SEBI shortlists six entities for implementation of custom-made governance policy

NEW DELHI, July 6: Market regulator Securities and Exchange Board of India (Sebi) has shortlisted six entities, including KPMG, PWC and Ernst & Young, for implementation of a custom-made governance policy.
Other three shortlisted bidders are RSM Astute Consulting, BDO India and ANB Solutions.
The regulator plans to prepare policy documents, standard operating procedures (SOPs) and other information technology (IT) documents through consultations as it has certain policy documents in place which might require variations as per the best industry standards and practices.
Accordingly, in February, the market watchdog had invited expressions of interest (EoI) from agencies for consultation for IT policy preparation, risk assessment and SOP documentation at Sebi.
Following this, the regulator has shortlisted these six bidders for further process, the Sebi said in a notice issued on Friday.
The regulator, at the time of inviting EoI, said that well-written organisation-level IT policies, procedures and manuals reduce operating costs and improve performance by enhancing consistency and establishing clear criteria for computer, network, hardware, software, information security, and IT vendor management.
According to the regulator, establishing a consistent IT SOP best practices and operational methods are an important component in safeguarding information systems, IT assets as well as IT investments.
“Sebi expects to prepare and implement a suitable governance structure i.E. Comprehensive policy and procedure documents that are custom-made to suit to the needs of the business and advising staff of their obligations to ensure ongoing compliance,” the regulator had said.
The selected agency is required to form in-depth risk assessment for IT infrastructure deployment. The risk assessment needs to include identification of foreseeable threats, assessment of the likelihood and potential damage of these threats, and the sufficiency of controls to mitigate risks.
The agency needs to conduct risk assessment of IT infrastructure deployment at Sebi annually, calculate risk score accordingly, review controls and its impact on policies and SOPs and changes required in the reviewed policies and SOPs.
After completion of risk assessment, the agency is expected to review all the existing policies and SOPs. (AGENCIES)