To provide these services, Sebi in September had issued separate notices, inviting expression of interest (EoI) from the interested parties.
The service is related to identify and classify security holes in its entire information technology infrastructure and suggest measures to mitigate such risks.
More From This Section
The second service pertains to set up a 'network and security operation centre', which will enable it to detect and protect against security threats, including from ransomware.
Now, Sebi has shortlisted seven bidders — Wipro, Ernst & Young LLP, Pricewaterhouse, Sumeru Software Solutions, Digital Age Strategies, AAA Technologies, Auditime Information Systems (India) Ltd -- to identify and classify security holes in its entire information technology infrastructure and suggest measures to mitigate such risks.
Besides, Tata Communications, Wipro, Tech Mahindra, IBM India, Sify Technologies, Pricewaterhouse, Dimension Data India Pvt Ltd and Netmagic Solutions are among the eight companies that have been shortlisted to set-up a 'network and security operation centre'.
With regard to information technology infrastructure, Securities and Exchange Board of India (Sebi) said that selected bidder will be responsible for carrying out an assessment of threat and vulnerabilities and assess the risks in its IT infrastructure.
This will include identifying existing threats and suggest remedial solutions and recommendations on the same to mitigate all identified risks and enhance the security of information systems.
Information system infrastructure includes networking systems, security devices, servers and databases.
Besides, the agency will be responsible for carrying out enterprise-wide system audit focused on configuration, security aspects, risk assessment, deployment, administration, access control, back up and business continuity.
The audit will also cover review of standard operating procedures, automation and monitoring of all IT assets.
With respect to 'network and security operation centre', Sebi said that selected company will be responsible for all the activities related to information security, including anti-phishing, anti-malware, anti-trojan, anti-ransom and implementation of security solutions such as content filter and virtual browsing solutions at the regulator.