Home    About Us    Services    Resources    Careers    Contact Us

IRDA - ISNP Audit
Insurance Self Network Platform (ISNP) refers to an electronic platform setup with a view to conducting insurance e-commerce activity. Such platform can only operate after getting a permission from Insurance Regulatory and Development Authority of India (IRDA)

Insurance Self Network Platform (ISNP) refers to an electronic platform setup with a view to conducting insurance e-commerce activity. In today’s age of digitalization, e-commerce is the gaining the fancy of customers as well as sellers. Even in the insurance industry, the registered player is exploring the online platforms to sell their products. In light of that, Insurance Regulatory and Development Authority of India (IRDA) had issued guidelines relating to insurance e-commerce on 9 Mar 2017.

The main objective of these guidelines is to set standardize rules for conducting insurance e-commerce activities. As per these regulations, anyone willing to sell insurance online is required to set-up a digital platform known as Insurance Self-Network Platform (ISNP) and follows all the regulations specified for it.


What is ISNP?

Insurance Self-Network Platform (ISNP) refers to an electronic platform set up with a view to conducting insurance e-commerce activity. Such platforms can only operate after getting permission from IRDA.


ISNP can be set up in any of the following forms:


    > Website (desktop or mobile version)
    > Mobile application
    > Both

Organizations may have the misconception that these insurance e-commerce guidelines will pave the way for e-commerce companies like Amazon and Flipkart. But that is not the case, as per the definition provided in these, insurance e-commerce guidelines clearly state that only a person registered or recognized by the Insurance Regulatory and Development Authority of India (IRDA) can apply for ISNP registration.


For setting up an Insurance Self-Network Platform to carry on insurance e-commerce activities prior permission from the authorities is required.



How to Comply?

Existing ISNP’s Insurer and Insurance Intermediaries who already set-up their own ISNP’s or insurance portals for selling and service insurance product. They should also comply with these guidelines.


The review of operation of the ISNP and the controls, system, procedure and safeguards put in place by the ISNP, shall be carried out, at least once a year, by an external Certified Information System Auditor (CISA), DISA or CERT-IN.


The scope of such external audit of the ISNP shall be as prescribed by the Authority from time to time.


Any Insurance Agency that is looking to setup an Electronic Platform, they must comply with the following requirements as defined by the IRDA:


    > Implementation of Internal Monitoring Controls for Data Processing Systems
    > Board approved annual security review of the controls, systems, procedures and safeguards by CISA or DISA    or CERT-In expert a CERT-IN empaneled security auditor.
    > Compliance to ISO/IEC 27001 – Information Security Management System
    > Reporting of any adverse findings that impact policy holders with the IRDA

The Applicant shall place the report of the CISA or DISA or CERT-In expert and the Information Security Management System (ISMS) of ISNP before the Board or its sub-committee for their observation.




Why SecurWires?

SecurWires Technologies and Services LLP is a PCI SSC Authorized Qualified Security Assessor (QSA) Company, CIS SecureSuite Member Company and a Member of Data Security Council of India (DSCI)

SecurWires is a pure-play Cyber Security and Information Security Company which is dedicated to help businesses run Cyber Security and Information Security Programs more effectively. With Certified Information System Auditor (CISA) on-board, SecurWires is authorised to help you understand, manage and comply with IRDA’s Cyber Security requirements as published in the IRDA’s Guidelines on insurance e-Commerce published on the 9 Mar 2017.


SecurWires is vendor neutral; we do not resell any software or hardware and will always recommend the best solution for the organization. Our professionals provide industry-leading expertise to help organizations meet their evolving Data Security and Privacy needs.




Talk to our experts to know more about our Data Security and Privacy offerings

Speak to our Security Expert






  Offline: Leave Message