SEBI’s Testing Framework for IT Systems of Market Infrastructure Institutions (MIIs)

May 6, 2023

SEBI, India’s regulatory body, has introduced a new framework for testing the IT systems used by market infrastructure institutions (MIIs), including stock exchanges, clearing corporations, and depositories. The objective of the framework is to assist MIIs in performing thorough risk assessment before deploying any IT systems in the production or live environment. The MIIs will be required to undertake system testing, functional testing, and application security testing under this new framework.

Approval Process

MIIs will have 30 days to submit the testing framework of all their IT systems, which needs to be approved by the Standing Committee on Technology (SCOT) of the respective institutions. SCOT has the responsibility of giving approval to the all-inclusive approach for testing the system, functional, and application security methodologies.

Testing Scope

MIIs are required to perform white box testing or structural testing, which involves analyzing data flow, control flow, information flow, coding practices, exception, and error handling within the system. The testing scope covers business logic, system function, security controls, and system performance under load and stress conditions. Testing should be conducted in a separate environment that mirrors the production environment to reduce any disturbance.

Bug Fixes

All identified software bugs, issues, or defects should be remediated immediately. Major issues that could hurt the MII should be reported to their SCOT and addressed before deployment to the production environment. MIIs have been asked to establish policies and procedures on the use of third-party systems or software codes to ensure that these systems are subject to review and testing before they are integrated with their systems.

Importance of Testing

Testing is critical to identify software bugs, issues or defects, and to ensure that IT systems function properly and efficiently. The objective of this framework is to have a comprehensive testing methodology in place that can assist the MIIs in performing thorough risk assessment before deploying any IT systems in the production or live environment. This framework will assist the MIIs in making their IT systems more reliable, robust, and secure.

« »

Month: 

Category: 

Leave a Reply

Your email address will not be published. Required fields are marked *