Money & Banking

IRDAI asks insurers to run ICT security audit on priority basis

G Naga Sridhar Hyderabad | Updated on January 08, 2018 Published on October 18, 2017

The Insurance Regulatory and Development Authority of India (IRDAI) has directed insurers to conduct security audit of their Information and Communication Technology (ICT) infrastructure.

The insurers should take `immediate steps’ for conducting the audit of their systems including Vulnerability Assessment and Penetration Tests (VAPT) through Cert-in empanelled Auditors, identify the gaps and ensure that audit findings are rectified swiftly,’’ it said in a communication.

They should also firm-up their Cyber Crisis Management Plan (CCMP) for handling Cyber incidents more effectively, the regulator said.

The directive on Cyber security audit has come in the wake of some deficiencies. ``Many of the insurers still have not finalised their gap analysis report, Cyber crisis management plan and board approved information and Cyber security policy,’’ it observed.

Stating that ensuring fool-proof ICT infrastructure was of `paramount’ importance it cautioned that any vulnerabilities to ICT might result in compromise on confidentiality of policyholder related information and exposure to sensitive information of the insurance sector and the financial markets in general.

``This would have serious repercussions not only for the Insurance sector but for the financial system of the country as a whole,’’ it added.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on October 18, 2017
This article is closed for comments.
Please Email the Editor