SEBI CSCRF
SEBI's Cybersecurity and Cyber Resilience Framework — applicable to stock exchanges, depositories, brokers, AMCs, and other SEBI-registered intermediaries.
All SEBI-registered intermediaries (MIIs, brokers, depositories, AMCs, RIAs, etc.).
Continuous evidence pipeline available; audit support included for all customers.
What SEBI CSCRF actually requires.
These are the obligations a regulated entity owes — the things an assessor or supervisor will ask about.
Govern–Identify–Protect–Detect–Respond–Recover lifecycle.
Cybersecurity governance with board oversight.
Cyber Crisis Management Plan and DR testing.
Incident reporting to SEBI / NCIIPC / CERT-In as applicable.
VAPT cadence per intermediary type.
Pre-mapped controls. Continuous evidence.
Each requirement above is bound to live telemetry — not screenshots. The mapping below is what your auditor or regulator sees.
SEBI CSCRF lifecycle dashboard with phase-wise evidence.
Multi-regulator reporting (SEBI + CERT-In + NCIIPC) from a single incident timeline.
VAPT cadence enforcement per intermediary class.
Artifacts your auditor accepts.
Each evidence artifact is signed and timestamped. Auditors can verify integrity without trusting Safeguard.
CSCRF self-assessment data pack.
Cyber Crisis Management Plan.
VAPT register.
One evidence base. Many regulators.
These frameworks share substantial control overlap with SEBI CSCRF. Customers running one assessment typically satisfy the others with the same evidence base.
DPDP Act, 2023
India
India's first omnibus personal data protection law — phased rollout underway, with sectoral overlays from RBI, SEBI, and CERT-In.
RBI Cybersecurity Framework
India
RBI's cybersecurity framework spanning circulars for banks, urban co-operatives, NBFCs, and payment system operators.
IFSCA Framework
India
IFSCA's information and cybersecurity framework for entities operating in GIFT International Financial Services Centre.
CERT-In Directions
India
CERT-In's 2022 Cyber Security Directions — incident reporting, logging, and 180-day retention requirements.
NCIIPC Critical Information Infrastructure
India
India's protection regime for Critical Information Infrastructure designated under Section 70 of the IT Act.
Ready for SEBI CSCRF?
Bring the framework. We'll walk the controls with you — section by section, evidence packet by evidence packet, with the regulators you actually have to answer to.