Cyber security in the financial sector has gained importance, more so with the advent of technological innovations. In this connection, IRDAI has planned to come out with a comprehensive Information and cyber security framework for Insurance sector covering various aspects for designing a suitable information & cyber security policy by the regulated entities, establishment of appropriate Governance structure for implementation of Information & Cyber Security policy and audit mechanism to mitigate cyber risks.
In view of the above, IRDAI vide its Circular (ref. no: IRDA/IT/CIR/ MISC/ 216/10/ 2016) dated 31st Oct 2016 formed a working group of CIOs for ‘Formulating a comprehensive framework for Information and cyber security for insurance sector’ which in turn formed the following three sub-groups to work on various issues related to Information and Cyber Security
1. Group-1: All four layers of security (Data, Applications, Operating systems and Network layers)
2. Group-2: (Security Audit)
3. Group-3: (Legal aspects on Cyber Security)
The sub-groups met on various dates, held several rounds of discussions and came out with a draft framework along with a tentative audit-checklist. The framework has been prepared based on various Industry standards in Information & Cyber Security and the best practices followed by the insurers.
All stakeholders are requested to go through the attached exposure draft (Annex-I) and provide their feedback/ Comments in the format by e-mail to Shri. Mahesh Agarwal, DGM-IT at mahesh agarwal[at] irda[dot]gov[dot] in [under copy to it [at] irda [dot] gov [dot] in].
