1. Know your classification
Requirements are graded by entity type (market infrastructure institutions vs smaller intermediaries). Determine yours first.
2. What to implement
- Governance and a security policy.
- Controls across Identify/Protect/Detect/Respond/Recover.
- SOC/monitoring and VAPT.
- Periodic cyber audit and SEBI reporting.
How CyberSigma helps
We map your CSCRF applicability, run the gap assessment, VAPT and cyber audit, and support SEBI reporting.
This guide is educational and not legal advice. Requirements evolve — validate specifics against the current standard or regulation for your situation.
