Cybersecurity & IT Resilience Framework
At Instant Holdings Limited, safeguarding the confidentiality, integrity, and availability of our financial data and stakeholder information is a paramount priority. We have implemented a comprehensive Cyber Security and Cyber Resilience Framework that fully complies with the stringent guidelines set forth by the Reserve Bank of India (RBI) and the Securities and Exchange Board of India (SEBI).
Our IT governance structure is designed not only to protect against evolving cyber threats but also to ensure rapid recovery and seamless business continuity in the event of an incident.
Regulatory Compliance & Standards
RBI IT Framework Compliance
Aligned with the RBI Master Direction – Information Technology Framework for the NBFC Sector.
- Board-approved Information Security (IS) Policy
- Segregation of IT Operations and IT Security functions
- Strict Logical Access Controls and Multi-Factor Authentication (MFA)
- Continuous network monitoring and Endpoint Security
SEBI Cyber Resilience Framework
Adhering to SEBI's guidelines on Cyber Security and Cyber Resilience for market participants.
- Comprehensive Cyber Risk Identification and Assessment
- Data classification and encryption at rest and in transit
- Protection of Sensitive Personal Information (SPI)
- Routine security awareness training for all employees
Security Audits, Testing & Monitoring
We believe that security is an ongoing process. To ensure our defenses remain robust against sophisticated attacks, we mandate rigorous testing and continuous monitoring:
- Vulnerability Assessment & Penetration Testing (VAPT): Conducted periodically by independent, CERT-In empanelled auditors to identify and remediate vulnerabilities.
- Information Systems (IS) Audit: Comprehensive annual IS audits to assess the effectiveness of IT controls and compliance with RBI directives.
- Continuous Monitoring: Real-time monitoring of networks, databases, and endpoints to detect anomalous behavior and potential intrusions immediately.
Incident Management & Reporting
Our Incident Response Plan (IRP) provides a structured approach for handling cyber security incidents swiftly and effectively. In compliance with regulatory mandates:
- Immediate Detection & Containment: Rapid isolation of affected systems to prevent lateral movement.
- Regulatory Reporting: Mandatory and timely reporting of cyber incidents to the Indian Computer Emergency Response Team (CERT-In), the RBI, and SEBI as required by applicable circulars.
- Root Cause Analysis (RCA): Thorough post-incident forensics to understand vulnerabilities and strengthen future defenses.