APPLICATION OF

IT
in
NSDL
1
 AGENDA
1.. NSDL System
 Overview
 An analogy
 NSDL today
 NSDL Technology
2.. Services
 Basic
 Value Added
3.. Benefits
4.. Threat Perception
5.. Security Measures
6.. Business continuity planning (Network)
2
7.. IT Audit Practices
 NSDL - Bank -- An Analogy

BANK NSDL

➨Holds funds in ➨Holds securities in

accounts accounts
➨Transfers funds ➨Transfers securities
between accounts between accounts
➨Transfers without ➨Transfers without
handling cash handling physical
securities
➨Safekeeping of money ➨Safekeeping of securities

3
 NSDL Today

• Beneficiary Accounts 48.85 lac

• Positions > 2 crore

• Custody Rs. 9 lac crore
• Settlement thru Demat 99.99%
• No. of Comp. / Securities 5000 + /
14000+
• Settlement value > Rs. 2000 cr.
• Bookings 6-12 lacs 4
 NSDL System Overview
ANOTHER
DEPOSITORY

CC -1 SR-1
DEPOSITORY
CLEARING REGISTRAR
CORP.
CC - 2 NSDL SR-2 /ISSUERS
CC - 3 SR-3

DP - 1 DP - 2 DP - 3 DP - 4 DP - 5
DEPOSITORY PARTICIPANTS

STAR NETWORK
SWIFT MESSAGING CONVENTION

5
 NSDL’s TECHNOLOGY
• SOFTWARE
 Developed & supported by CMC Ltd
 Modified version of Banking Software TC-4

• HARDWARE
 IBM Mainframe system
 Standby CPU (in case of main CPU failure)
 All network component like- Router,
communication controller etc used.
• Disaster back-up site
• Power failure back-up
6
 Services
• BASIC SERVICES

Provide Electronic custody & Trade settlement services

such as-

• Account maintenance
• Dematerialization
• Rematerialization
• Market transfer

7
 Value Added Services
Internet-based services such as
 SPEED-e
 IDeAS
 STeADY

• Automatic delivery of securities to clearing

corporations.

• Stock lending.

8
 Benefits

• Easy handling of huge volume of paper

• Elimination all risk associated with physical
certificates
• Immediate transfer & registration of
securities
• Elimination of Bad Delivery
• Periodic status report
• Reduction in brokerage
• Ease in portfolio monitoring

9
 Threat Perception

• Privacy of account holder’s information

• Disruption of Service
• Reconciliation
• Software Integrity
• Authenticity of Debit instruction

10
 Security Measures Scope

• NSDL Internal Office Infrastructure

 Office System Security
 Internet Access Security
 Virus Protection Mechanism
 Physical Access Security

• Internet based Services

11
 Depository Internal Office
Infrastructure
• Office Systems
– Switch based LAN / VLANs
– Local PC Data Protection Policy
– Licensed Software Usage only

12
 Depository Internal Office
Infrastructure - Cont.
• Internet Access
– Governed by Internet Usage Policy
– Access only through Proxy Server
– E-Mail send / receive to server hosted
outside
– Only HTTP / HTTPs ports allowed
– ICMP blocked No access from outside

13
 Depository Internal Office
Infrastructure - Cont.
• Virus Protection Mechanism
– Gateway Scanner
– Emails / Attachments scanned on Mail
Server
– Desktop Anti Virus Protection
• Physical Access
– Proximity Card
– Video Surveillance
– Asset Movement Monitoring 14
 Internet based Services
• Authentication
– Password
– PKI / SMART Card
• 3 Tier architecture
• Clustering (partition of Hard disk)
• Firewall / IDS (eg to protect OS)
• Disaster back-up site
• Power Failure back-up
• Machine Level Back-up 15
 Business Continuity Planning
Network
NSE Primary NSE DRS HUB
HUB, Mumbai,

X. 25 VSAT Cloud
NSE NET

NSDL Primary
Production Site ISDN / PSTN
Mumbai
NSDL NET
Fall Back

NSDL TC
NSDL DRS
Leased Line
NSDL NET Business 16
7
Partners
 IT Audit Practices

• Security Committee
• Vulnerability Assessment Group
• Risk Analysis Group
• Security Audit and Penetration Testing
• Surprise audit by Security Officer
Reporting to MD

17
Any Question

18
Thanks for Cooperation

kanhaiya
keshri
ritu

19