Ref No: IRDAI/GA&HR/GDL/MISC/88/04/2023
24th Apr, 2023
To,
All Insurers, Insurance Intermediaries and IIB,
SUB: IRDAI Information and Cyber Security Guidelines, 2023.
- IRDAI vide Circular ref: IRDAI/IT/GDL/MISC/082/04/2017 dated 07th Apr, 2017 has issued guidelines on Information and Cyber Security for Insurers, which were later extended to all Insurance Intermediaries vide Circular ref: IRDA/GA&HR/GLD/MISC/184/09/2022 dated 02nd Sep, 2022.
- Considering the wide-spread adoption of digital technologies and the concurrent increase in cyber security incidents, the revised Guidelines are hereby issued in order to enable the insurance industry to strengthen their defenses as well as related governance mechanism to deal with such emerging cyber threats.
- The IRDAI Information and Cyber Security Guidelines, 2023 are attached as Annexure – A.
- All Insurers including FRBs, Insurance Intermediaries covering Brokers, Corporate Agents, Web Aggregators, TPAs, IMFs, Insurance Repositories, ISNP, Corporate Surveyors, MISPs, CSCs and Insurance Information Bureau of India (IIB) shall adhere to the said Guidelines. Those entities who have already completed security audit for FY 2022-23 shall ensure compliance with these guidelines from next financial year.
- The IRDAI Circular ref: IRDAI/IT/GDL/MISC/082/04/2017 dated 07th Apr, 2017, Circular ref: IRDA/IT/CIR/MISC/301/12/2020 dated 29th Dec, 2020, Circular ref: IRDA/GA&HR/GLD/MISC/184/09/2022 dated 02nd Sep, 2022 and Circular ref: IRDAI/GA&HR/GDL/MISC/211/10/2022 dated 11.10.2022 are superseded by these guidelines.
(P.S. Jagannatham)
Chief General Manager (Admin & HR)
IRDAI Cyber Security Guidelines 2023
Annexure - I Applicability of NIST Framework to All Regulated Entities
Annexure - II Classification of Insurance Intermediaries
Annexure - III Auditors Report [in .docx format]
