Markets regulator Sebi plans to rope in an agency to identify and classify security holes in its entire information technology infrastructure and suggest measures to mitigate such risks. Over the past few years, the regulator has been betting big on technology to address and handle challenges arising out of technological advancements in the markets.
To provide the service to the regulator's information technology infrastructure, the Securities an Exchange Board of India (Sebi) has issued a notice inviting expression of interest (EoI) from interested parties. Information system infrastructure includes networking systems, security devices, servers and databases.
Sebi said the selected bidder would be responsible for carrying out an assessment of threat and vulnerabilities in the regulator's information technology infrastructure.
This will include identifying existing threats if any and suggest remedial solutions and recommendations to mitigate all identified risks, with the objective of enhancing the security of information systems, the regulator noted.
The markets watchdog said the selected agency will "perform Vulnerability Assessment and Penetration Testing (VAPT) to identify vulnerabilities, misconfiguration and other issues that could be leveraged by an external or internal entity (or user) to impact the confidentiality, integrity and availability of Sebi systems or exploit it for personal gains, either from internet or from Sebi's internal network".
Spelling out the eligibility criteria, the regulator said the applicant needs to have a registered office in India and should have been in operation for at least three years. Besides, the applicant should not be in the business of selling IT security products.
Among other terms, the bidder should not be a black-listed firm "due to unsatisfactory performance, breach of general or specific instructions, corrupt or fraudulent or any other unethical business practices". Interested agencies can submit their application till October 22.
The move also comes at a time when several malware attacks have come to light globally, including in India. Sebi, which has been focussing on technology to address market challenges, in May invited bids to provide a data solution that can handle vast amount of data from multiple sources.
Besides, the regulator, in its annual report for 2018-19, said that it intends to deploy data analytics and new generation technologies to deal with various challenges in the market.
"Sebi would encourage adoption and usage of financial technology to further develop and maintain an efficient, fair and transparent securities market ecosystem which also promotes innovation in the securities market," Sebi Chairman Ajay Tyagi said in his statement in the annual report.
As per the report, the regulator would continue to strengthen market supervision through steps such as technology solutions being built to achieve the objective of identifying non-compliance and assisting in investigations.