IRDA Cyber Security Audit
The key objectives of the IRDA Cybersecurity framework are to ensure that a Board approved Information and Cyber Security policy is in place with all insurers, to ensure that necessary implementation procedures are laid down by insurers for Information and Cyber Security related issues, to ensure the preparedness to mitigate information and cyber security related risks, and ensure that an in-built governance mechanism is in place for effective implementation of the Information and cyber security framework.
The guidelines are applicable to all insurers regulated by IRDA and to all data created, received, or maintained by insurers, wherever these data records are and whatever form they are in while carrying out their designated duties and functions. The guidelines mandate that the Insurers’ Risk Management Committee should be responsible for an annual comprehensive assurance audit, including conducting VAPT and reporting the findings to IRDA. As a CERT-IN empanelled body, Shieldbyte Infosec can help insurers understand, manage, and comply with IRDA’s Cyber Security requirements as published in the IRDA’s guidelines on information and cyber security for insurers.
Cyber Security Audit
Requirements
Cyber Security Audit
Requirements
- Information Protection
- User Authentication and Authorization
- Thorough Examination
- Internal Monitoring Controls
- Assessment of Controls
- External Review
- Review of Accounting Practices
- Responsibility with Respect to Fraud