One more avenue for qualified CISA (Certified Information System Auditors)-Mandatory IS Audit for Insurance Companies

In the wake of recent cyber attacks on the financial sector, the Hyderabad-based Insurance Regulatory Authority of India has issued a comprehensive cyber security framework offering guidance for insurers.
A detailed control check list for the effective implementation of these guidelines is also been issued.
These guidelines are applicable to all insurers. In case of intermediaries and other regulated entries with whom the policyholder information is being shared, it would be the responsibility of insurers to ensure that adequate mechanisms are put in place to ensure that the issues related to information and cyber security are addressed.
Insurers who have not completed three years from the date of commencement of business are exempted from the requirement of a full-time person appointed as Chief Information Security Officer (CISO). However, the CISO responsibility may be taken care by any of the functionaries reporting to Board. All other requirements stipulated in the guidelines document shall be applicable to these insurers.
IRDAI also mandates information system audit for all the insurance company with following details:
Continue reading One more avenue for qualified CISA (Certified Information System Auditors)-Mandatory IS Audit for Insurance Companies

Share