Economy and Policy

SEBI Comes Out With Testing Framework For IT Systems Of Stock Exchanges

Under the framework, all MIIs have been asked to do extensive testing, validation, and documentation whenever new systems or changes to existing systems are introduced before the deployment in the production/live environment, according to a circular

SEBI
info_icon

Capital markets regulator SEBI on Friday put in place a comprehensive testing framework for the information technology (IT) systems of the stock exchanges and other market infrastructure institutions (MIIs).

The framework will be for the IT systems of MIIs -- stock exchanges, clearing corporations, and depositories -- throughout their lifecycle, which can assist the MIIs in performing thorough risk assessment before deploying any IT systems in production or live environment.

Under the framework, all MIIs have been asked to do extensive testing, validation, and documentation whenever new systems or changes to existing systems are introduced before the deployment in the production/live environment, according to a circular.

Advertisement

Further, they have to set up a comprehensive methodology for system testing, functional testing, and application security testing, and the same need to be approved by the Standing Committee on Technology (SCOT) of respective MIIs.

The scope of testing includes covering business logic, system function, security controls, and system performance under load and stress conditions. Moreover, any dependency on the existing systems shall be properly tested.

"Testing should be carried out in a separate environment that replicates/mirrors the production environment to minimize any disruption," SEBI said.

According to the regulator, all issues identified from testing, including system defects or software bugs, should be properly tracked and remediated immediately.

Advertisement

Moreover, major issues that could hurt the MII should be reported to their SCOT and addressed before deployment to the production environment.

In addition, MIIs have been asked to establish policies and procedures on the use of third-party systems or software codes to ensure these systems are subject to review and testing before they are integrated with their systems.

MIIs have been directed to perform white box testing or structural testing, which includes analysing data flow, control flow, information flow, coding practices, exception, and error handling within the system.

Further, they have been asked to submit the testing framework of all their IT systems after approval of SCOT within 30 days.

Advertisement

Advertisement

Advertisement

Advertisement