Insurance Self-Networking Platform (ISNP) Audit

Get in touch

Trusted By

What is a Insurance Self-Networking Platform (ISNP) audit?

The Insurance Regulatory and Development Authority of India (IRDA) had issued guidelines IRDA/ INT/ GDU ECM/ 055/03/2017 relating to insurance e-commerce on 9th March 2017. The main objective of these guidelines is to set standardize rules for conducting insurance e-commerce activities.

As per these regulations, anyone willing to sell insurance online is required to set-up a digital platform is known as Insurance Self-Network Platform (ISNP) and follows all the regulations specified for its Insurance Self-Network Platform refers to an electronic platform set up with a view to conducting insurance e-commerce activity. Such platforms can only operate after getting permission from IRDA.

Applicability

01
These guidelines need to comply with by existing ISNP’s Insurer and Insurance Intermediaries who already set-up their own ISNP’s or insurance portals for selling and service insurance product. They are required to comply with these guidelines.
02
The review of operation of the ISNP and the controls, system, procedure, and safeguards put in place by the ISNP, shall be carried out, at least once a year, by an external Certified Information System Auditor (CISA).
03
The Applicant shall place the report of the CISA Auditor and the information security management system of ISNP before the Board or its sub-committee for their observation.

Objective

01
To Implement Internal Monitoring Controls for Data Processing Systems.

Collect data for specific, explicit purposes. Avoid using it in ways that aren't aligned with the original intent.

02
Board approved annual security review of the controls, systems, procedures, and safeguards by a third party security auditor.

Only gather the data absolutely necessary. Excess or irrelevant data should not be collected.

03
To ensure compliance to ISO/IEC 27001 – Information Security Management System.

Maintain data that's up-to-date and correct. Regularly review and rectify any inaccuracies.

04
To ensure reporting of any adverse findings that impact policy holders with the IRDA.

Retain data only for the required duration. Delete it once it's no longer necessary for its initial purpose.

Approach

Our approach has been covered in  4 phases as mentioned below

Phase 1: Audit Planning Planning and preparation of the audit scope and objectives.
Phase 2: Risk Assessment and Business Process Analysis
Assessment, measuring, managing, and controlling IT-related risks, thus enhancing the reliability of processes and the entire information system. 
Phase 3: Audit Performance (Compliance and System Review Assessment of controls over critical system platforms, network and physical components, IT infrastructure supporting relevant business processes.
Phase 4: Reporting
Report audit findings, conclusions, and recommendations of the audit in terms of conformance, non-conformance, and opportunities to improve. 

Featured On

Secure. Protect. Prevent. All in One Security Solution!
Request for service
Contact Us →