The Insurance Regulatory and Development Authority of India (IRDAI) has formed a 14 member committee to review its information and cyber security guidelines. The committee is headed by Prof Janakiram, chairman of Institute for Development and Research in Banking Technology (IDRBT). A R Nithiyanantham, CGM-IT, IRDAI will be a member convenor of the working group.
- IRDAI issued cyber security guidelines in April 2017
Purpose: To address the cyber attacks in the financial sector and to have a structured reporting to analyse the issue at industry level.
Need: The cyber attacks across the world have increased, especially in the financial sector due to the economic situation caused by the COVID-19 pandemic.
Note: The committee is required to submit its report in 2 months.
What are the Guidelines on cyber security in April 2017?
i.Among others it mandate:
- Information Security Committee (ISC),
- Board-approved information and cyber security policy,
- Appointment of Chief Information Security Officer(CISO)
- Cyber Crisis Management Plan(CCMP)
ii.In addition to this, the guidelines also mandate that the risk management committee of insurers must be responsible for an annual comprehensive assurance audit.
iii.This includes conducting of Vulnerability Assessment & Penetration Test (VA&PT) and the findings should be reported to the authority.
Review to be made by the Committee
Among others, the following are the review to be made by the committee:
i.If there is a need to extend the applicability of guidelines for insurers to other entities which are regulated by IRDAI, with or without modification.
ii.How to apply these guidelines to entities which access insurers’ IT system
iii.How to find out if the minimum security standards are followed by the accessors of the insurers’ IT systems, though they are not regulated by IRDAI
iv.If there is a need to update the guidelines to cover cyber security issues of fintech solutions, mobile-based applications, work from remote locations and cloud sourcing, among others.
v.To address basic needs for Critical Information Infrastructure(CIIs) to sync with National Security Council of India(NCSI) Guidelines.
vi.To address the applicability of Guidelines for Foreign Reinsurance Branches(FRBs) that have interfaces with overseas parent companies and other Global reinsurers.
vii.To prepare a Comprehensive audit checklist and certification model.
Recent Related News:
On October 19, 2020 In an effort to set up Data Culture through Data Democratizationin the Indian securities market, The Securities and Exchange Board of India (SEBI) has constituted a Market Data Advisory Committee(MDAC), Standing Committee. The committee is headed by Madhabi Puri Buch.
About Insurance Regulatory and Development Authority of India (IRDAI):
Chairman – Subhash Chandra(C.) Khuntia
Headquarters – Hyderabad, Telangana