Page 54 - Life Insurance Today July - December 2020
P. 54

14.4 Closure of VA&PT gaps                           The following Sub-section is newly added to Section23:
         (a) Closure of identified gaps in critical applications should  23.7 Procedure for closure of audit gaps
             be completed within one month. This includes     (a) Closure of reported audit gaps shoulddepend on the
             confirmatory testing to ensure that the identified gaps  severity of the gaps and their impact on the overall
             have been successfully closed.                       service delivery, security, ensuring confidentiality of PII
         (b) Similarly, closure of identified gaps in other remaining  data, scope/coverage of implementation etc.
             applications should be completed within two months.
                                                              (b) Insurers should evaluate on the merits of issues based
             Confirmatory testing should also be done to ensure   on the complexity of gaps and identify closure timelines
             closure of such identified gaps.                     as soon as possible, commit the same as a part of audit

         (c) For closure of identified gaps in all internet facing  summary to be submitted to IRDAI.
             applications and Infrastructure components, External
                                                              (c) The major deficiencies/aberrations noticed during audit
             Black Box Penetration Testing should be done within
                                                                  should be highlighted in a special note and given
             one month, followed by confirmatory testing to ensure
                                                                  immediately to the Information Security
             closure of such identified gaps.
                                                                  Committee(ISC) and IT Department. Minor
         (d) Closure of identified gaps in the entire ICT infrastructure  irregularities pointed out by the auditors are to be
             components during internal vulnerability scan should be  rectified immediately.
             done immediately and without any loss of time.   (d) Timelines for closure of audit gaps based on risk/impact
         (e) Insurers should classify the VA&PT gaps based on their  of the reported gaps including the controls
             risk assessment, Priority should be given to the high risk  implemented in the interim to reduce the level of risk
             issues. In case any high risk issue is not resolved within  exposure will be put-up to Risk Management
             the prescribed timeline. The matter should be reported  Committee of the Board through Information Security
             to the Risk Management Committee of the Board for    Committee (ISC).
             deliberation and guidance.                       (e) The outer time limit for closure of audit gaps is two
         23. Information System Audit                             months. However, priority for closure of gaps should be
         Section 23.3 Frequency of Conducting Assurance Audit is  decided based on risks associated with each gap.
         amended as follows                                   (f) Insurer should submit the closure report to IRDAI on

         Assurance Audit shall be carried out annually for every  the identified audit gaps within two months of
         financial yearthrough a qualified external systems Auditor  completion of Annual Assurance Audit.
         holding certifications like CISA/ DISA/Cert-in empanelled  (g) Insurer need not wait completion of assurance audit to
         Auditors. Insurers shall indicate the specific quarter of the  close the audit gaps. As soon as any gap is noticed
         FY in which they would commence and complete their       during the course of the audit, effort should be made
         annual comprehensive assurance audit. Once the quarter   to close the gaps.
         is decided, the annual cyber security audit should be
         conducted during that quarter in every financial year.  Member(Life)



                                   SBI Life Insurance net profit up 5%
           SBI Life Insurance reported a 5.1 per cent jump in net profit at Rs. 390.89 crore in the first quarter of FY21 against
           Rs. 371.90 crore a year ago. Its net premium income increased by 14 per cent in the quarter ended June 30 to Rs.
           7,588.09 crore when compared to Rs. 6,655.02 crore in the same period a year ago. "Increase in gross written
           premium by 14 per cent to Rs. 7,640 crore in the first quarter of the fiscal was mainly due to strong growth in
           renewal premium by 30 per cent to Rs. 4,580 crore in the first quarter of the fiscal," it said in a statement.
           It also noted that it has achieved market leadership in total new business premium at Rs. 3,060 crore, with 23.9 per
           cent private market share in the first quarter of the fiscal. The value of new business decreased by 29 per cent to Rs.
           240 crore in the April to June quarter 2020. Its 13th month persistency stood at 81.55 per cent in the first quarter
           this fiscal when compared to 84.46 per cent a year ago. The solvency ratio as on June 30 was at 2.39 against the
           regulatory requirement of 1.50.


         54                                        July - December 2020                       Life Insurance Today
   49   50   51   52   53   54   55   56   57   58   59