Quarterly Incident Reporting for the period ended on December 31, 2025

Description

Guidelines and procedures for members to submit quarterly and immediate cyber incident reports through BEFS portal.

Summary

BSE has issued comprehensive procedural guidelines for members to report cyber incidents through the BEFS (BSE Electronic Filing System) portal. The circular outlines two types of reporting: Quarterly Incident Reporting to be submitted within 15 days after quarter-end, and Immediate Incident Reporting to be submitted within 6 hours of any cyber-attack, threat, or breach. Members must use designated Excel templates and submit digitally signed PDF reports through their Designated Officers.

Key Points

Two types of cyber incident reporting required: Quarterly and Immediate
Quarterly reports must be submitted within 15 days after the end of each quarter
Immediate incidents must be reported within 6 hours of receipt of information
All submissions must be made through BEFS portal at https://befs.bseindia.com/Login.aspx
Microsoft Excel version 2007 or above required for CIR templates
Templates must have macros enabled and data validated before submission
Final reports must be digitally signed by Designated Officer
System-generated acknowledgement email confirms successful submission

Regulatory Changes

No new regulatory changes introduced. This circular provides detailed procedural guidance for existing cyber incident reporting requirements.

Compliance Requirements

Designated Officer Responsibilities: Must submit quarterly reports within 15 days after quarter-end and immediate reports within 6 hours of cyber incidents
Template Download: Download CIR templates from BEFS portal for respective year and quarter
Data Entry: Complete all required fields in Excel template, enable macros, and validate all sheets
Report Types: Indicate whether cyber-attacks/breaches were observed (Yes/No) and provide detailed information if applicable
Digital Signature: PDF reports must be digitally signed by Designated Officer before final submission
Acknowledgement: Retain system-generated acknowledgement email as proof of submission
Email Notifications: Compliance Officer and Designated Officer will receive confirmation emails

Important Dates

Quarter Ending: December 31, 2025
Quarterly Report Deadline: Within 15 days after end of respective quarter
Immediate Incident Deadline: Within 6 hours of receipt of cyber incident information

Impact Assessment

Operational Impact: Members must ensure their Designated Officers are trained on the BEFS portal procedures and maintain readiness for both quarterly and immediate incident reporting. The requirement for digital signatures and strict timelines (6 hours for immediate incidents, 15 days for quarterly reports) necessitates robust internal processes.

Compliance Impact: All BSE trading members are required to comply with these reporting procedures. Non-compliance or delayed reporting could result in regulatory action. Members must have appropriate cyber incident detection and escalation mechanisms in place to meet the 6-hour reporting requirement for immediate incidents.

Impact Justification

Routine compliance requirement for cyber incident reporting affecting all BSE members with specific quarterly submission deadlines

Category	Compliance
Circular ID	`18da48e829d86fc9`
Impact	Medium
Severity	Medium
Tags	cyber-security incident-reporting compliance quarterly-reporting befs designated-officer
Source	BSE
Links	PDF Document ↗ Original Source ↗ Permalink