The framework outlines the risks associated with cloud adoption. (File)
Mumbai:
Markets regulator SEBI has proposed a principled framework for the adoption of cloud services by stock exchanges, clearing corporations and other entities.
According to a statement from the Securities and Exchange Board of India, the framework is based on research, surveys and consultations with market participants, regulators, cloud associations, cloud service providers (CSPs), government agencies and SEBI’s advisory committees. SEBI).
According to the SEBI statement, the cloud framework provides the mandatory requirements that a regulated entity (RE) must meet to adopt cloud computing to expand business prospects through scalability, reduced operational costs, digital transformation and reduced information technology (IT) infrastructure complexity. .
A framework with nine high-level principles outlines the risks associated with cloud adoption and provides the necessary oversight.
The document also provides basic security measures to be implemented (by RE and CSP) and RE may decide to add additional measures according to its business needs, technological risk assessment, risk appetite, compliance requirements with all applicable circulars/guidelines/advisories. etc. issued by SEBI from time to time.
One of its principles, the statement says, is that UEs should have an effective governance, risk and compliance (GRC) framework for cloud computing to enable them to build a cloud strategy tailored to their circumstances or needs. RE should also follow the governance structure mentioned in various circulars issued by SEBI.
In terms of cloud risk management, the statement says there is a paradigm shift in the way cloud technology is built and managed compared to traditional on-premises infrastructure. Therefore, UEs must implement comprehensive risk management to continuously identify, monitor, and mitigate risks posed by cloud computing. The cloud risk management approach must be approved by RE management.
The approach to cloud risk management is technical, legal, business, regulatory, and more. should provide details on the various risks of cloud adoption and controls to mitigate the risk commensurate with the importance and sensitivity of the data/operations. – sat on a cloud.
According to the SEBI statement, data in the cloud must be located/processed within the legal boundaries of India. However, for investors whose country of incorporation is abroad, the original data of the RE must be available and readily available in a form that is understandable and usable within the legal boundaries of India.
(Except for the headline, this story was not edited by NDTV staff and was published on a syndicated channel.)
Featured image of the day
How to manage your money when prices are rising?
