Page 47 - Insurance Times Janaury 2021
P. 47

Circular







                                                                 IRDAI Circular















         Filing of Half-Yearly PoSP Returns in IIB Information and Cyber Security for

         Portal                                               Insurers dated 07.04.2017

         IRDA/INT/CIR/PSP/307/2020                            IRDA/IT/CIR/MISC/301/12/2020
                                             Date:30-12-2020                                     Date:30-12-2020

         1. This has reference to guidelines issued by the Authority  IRDAI vide its Ref. No: IRDA/IT/GDL/MISC/ 082/04/2017
             on Point of Sales Person (POS) vide its Circular Nos. IRDA/  dated 07-4-2017 had issued Information and Cyber Security
             Int/GDL/ORD/183/10/2015  dt. 26.10.2016, IRDA/LIFE/  Guidelines containing comprehensive cyber security
             GDL/GLD/222/11/2016 dt. 07.11.2016 No. IRDAI/INT/  framework for Insurance sector for the purpose of
             CIR/PSP/130/06/2017  dt. 05.06.2017 and No. IRDAI/  implementing appropriate mechanism to mitigate cyber risks
             LIFE/CIR/MISC/215/12/2019 DT.02.12.2019 wherein the
             sponsoring entities have been advised to submit data  Based on the review of the compliance process for cyber
             pertaining to Point of Sales to the Authority.   security by insurers and their subsequent feedback, the

         2. In order to streamline the process of the submission and  following sections of guidelines are amended as below.
             generate MIS reports a provision has been made at
             https://pos.iib.gov.in   portal to upload the half yearly  14. PLATFORM/INFRASTRUCTURE SECURITY.
             data.                                            As per the action point 14.1 of the Guidelines, the
                                                              Vulnerability Assessment and Penetration Testing (VAPT) on
         3. Insurers and insurance intermediaries are therefore
                                                              the entire ICT infrastructure should be conducted by the
             advised to upload the Half yearly data on POS portal
                                                              insurers on a periodic basis. Also, VA & PT has to be
             commencing from the financial year 2020-21.  The half
             yearly data upto September shall be uploaded by  conducted on the software applications whenever there are
                                                              changes in the configurations / applications.
             31.01.2021 and the data upto 31.03.2021  by
             30.04.2021. In future the half yearly data upto 30/09
                                                              In order to streamline the security assessment process, the
             shall be uploaded on or before 30/10 and data upto 31/
                                                              following sub sections are added to Section 14.
             3 by 30/4.
                                                              14.3 Procedure for conducting VA&PT
         (Randip Singh Jagpal)
                                                              (a) VA&PT of the entire ICT infrastructure components
         Chief General Manager
                                                                 should be conducted annually in every financial year.
         Amendments to the Guidelines on                      (b) Every VA&PT shall have two test cycles one at the


                                                                        The Insurance Times, January 2021 47
   42   43   44   45   46   47   48   49   50   51   52