India: Adopted SEBI Cybersecurity Advisory for Financial Sector Organisations regarding SaaS solutions including recommendation to localise critical data

On 3 November 2020, the Securities and Exchange Board of India (SEBI), in cooperation with Indian Computer Emergency Response Team (CERT-in), adopted an outline advising about the cybersecurity risks connected to the use of Software as a Service (SaaS) solutions for managing their Governance, Risk & Compliance (GRC) functions. Organisations are advised to exercise direct control and supervision over their cybersecurity posture while keeping critical data within the legal boundaries of India.