Cyber security in financial sector has gained importance, more so with the advent of technological innovations. In this connection, IRDAI has planned to come out with a comprehensive Information and cyber security framework for Insurance sector covering various aspects for designing a suitable information & cyber security policy by the regulated entities, establishment of appropriate Governance structure for implementation of Information & Cyber Security policy and audit mechanism to mitigate cyber risks.
In view of the above, IRDAI vide its Circular (ref. no: IRDA/IT/CIR/MISC/216/10/2016) dated 31st Oct 2016 formed a working group of CIOs for ‘Formulating a comprehensive framework for Information and cyber security for insurance sector’ which in turn formed the following three sub-groups to work on various issues related to Information and Cyber Security
a. Group-1 All four layers of security (Data, Applications, Operating systems and Network layers)
b. Group-2 (Security Audit)
c. Group-3 (Legal aspects on Cyber Security)
The sub-groups met on various dates, held several rounds of discussions and has come out with draft frame work along with a tentative audit-checklist. The frame work has been prepared based on various Industry standards in Information & Cyber Security and the best practices followed by the insurers.
All stakeholders are requested to go through the attached exposure draft (Annex-I) and provide their feedbacks/ Comments in the attached format so as to reach us by 15th March, 2017 by e-mail to Shri.Mahesh Agarwal, DGM-IT at maheshagarwal [at] irda[dot] gov[dot] in [under copy to it [at] irda [dot] gov [dot] in].
Chief General Manager (IT)