Talk to a security advisor — a free 30-minute review
AlphaCISO®
Contact us
All servicesService

SEBI Compliance Audit

CSCRF, evidenced and on time.

Cyber resilience is now a SEBI obligation, not a recommendation

SEBI's Cyber Security and Cyber Resilience Framework consolidates earlier circulars into a graded, mandatory regime for its regulated entities — from stock brokers and depository participants to AMCs and market infrastructure institutions. It mandates baseline controls, periodic VAPT, and demonstrable resilience. SEBI tests for evidence, and the framework scales its expectations to your size and category. We make sure you meet the tier that applies to you.

This suits any SEBI-registered intermediary or market participant subject to the CSCRF.

How we work

  • Scope. We confirm your CSCRF category and the graded controls and timelines that apply to it.
  • Gap analysis. Your environment is tested against the framework's governance, protection, detection, and resilience requirements.
  • VAPT. We scope and coordinate the mandated vulnerability assessment and penetration testing, then drive remediation.
  • Report. Findings become a SEBI-aligned compliance report and a board pack that answers the obligation cleanly.

Part of a coherent Indian program

We align CSCRF work with CERT-In incident-reporting timelines and DPDP Act 2023 duties, so a single program addresses SEBI and the wider Indian regime together.