Ref: IRDA/IT/ MISC/MISC/047/03/2017 Date: 02-03-2017
EXPOSURE DRAFT ON “INFORMATION AND CYBER SECURITY FRAMEWORK FOR INSURANCE SECTOR”
Cyber security in financial sector has gained importance, more so with the advent of technological innovations. In this connection, IRDAI has planned to come out with a comprehensive Information and cyber security framework for Insurance sector covering various aspects for designing a suitable information & cyber security policy by the regulated entities, establishment of appropriate Governance structure for implementation of Information & Cyber Security policy and audit mechanism to mitigate cyber risks.
In view of the above, IRDAI vide its Circular (ref. no: IRDA/IT/CIR/MISC/216/10/2016) dated 31st Oct 2016 formed a working group of CIOs for ‘Formulating a comprehensive framework for Information and cyber security for insurance sector’ which in turn formed the following three sub-groups to work on various issues related to Information and Cyber Security
a. Group-1 All four layers of security (Data, Applications, Operating systems and Network layers)
b. Group-2 (Security Audit)
c. Group-3 (Legal aspects on Cyber Security)
The sub-groups met on various dates, held several rounds of discussions and has come out with draft frame work along with a tentative audit-checklist. The frame work has been prepared based on various Industry standards in Information & Cyber Security and the best practices followed by the insurers.
All stakeholders are requested to go through the attached exposure draft (Annex-I) and provide their feedbacks/ Comments in the attached format so as to reach us by 15th March, 2017 by e-mail to Shri.Mahesh Agarwal, DGM-IT at maheshagarwal [at] irda[dot] gov[dot] in [under copy to it [at] irda [dot] gov [dot] in].
Chief General Manager (IT)