MANU/SPRL/0006/2024
Ministry : Securities and Exchange Board of India
Department/Board : Press Release
Press Release No. : 07/2024
Date : 04.04.2024
Subject: Capital Market
SEBI obtains ISO/IEC 27001:2022 Certification for its Information Security Management Systems
SEBI has successfully obtained the ISO/IEC 27001:2022 certification for the following:
(1) Information Security Management System at the Primary Data Centre,
(2) Security Operations Control (SOC) and Network Operations Control (NOC) Operations and
(3) Information Security Management System at the Disaster Recovery site.
The Certification was obtained after rigorous evaluation by the certification body under accreditation of National Accreditation Board for Certification Bodies (NABCB), a member of International Accreditation Forum (IAF).
International Organisation for Standardisation - ISO/ International Electrotechnical Commission- IEC 27001:2002 is an internationally recognized standard for ISMS that enables organizations to identify, prevent, and defend potential security vulnerabilities. As stated by ISO on its website [www.iso.org/standard/27001], ISO/IEC 27001 "promotes a holistic approach to information security: vetting people, policies and technology. An information security management system implemented according to this standard is a tool for risk management, cyber-resilience and operational excellence".
As part of its continuous commitment to set benchmarks for cyber security
standards in the Indian Securities Market, it was decided to obtain ISO/IEC
27001:2022 certification by ensuring that SEBI's information technology
systems meet the standards of a comprehensive evaluation and audit process
undertaken by the certification body accredited by NABCB.
This certification underscores SEBI's commitment to continuous improvement and enhancement of its systems and controls to achieve Confidentiality, Integrity, and Availability (CIA) of data and operations.