Reminder for Submission of Cyber Security and Cyber Resilience Audit Report for Period Ended September 30, 2025

Description

BSE reminds members to submit their Cyber Security and Cyber Resilience Audit reports for the half-yearly period ended September 30, 2025, through the BEFS portal using the prescribed auditor submission process.

Summary

BSE Limited has issued a reminder circular regarding the mandatory submission of Cyber Security and Cyber Resilience Audit reports for the half-yearly period ended September 30, 2025. The circular provides a detailed user manual for auditors to submit reports through the BSE Electronic Filing System (BEFS). Members must create auditor login IDs, and auditors must follow the prescribed 18-step process to complete their submissions using the CSAR Excel Template.

Key Points

• Audit report submission is for the period ended September 30, 2025
• Auditors receive login credentials via email after members create their login IDs on BEFS
• Submission requires Microsoft Excel 2007 or above
• CSAR Excel Template must be downloaded, unblocked, and macros enabled before filling
• Auditors must submit a signed undertaking on letterhead following specific file nomenclature: CLG.No_HALFYEARLY_UND_SEP2025.PDF
• Submission portal: http://befs.bseindia.com/
• Two main components required: Auditor confirmation and CSAR Excel Sheet with related documents
• Template includes ‘General Information’ sheet and ‘CSAR’ sheet, both requiring validation before submission

Regulatory Changes

No new regulatory changes introduced. This is a reminder for compliance with existing cyber security and cyber resilience audit requirements established by BSE for its members.

Compliance Requirements

• Members: Create auditor login IDs for the applicable submission period on BEFS
• Auditors:
  • Login to BEFS using credentials provided by member
  • Change default password on first login
  • Complete ‘Cyber Security & Resilience Auditor Details’ screen
  • Generate and upload signed undertaking on letterhead (PDF format with proper nomenclature)
  • Download CSAR Excel Template and unblock file properties
  • Enable macros and content in the template
  • Fill ‘General Information’ sheet (select ‘Auditor’ from dropdown) and validate
  • Complete ‘CSAR’ sheet with all required details and validate
  • Validate all sheets using ‘Home’ button
  • Upload CSAR Excel Sheet and related documents through BEFS portal
  • Submit final report through ‘Submission of Audit Report (Cyber Security CSCRF)’ section

Important Dates

• Audit Period Covered: Half-yearly period ended September 30, 2025
• Circular Issue Date: January 16, 2026
• Submission Deadline: Not explicitly stated in the circular (this is a reminder, suggesting deadline is approaching or overdue)

Impact Assessment

Operational Impact: High - All BSE members and their appointed auditors must ensure timely compliance with cyber security audit requirements. Non-submission may result in regulatory action or penalties.

Market Impact: Low - This is an internal compliance requirement and does not directly affect trading operations or market participants.

Member Impact: High - Members must coordinate with their auditors to ensure proper submission through the BEFS portal. The detailed 18-step process requires technical familiarity with the BEFS system and Excel template procedures.

Technology Requirements: Members and auditors need access to Microsoft Excel 2007 or above, internet connectivity for BEFS portal access, and ability to handle macro-enabled Excel files. The process involves specific technical steps including unblocking downloaded files and enabling macros, which may require IT support for some users.

Impact Justification

Mandatory regulatory audit submission with compliance implications for all BSE members. High importance due to cybersecurity requirements, but medium impact as it affects operational compliance rather than trading operations.