Regarding the use of out-of-date Operating System (OS) and IT Equipments
1. Attention is invited to para 14 of Guidelines on Information and Cyber Security for Insurers dated 07.04.2017 on “Platform / Infrastructure Security” requiring organizations to configure IT infrastructure including servers, applications, network and security devices to ensure security, reliability and stability.
2. As observed by MeitY vide D.O.No. 7(1)/2022-CSD dated 18.10.2022 (enclosed) that with increased digitization and online governance, cyber security has become integral and important part of the Governance. The hackers/crackers exploit weakness such as ignorance or non-adherence to security procedures, flaws in processes or vulnerabilities in technology (both hardware and software). Further, the use of out-of-date operating systems and IT equipment must be discontinued as it makes the IT system susceptible to cyber attacks
3. In the light of the above, you are advised to put in place a Board approved policy on the scrapping / disposal of out of date OS and IT Equipments.
Also Read: Implementation of Information and Cyber Security Guidelines
Read More on IRDAI