Cyber Security

Insurers collect, store, and share data with multiple third-parties (e.g., service providers, reinsurers etc.), and aggregate substantial amounts of personal and confidential policyholder information. The repositories like call centers etc have access to policyholders’ data and sensitive health information. The information needs to be shared only on a need to know basis, ensuring that there is no leakage of the information. Exposure of the personal data can cause severe harm for all the policyholders and well as reputational damages.

Hence the Insurance Regulatory and Development Authority of India (IRDAI) formulated a unique framework for information and cyber security for insurers and an in-built governance mechanism for regulated entities to address all the security issues from time to time.

Key Objectives of the IRDA Cybersecurity framework

  • To ensure that a Board approved Information and Cyber Security policy is in place with all insurers.

  • To ensure that necessary implementation procedures are laid down by insurers for Information and Cyber Security related issues.

  • To ensure that insurers are adequately prepared to mitigate Information and cyber security related risks.

  • To ensure that an in-built governance mechanism is in place for effective implementation of the Information and cyber security framework (Cyber Crisis Management Plan).


The guidelines are applicable to all insurers regulated by IRDA and to all data created, received or maintained by insurers wherever these data records are and whatever form they are in, in the course of carrying out their designated duties and functions.

For more details, read the following document :

https://www.aicofindia.com/AICEng/General_Documents/Notices And Tenders/IRDAI-GUIDELINES.pdf

The guidelines mandate that the Insurers’ Risk Management Committee should be responsible for an annual comprehensive assurance audit, including conducting of Vulnerability Assessment & Penetration Test (VAPT) and should report the findings to IRDA.

As a CERT-IN empanelled body, QRC will help you understand, manage, and comply with IRDA’s Cyber Security requirements as published in the IRDA’s guidelines on information and cyber security for insurers.

Audit Approach

The IRDA Cybersecurity Audit is conducted as an in-depth technical assessment, including the audit of the information security process and applicability of cyber security controls in the following sub-groups comprising of experts drawn from insurance companies were formed for arriving at a comprehensive framework for information and cyber security :

IRDA Cybersecurity

Business Understanding

Evaluating business process and environment to understand the in-scope elements

IRDA Cybersecurity

Scope Finalization

Finalize the scope elements and prepare the requirement documentation

IRDA Cybersecurity

Readiness Assessment

Identify the potential challenges that might arise during requirement implementation

IRDA Cybersecurity

Risk Assessment

Identifying and analysing the risks in the information security posture.

IRDA Cybersecurity

Data Flow Assessment

Conducting thorough systems analysis to evaluate data flow and possible leakages

IRDA Cybersecurity

Documentation Support

Assist you with list of policy and procedure to help you in validation or evidence collection

IRDA Cybersecurity

Remediation Support

Support you by recommending solutions to compliance challenges

IRDA Cybersecurity

Awareness Training

Conduct awareness sessions for your Team and personnel involved in the scope

IRDA Cybersecurity

Scans And Testing

Identify critical vulnerabilities in your system with a robust testing approach

IRDA Cybersecurity

Evidence Review

Review of the evidence collected to assess their maturity, in line with the compliance

IRDA Cybersecurity

Final Assessment and Attestation

Post successful assessment, we get you attested for compliance with our audit team

IRDA Cybersecurity

Continuous Compliance Support

Support you in maintaining compliance by providing guidelines

Related Updates




LinkedIn Facebook Twitter Youtube

We use cookies to enhance your user experience. By continuing to browse, you hereby agree to the use of cookies. To know more; visit our Privacy Policy & Cookies Policy.

X