ISMS Copilot
SEBI CSCRF

SEBI CSCRF Copilot

Navigate SEBI's Cybersecurity and Cyber Resilience Framework with confidence

Iniciar prueba gratuitaVerlo en acción

Lo que el SEBI CSCRF Copilot puede hacer

Identify your entity tier across the five CSCRF classification levels

Map obligations to the five resilience goals and six cyber security functions

Understand ISO 27001 requirements applicable to MIIs and Qualified REs

Navigate SOC setup and Market SOC onboarding obligations by tier

Track VAPT, CCI assessment, and cyber audit periodicities under Part IV

Interpret parallel CERT-In and SEBI incident reporting channel requirements

About SEBI CSCRF Copilot

The SEBI CSCRF Copilot helps regulated entities understand their obligations under SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 and its clarifications. It covers the five-tier entity classification, resilience goals, audit requirements, and incident reporting channels across all nineteen RE categories.

Para quién está pensado

DORA

Adjacent under Financial Services.

FINMA RS 23/1

Adjacent under Financial Services.

RBI IT Governance

India's other major financial-services cybersecurity baseline — RBI for banks, SEBI for capital markets.

Preguntas frecuentes

What is SEBI CSCRF?

The Cybersecurity and Cyber Resilience Framework (CSCRF), issued by SEBI on 20 August 2024 under circular SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, is the operative cybersecurity regime for all nineteen categories of SEBI Regulated Entities. It supersedes all prior SEBI cybersecurity circulars listed in Annexure-1 and organises obligations across five cyber resilience goals, six cyber security functions, and a five-tier entity classification.

How does the SEBI CSCRF Copilot help?

The Copilot helps you understand which CSCRF obligations apply to your entity tier, interpret the goal-by-function compliance matrix in Part I, and navigate requirements such as SOC setup, VAPT reporting formats in Part III, and the Cyber Capability Index methodology in Part IV. It draws on the August 2024 circular and the December 2024 and August 2025 clarifications.

Does CSCRF reporting replace the requirement to report incidents to CERT-In?

No. CSCRF establishes entity-specific reporting channels — stock brokers report to their stock exchange, depository participants report to their depository, and other REs report directly to SEBI — but these obligations run in parallel with, and do not discharge, the six-hour incident reporting requirement to CERT-In under Directions No. 20(3)/2022-CERT-In issued under section 70B of the IT Act 2000.

¿Listo para optimizar su trabajo de cumplimiento?

Diseñado para velocidad, precisión y resultados listos para auditoría.

Probar ISMS Copilot 2.0