Cybersecurity & Cyber Resilience (CSCRF)

Our Commitment

InvestValue Capital is committed to protecting client information, systems, databases, and networks from emerging cyber threats — safeguarding their Confidentiality, Integrity and Availability (CIA) in line with SEBI's Cybersecurity and Cyber Resilience Framework (CSCRF) for Regulated Entities.

A Regulated Entity under CSCRF

As a SEBI-registered Portfolio Manager, InvestValue Capital Pvt. Ltd. is a Regulated Entity (RE) under the CSCRF and follows its graded, risk-based approach to cybersecurity and cyber resilience.

Our Categorization

Under the framework's AUM-based categorization, InvestValue Capital is classified as a Self-certification RE, and complies with the controls and reporting obligations applicable to that category.

Cyber Resilience Goals

The CSCRF is built on five cyber resiliency goals that guide our approach

Anticipate

Maintain a state of informed preparedness to forestall compromise of business functions.

Withstand

Continue essential business functions despite a successful attack by an adversary.

Contain

Localize a crisis and isolate trusted systems from untrusted systems to keep operating.

Recover

Restore business functions to the maximum extent possible after an attack.

Evolve

Adapt business functions and cyber capabilities to minimize adverse impacts over time.

Our Compliance Measures

Controls and practices we maintain as a Self-certification Regulated Entity under the CSCRF.

Cybersecurity Policy

A board-approved cybersecurity policy covering essential areas, reviewed periodically.

Risk Management

Cyber risk assessments conducted annually to identify, evaluate, and treat risks.

VAPT

Vulnerability Assessment & Penetration Testing carried out annually as per SEBI scope.

Self-Certification

Annual compliance self-certification (Annexure-P), signed by management and submitted to SEBI.

SOC Monitoring

Security Operations Center coverage for monitoring and threat detection.

Incident Response

A documented Incident Response Plan, developed and reviewed annually, aligned with CERT-In.

Staff Training

Cybersecurity awareness training conducted for staff on an annual basis.

Best Practices

Security best practices adopted, drawing on ISO 27001 principles.

Data Protection

Data classification, need-based access, and backup & recovery controls.

Incident Reporting

Cyber incidents are reported to SEBI in accordance with the CSCRF reporting timelines, supported by our incident response process.

Within 6 hours — by email

Reported to SEBI at mkt_incidents@sebi.gov.in upon detection.

Within 24 hours — on the SEBI portal

Logged on the SEBI Incident Reporting Portal of detection.

Governance & Oversight

Compliance with the CSCRF is reviewed and approved by the management of InvestValue Capital. Designated personnel are responsible for the cybersecurity function, supported by our Compliance Officer, with periodic review of user access rights and privileged-user activities.

This page summarizes InvestValue Capital's cybersecurity and cyber resilience posture for general information only and does not constitute a representation, warranty, or guarantee of security outcomes. Categorization and applicable obligations are determined at the beginning of each financial year based on the prior year's data. For cybersecurity or grievance matters, please contact our Compliance Officer.