Capital markets regulator Sebi on Friday put in place a comprehensive testing framework for the information technology (IT) systems of the stock exchanges and other market infrastructure institutions (MIIs).

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

The framework will be for the IT systems of MIIs - stock exchanges, clearing corporations, and depositories - throughout their lifecycle, which can assist the MIIs in performing thorough risk assessment before deploying any IT systems in production or live environment.

Under the framework, all MIIs have been asked to do extensive testing, validation, and documentation whenever new systems or changes to existing systems are introduced before the deployment in the production/live environment, according to a circular.

Further, they have to set up a comprehensive methodology for system testing, functional testing, and application security testing, and the same need to be approved by the Standing Committee on Technology (SCOT) of respective MIIs. The scope of testing includes covering business logic, system function, security controls, and system performance under load and stress conditions. Moreover, any dependency on the existing systems shall be properly tested.

Also Read: Sebi slaps Rs 75 lakh fine on 15 entities for non-genuine trades

"Testing should be carried out in a separate environment that replicates/mirrors the production environment to minimize any disruption," Sebi said. According to the regulator, all issues identified from testing, including system defects or software bugs, should be properly tracked and remediated immediately.

Moreover, major issues that could hurt the MII should be reported to their SCOT and addressed before deployment to the production environment. In addition, MIIs have been asked to establish policies and procedures on the use of third-party systems or software codes to ensure these systems are subject to review and testing before they are integrated with their systems.

MIIs have been directed to perform white box testing, or structural testing, which includes analysing data flow, control flow, information flow, coding practices, exception, and error handling within the system. Further, they have been asked to submit the testing framework of all their IT systems after approval of SCOT within 30 days.