IRDAI constitutes Committee to review IRDAI’s Guidelines on Information and Cyber Security for insurers

The Insurance Regulatory and Development Authority of India (“IRDAI”) has notified the formation of committee to review IRDAI’s Guidelines on Information and Cyber Security for insurers.

Background:

The economic situation owing to COVID-19 pandemic has seen an exponential increase in cyber-attacks across the globe and in particular, the financial sector. This situation has necessitated Regulators to re-look into their Cyber Security Guidelines applicable to all regulated entities in an effort to protect the financial systems.

IRDAI issued Guidelines on Cyber Security vide IRDA/IT/GDL/MISC/082/04/2017 dated 7th April, 2017 (“Guidelines”) as a part of Governance mechanism, which amongst other requirements mandate:

1. Information Security Committee (ISC)

2. Board approved Information & Cyber Security Policy

3. Appointment of Chief Information Security Officer (CISO)

4. Cyber Crisis management plan (CCMP)

Apart from the above-mentioned, the Guidelines mandate that the Insurers’ Risk Management Committee should be responsible for an Annual Comprehensive Assurance audit including conducting of Vulnerability Assessment & Penetration Test (VA&PT) and should report the findings to IRDAI.

The Committee shall review IRDAI’s Information & Cyber security Guidelines for the following:

1. Whether to extend the applicability of Guidelines for insurers to other entities, which are regulated by IRDAI, with or without modification.

2. Whether and how to apply the Guidelines to the extent applicable to entities which access Insurers IT Systems.

3. How to ascertain that minimum Security Standards are followed by those entities which access Insurers IT Systems, though those are not regulated by IRDAI.

4. Whether to update the Guidelines to cover Cyber Security issues in Fintech Solutions, Mobile based applications, Work from Remote location and Cloud Sourcing.

5. To address base-line requirements for Critical Information Infrastructures (CIIs) to sync with NCSI (National Security Council of India) Guidelines.

6. To specifically address applicability of Guidelines for foreign Re-insurance branches (FRBs) which have interface with overseas parent Companies and other Global re-insurers.

7. To prepare a Comprehensive Audit Checklist and Certification model.

The Committee shall submit concrete recommendations after deliberating on the above-mentioned

 

Source: Insurance Regulatory and Development Authority of India

Share this:

Sign up for our

Newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

Lexplosion will use the information you provide on this form to be in touch with you and to provide updates and marketing.