ISNP Security Audit

ISNP Security Audit

ISNP stands for Insurance Self Network Platform, meant to be an electronic platform set up by any applicant with the permission of the authority.

The Insurance Regulatory and Development Authority of India (IRDA) had issued guidelines for insurance e-commerce to standardize rules for conducting insurance e-commerce activities. As per the new guidelines, any Insurance Agency that is looking to setup an Electronic Platform, they must comply with the following requirements as defined by the guidelines IRDA/ INT/ GDU ECM/ 055/03/2017

The guidelines were put forth to standardize the ecommerce rules of the online insurance business. As per the regulations, anyone willing to sell insurance online is required to set-up an ISNP and follow all the regulations specified for it by IRDA with a view to conducting insurance e-commerce activity. ISNP can be set up in any of the following forms:

  • Website (desktop or mobile version)
  • Mobile application
  • Both

Insurance Companies, Aggregators and intermediaries must be in compliance with Insurance Self Service Network Platform ISNP guidelines as per IRDA of India. The key objectives of having an ISPN audit is as follows:

  • Implementation of Internal Monitoring Controls for Data Processing Systems
  • Board approved annual security review of the controls, systems, procedures and safeguards by CISA or DISA auditor or CERT-IN
  • Compliance to ISO/IEC 27001 – Information Security Management System
  • Reporting of any adverse findings that impact policyholders with the IRDA

As a CERT-IN empaneled body, QRC is authorized to help you understand, manage and comply with IRDA’s Cyber Security requirements as published in the IRDA’s Guidelines on Insurance E-Commerce on a periodic basis.

The ISNP Audit is conducted as an in-depth technical assessment, including the audit of the information security process and applicability of cyber security controls. It should include checking all norms of technical requirements as per IRDA and through evidence gathering.

Our approach for assessment is as follows:

Information Gathering & Documentation Review

QRC will share a detailed questionnaire, along with other documentation, to aid in the scope definition, planning and preparation of the audit and objectives. Evidence is collected on the architecture, implementation and controls to understand data flow in your organization.

Audit Process

Post scope definition as per the IRDA guidelines, and initial engagement, we will conduct an initial audit for understanding the infra of the organization and help our clients in identifying evidence for all the audit points. The assessment aims at measuring, managing and controlling the IT related risks to enhance the reliability of processes and the critical system platforms, networks and physical components related to business processes.


As per the assessment, and the identification of the payment data, QRC will provide remediation support for complying with the IRDA guidelines.

Report & Confirmation Letter

Post assessment and remediation, we will review your evidence on the closure of the Action phase as identified during the audit. On successful closure, we will share the certificate and exclusive report stating successful checking of all norms of requirements as per IRDA.

QRC significantly reduces efforts for organization in complying with the IRDA Insurance Self-Networking Platform Audit by helping them with a well-documented approach. The methodology helps in:

  • Improving IT governance by reducing risks, improving security, complying with IRDA regulations and facilitating communication between technology and business management
  • Standardizing the information systems of the business and strengthening business efficiency and system and process controls.
  • Establishing strong security governance and help improve their cybersecurity posture, showcasing their security competence
  • Improve customer trust and management of the information & developing systems of the business.
  • Audits conducted by a CERT-IN empaneled auditor, allows our clients to be proactive in identifying vulnerabilities in their IT infrastructure, and validating the effectiveness of their current security safeguards.
  • Security of the organization can be improved by getting valuable suggestions and feedback from the experienced QRC team.

Get Free Consultation