Implementation of Information and Cyber Security Guidelines
Implementation of Information and Cyber Security Guidelines – Reg.
1. Reference is invited to Circular ref: IRDAI/GA&HR/GDL/MISC/184/09/2022 Dt.02.09.2022 extending applicability of Guidelines IRDA/IT/GDL/MISC/082/04/2017 Dt. 07/04/2017 on “Information and Cyber Security” to Insurance intermediaries covering Brokers, Corporate Agents, Web Aggregators, Corporate Surveyors, Insurance Self Networking Platform (ISNP) and Insurance Repositories.
2. Due to the recent Cyber-attacks, IRDAI has revised the the Audit Checklist (Anx – 1) to cover various areas to contain such attacks. In preparing the Industry to be compliant with Cyber Security standards, the following directions are issued to implement the revised IRDAI Cyber Security Guidelines.
Timelines for implementation
1 | Appointment of Chief Information Security Officer (CISO) responsible for enforcing the Cyber Security Policies. | 31st Dec, 2022 |
2 | Preparation of GAP Analysis Report as per Checklist | 31st Dec, 2022 |
3 | Formulation of Cyber Crisis Management Plan | 15th Jan, 2023 |
4 | Preparing Information and Cyber Security Policy, to be approved by Board of the Intermediary. | 31st Jan, 2023 |
5 | Completion of Cyber Security Assurance Audit | 28th Feb, 2023 |
6 | Cyber Security Assurance Program (to close Gaps) as per Cyber Security Assurance Audit | 31st Mar, 2023 |
3. The intermediaries referred in Para 1 shall adhere to the above timelines and file the Audit Report on or before 31st March, 2023.
Read More on IRDAI