Description
BSE reminds members to submit their Cyber Security and Cyber Resilience Audit Report for the half-year period ended September 30, 2025 through the BEFS system using auditor login credentials.
Summary
BSE has issued a reminder to trading members regarding the mandatory submission of Cyber Security and Cyber Resilience Audit Reports for the half-year period ended September 30, 2025. The circular provides a detailed user manual for auditors on how to submit the audit report through the BSE Electronic Filing System (BEFS). Members must create auditor login IDs, and auditors must complete the submission process by uploading the required CSAR Excel Template and supporting documents.
Key Points
- Auditors receive login credentials for BEFS on their email ID as provided by the member
- The submission process requires Microsoft Excel 2007 or above
- Auditors must complete a two-step process: (1) Auditor confirmation with signed undertaking, and (2) Submission of audit report
- The undertaking must be on auditor’s letterhead, signed, stamped, or digitally signed
- File nomenclature for undertaking: CLG.No_HALFYEARLY_UND_SEP2025.PDF
- CSAR Excel Template must be downloaded, unblocked, and macros enabled before filling
- Template includes ‘General Information’ and ‘CSAR’ sheets that must be validated before submission
- All submissions are made through http://befs.bseindia.com/
Regulatory Changes
No new regulatory changes introduced. This is a reminder for compliance with existing cyber security and cyber resilience audit requirements established by BSE for all trading members.
Compliance Requirements
- Member Responsibilities: Create auditor login ID for the applicable submission period (September 30, 2025)
- Auditor Login Setup: Access BEFS portal, change default password, and complete initial login setup
- Auditor Confirmation: Select audit period, verify/update auditor details, save and submit
- Undertaking Submission: Generate PDF of auditor details, print on letterhead, sign and stamp (or digitally sign), scan and upload with proper nomenclature
- CSAR Template Preparation: Download CSAR Excel Template, unblock file in properties, enable macros/content
- Template Completion: Fill ‘General Information’ sheet (select ‘Auditor’ from dropdown), validate; fill ‘CSAR’ sheet with required details, validate
- Final Submission: Upload completed CSAR Excel sheet and related documents through BEFS portal
- Validation: Ensure all sheets are validated using the ‘Home’ button before final submission
Important Dates
- Audit Period: Half-year ended September 30, 2025
- Circular Date: January 16, 2026 (reminder notification)
- Submission Deadline: Not explicitly stated in the circular, but implied to be overdue given this is a reminder
Impact Assessment
Operational Impact: High - All BSE trading members and their appointed auditors must complete this mandatory compliance exercise. The detailed submission process requires coordination between members and auditors, proper documentation, and technical familiarity with the BEFS system.
Compliance Risk: High - This is a reminder circular, suggesting members may be approaching or past the deadline. Non-compliance with cyber security audit requirements could result in regulatory penalties, suspension of trading privileges, or other enforcement actions by BSE.
Market Impact: Low to Medium - While this affects all members’ operational compliance, it does not directly impact trading operations or market structure. However, systematic non-compliance could raise broader concerns about cyber security preparedness across the exchange ecosystem.
Technical Requirements: Members and auditors must have appropriate technical infrastructure (Microsoft Excel 2007+, internet browser, ability to handle macros and file properties) and follow precise file naming conventions and validation procedures.
Impact Justification
Mandatory cyber security audit submission for all members with regulatory compliance implications. Non-submission could result in penalties or regulatory action.