Quarterly Incident Reporting for the period ended on December 31, 2025

Description

Procedure and guidelines for BSE members to submit Quarterly and Immediate Cyber Incident Reports through BEFS portal.

Summary

BSE has issued detailed procedures for members to report cyber incidents through the BEFS portal. There are two types of reporting: Quarterly Incident Reporting (due within 15 days after quarter end) and Immediate Incident Reporting (due within 6 hours of incident). This circular provides step-by-step instructions for downloading templates, filling incident details, and uploading digitally signed reports.

Key Points

Two types of cyber incident reporting: Quarterly and Immediate
Quarterly reports must be submitted by Designated Officer within 15 days after quarter end
Immediate incidents must be reported within 6 hours of receipt of information
All reporting is done through BEFS portal at https://befs.bseindia.com/Login.aspx
Microsoft Excel version 2007 and above required for templates
Reports must be digitally signed by designated officer before submission
System generates acknowledgement email to Compliance Officer and designated officer upon successful submission

Regulatory Changes

No new regulatory changes introduced. This circular provides procedural guidance for existing cyber incident reporting requirements.

Compliance Requirements

Quarterly Incident Reporting:

Download CIR template from BEFS portal by selecting year and quarter
Enable macros in downloaded Excel template
Select ‘Yes’ or ‘No’ for cyber-attack/breach observed during quarter
If ‘Yes’, fill detailed information across all sheets in template
Fill designated officer details
Validate all sheets using ‘Validate’ button
Upload validated Excel file to BEFS portal
Download auto-generated PDF
Digitally sign the PDF
Submit digitally signed PDF through BEFS portal

Immediate Incident Reporting:

Download Immediate Incident Reporting template from BEFS portal
Enable macros and fill required data
Validate all sheets
Upload to BEFS portal within 6 hours of incident occurrence

Important Dates

Quarterly Report Deadline: Within 15 days after end of Q4 2025 (ended December 31, 2025)
Immediate Report Deadline: Within 6 hours of receiving information about cyber-attacks, threats, incidents or breaches

Impact Assessment

This circular ensures structured and timely reporting of cyber security incidents by BSE members. The 6-hour immediate reporting requirement ensures rapid response to critical security threats. The quarterly reporting provides oversight of overall cyber security posture of members. Non-compliance could result in regulatory action. All trading members must have designated officers familiar with the BEFS portal procedures and maintain cyber incident documentation.

Impact Justification

Mandatory compliance requirement for all BSE members regarding cyber incident reporting with specific deadlines

Category	Compliance
Circular ID	`2dcc9d7d075f07ab`
Impact	Medium
Severity	Medium
Tags	cyber-security incident-reporting compliance befs quarterly-reporting member-obligations
Source	BSE
Links	PDF Document ↗ Original Source ↗ Permalink