Do you have an updated SEBI-aligned Cybersecurity Policy?
Do you have a documented Incident Response Plan (IRP) with escalation workflows?
Is a Cybersecurity Officer / IT Committee appointed as required for your RE category (Small / Medium)?
Monitoring & SOC
Do you have continuous monitoring through a SOC (MarketSOC for Small REs, Dedicated/Comanaged SOC for Medium REs)?
Do you maintain 180+ days of security logs as required?
Is a SIEM/SOAR solution like Microsoft Sentinel active and generating alerts?
Vulnerability & Testing
Are you running VAPT at the required frequency (Annual for Small REs, Quarterly + API testing for Medium REs)?
Do you maintain a vulnerability register?
Do you have closure evidence for every vulnerability identified?
Identity, Access & Zero Trust
Is MFA enforced for ALL users, including admins, partners, and remote staff?
Do you perform periodic access reviews and enforce least privilege?
Are privileged accounts protected through PIM/JIT access?
Data Security & DLP
Do you have data classification (Public/Internal/Confidential) implemented?
Is sensitive data protected with DLP policies across email, endpoints, and cloud apps?
Is encrypted data at rest, in transit and (optionally) in use?
Cloud Adoption Controls
Are all workloads hosted in India-based cloud regions as required?
Have you performed a Cloud Risk Assessment aligned with SEBI’s Cloud Adoption Framework?
Do you have controls for shared responsibility, access, encryption, and log retention?
Third-Party Risk
Do you conduct vendor due diligence and retain outsourcing documentation?
Are Microsoft Trust Center & compliance certificates maintained as evidence?
Incident Response & Reporting
Are employees trained on phishing, cyber hygiene, and fraud awareness annually?
Do you have a defined SEBI incident reporting workflow with timelines?
Do you maintain an incident register?
Audit & Evidence
Do you have audit-ready documentation for policies, logs, VAPT, access reviews, and risk assessments?
Are your quarterly/annual submissions prepared and reviewed on time?
If you answered “NO” to even ONE item — you are NOT SEBI ready.
This is exactly where TechGyan’s SecureIT 365 and our Microsoft Cloud–powered compliance programs help you become fully aligned, evidence-ready, and auditproof.
