NATIONAL STOCK EXCHANGE OF INDIA LIMITED.

CAPITAL MARKET OPERATIONS

CIRCULAR

 

 

Circular No: NSE/CMO/0197/2005

Download No: NSE/CMTR/6128

Date: May 10, 2005

 

 

System Audit requirement for CTCL / Internet based trading facility

 

 

Please refer to our circular ref. no. NSE/CMTR/6068 dated April 22, 2005. As part of the ongoing compliance requirements, members using CTCL and Internet based trading facility, are advised to introduce a requirement of regular audit of their systems.

 

The systems audit shall cover, besides the requirements specified in respect to systems audit under CISA or any other such professional code of conduct, compliance of systems with the rules, regulations, Bylaws of the Exchange, circulars / instructions/undertaking pertaining to CTCL and internet based trading systems issued by SEBI and the stock exchange from time to time. The audit shall be conducted for the purpose of and with an objective of identifying the system inadequacies/deficiencies, if any, based on compliance requirements and the implications of such inadequacies.

          

The audit shall broadly cover the following areas/aspects.

 

a.         Existing features and system parameters implemented in the trading system.

b.         Identify the adequacy of input, processing and output controls

c.         Identify the adequacy of the application security so that it commensurate to the size and

            nature of application.

d.         Event logging and system monitoring.

e.         User management.

f.          Password policy/standards

g.         Test of adherence to policies

h.         Network management and controls

i.          Change management and version controls.

j.          Backup systems and procedures

k.         Business continuity and disaster recovery plan

l.          Documentation for system processes

m.        Security features such as access control network firewalls and virus protection measures.

n.         Any other area/aspect which may be material for inclusion in the audit certificate and/or

            which may be specified by the Exchange from time to time.

 

The members are required to submit system audit certificate duly obtained from a person holding certificate from CISA /CISSP/ISA on half yearly basis starting from the year ending on June 30, 2005. The said certificate will be required to be submitted on or before the last working day of the subsequent month, i.e. in the instant case on or before July 31, 2005.

 

In case of any clarification, members may contact the following officials: Ms. Saumya Dixit (Extn:5044) / Mr. Abhishek Mahesh (Extn:5041) / Ms. Madhvi Gogate (Extn:5043) or at direct no. 022-26598150

 

 

For and on behalf of

National Stock Exchange of India Ltd.

 

 

 

 

Suprabhat Lala

Manager – Capital Market Operations