Knowledge Center / IRDAI Cyber Security
IRDAI · India

IRDAI Information & Cyber Security

Information and cyber security guidelines for insurers and intermediaries.

IRDAI’s information and cyber security guidelines direct insurers and insurance intermediaries to implement a structured information-security programme with board oversight, defined controls and independent assurance.

Who must comply

  • Life, general and health insurers and reinsurers.
  • Insurance intermediaries (brokers, corporate agents, web aggregators, TPAs) per applicability.

Key requirements

AreaRequirement
GovernanceBoard-approved information & cyber security policy; a CISO; an information security committee
Risk managementRisk assessment, asset classification and treatment
ControlsAccess control, encryption, network and application security, data protection
AssuranceVAPT and a periodic information-security audit
ResilienceIncident response, reporting and business continuity

Implementation roadmap

  1. Establish governance, policy and a CISO function.
  2. Perform a gap assessment against IRDAI expectations.
  3. Implement controls, VAPT and monitoring.
  4. Undergo the periodic information-security assurance audit.
  5. Report and remediate; maintain continuity arrangements.

Evidence checklist

  • Board-approved information & cyber security policy and CISO appointment.
  • Risk assessment and asset classification.
  • Control-implementation evidence and VAPT reports.
  • Periodic information-security audit report.
  • Incident-response and business-continuity records.
How CyberSigma helps
We run the IRDAI gap assessment, VAPT and periodic information-security audit, and help stand up governance, a CISO function and the required controls — as a CERT-In empanelled auditor.

Frequently asked questions

Does IRDAI require a cyber security audit?
Yes — insurers and intermediaries are expected to undergo periodic information/cyber security audits as part of the assurance requirements.

Need help with IRDAI Cyber Security?

CERT-In empanelled, PCI QSA senior auditors can take you from reading about it to compliant — with a scoped, guided programme.