Capital markets regulator SEBI is looking to rope in an agency for performing in-depth risk assessment of its information technology (IT) infrastructure.
The risk assessment needs to include identification of foreseeable threats, assessment of the likelihood and potential damage of these threats, and the sufficiency of controls to mitigate risks.
In a notice last week, the regulator has invited expression of interest (EoI) from solution providers to conduct risk assessment of IT infrastructure, prepare policy documents, standard operating procedures (SOPs), documentation of procedures and processes and other IT documents.
In addition, design specification document need to be prepared for all the selected processes for automation, it added.
"Bidder is supposed to conduct risk assessment of IT infrastructure deployment at SEBI annually, calculate risk score accordingly, review controls and its impact on policies and SOPs and changes required in the reviewed policies and SOPs," the regulator said.
Sebi noted that IT risk assessment helps to determine the vulnerabilities in information systems and the broader IT environment, assess the likelihood that a risky event will occur, and rank risks based on the risk estimate combined with the level of impact that it would cause if it occurs.
It will also help in identifying controls and measures required to be included in IT policies and SOP, it added.
The concept of risk is a key consideration in policy making and a well written organisation level IT policy, procedure and manual reduces operating costs and improves performance by enhancing consistency and establishing clear criteria for computer, network, hardware, software, information security, and IT vendor management.
Establishing consistent IT SOP best practices and operational methods are an important component in safeguarding information systems, IT assets, and IT investment, SEBI noted.
The agencies are required to submit their applications with the the regulator till January 8, the Securities and Exchange Board of India (SEBI) said.