Stay informed updated with SEBI’s latest FAQs. Click to read.
A couple of key clarifications detailed below…
Question: If the structured digital database is maintained on Amazon, Google or cloud server hosted outside India, will it be considered as outsourced or internal?
Old Answer: Databases/servers provided by third party vendors whether within India or outside India will be considered as outsourced.
Updated Answer (on 31st March 2023): The SDD has to be maintained in compliance of Regulation 3 (5) and 3(6) of PIT regulations. The Board is solely accountable for all aspects related to the maintenance of data on cloud or any other method. The Board and the compliance officer has to ensure the confidentiality, integrity and security of its data and logs, and ensure compliance with the laws, regulations, circulars, FAQ’s etc. issued by SEBI/ Exchanges from time to time. The Board / Compliance Officer shall be responsible and accountable for any violation of the same.
Additional Clarification issued on 31st March 2023:
Question: Regulation 3(5) requires that structured digital database shall not be outsourced and shall be maintained internally with adequate internal controls and checks. Whether a listed company can use software provided by third party vendors, wherein the server is of the vendor but requisite entries are made by the employees of the company only.
Answer: The third party vendors are providing the services/software on login basis, where the server is maintained by the vendor. Therefore, the vendor may have access to such records which would be contrary to the regulations with respect to maintenance of structured digital database.
Affinis(SDD) thus continues to remain the premier and best designed Structured Digital Database Solution application for quick, accurate, easy and automated maintenance of your compliance obligations with complete comfort provided for the Board, the Compliance Officer and users.
With the ability to be deployed on any compliant cloud platform or local infrastructure Affinis(SDD) provides enterprise-wide licenses. Private deployments ensure compliance without worries of receiving services on a login-basis.
JONOSFERO International provides not just application solutions but can also assist with cloud infrastructure, making us the natural choice for regulated entities seeking end-to-end solutioning.
What’s more, JONOSFERO International, with its team of regulatory experts is not only best placed to provide the application and the cloud support infrastructure but also Risk & Regulatory training to complete the trinity of (1) application + (2) infrastructure + (3) training so you need not run across agencies to coordinate the three.
