What is a Insurance Self-Networking Platform (ISNP) audit?

The Insurance Regulatory and Development Authority of India (IRDA) had issued guidelines IRDA/ INT/ GDU ECM/ 055/03/2017 relating to insurance e-commerce on 9th March 2017. The main objective of these guidelines is to set standardize rules for conducting insurance e-commerce activities.

As per these regulations, anyone willing to sell insurance online is required to set-up a digital platform is known as Insurance Self-Network Platform (ISNP) and follows all the regulations specified for its Insurance Self-Network Platform refers to an electronic platform set up with a view to conducting insurance e-commerce activity. Such platforms can only operate after getting permission from IRDA.

Applicability

  1. These guidelines need to comply with by existing ISNP’s Insurer and Insurance Intermediaries who already set-up their own ISNP’s or insurance portals for selling and service insurance product. They are required to comply with these guidelines.
  2. The review of operation of the ISNP and the controls, system, procedure, and safeguards put in place by the ISNP, shall be carried out, at least once a year, by an external Certified Information System Auditor (CISA).
  3. The Applicant shall place the report of the CISA Auditor and the information security management system of ISNP before the Board or its sub-committee for their observation.

Objective

  1. To Implement Internal Monitoring Controls for Data Processing Systems.
  2. Board approved annual security review of the controls, systems, procedures, and safeguards by a CERT-IN empanelled security auditor.
  3. To ensure compliance to ISO/IEC 27001 – Information Security Management System.
  4. To ensure reporting of any adverse findings that impact policy holders with the IRDA.

Approach

Our approach has been covered in  4 phases as mentioned below 

Phase 1: Audit Planning
Planning and preparation of the audit scope and objectives. 

Phase 2: Risk Assessment and Business Process Analysis 
Assessment, measuring, managing, and controlling IT-related risks, thus enhancing the reliability of processes and the entire information system. 

Phase 3: Audit Performance (Compliance and System Review)
Assessment of controls over critical system platforms, network and physical components, IT infrastructure supporting relevant business processes.

Phase 4: Reporting
Report audit findings, conclusions, and recommendations of the audit in terms of conformance, non-conformance, and opportunities to improve. 

      Why CyberSRC®?

      1. We are team of qualified professionals with rich experience of multiple industries such as Manufacturing, BFSI, Insurance, Healthcare, NBFCs & others. Our consultants are industry experts and have proven track records, some of the renowned certificates that our consultants hold such as CISA, CISSP, COBIT, CEH, CCNA, OSCP, ISO 9001 LA/LI, ISO 27001, ITIL LA/LI, PMP, to name a few. 
      2. We believe in adding value to your business which is enabled through our Centre of Excellence (Coe) and, we have end-to-end capability for Program Build – Operations – Transformation. We can jump start and execute projects in Managed Services mode globally and flexible delivery models. 
      3. Our Vision is to be one of the World’s most trusted advisory & solution provider for Cyber Security, Data Protection an Assurance practices.