise, should be provided in the policy document.