ISNP Audits

Insurance Self Network Platform

In today’s age of digitalization, e-commerce is gaining the fancy of customers as well as sellers. Even in the insurance industry, the registered player is exploring the online platforms to sell their products. Insurance Self Network Platform (ISNP) refers to an electronic platform setup with a view to conducting insurance e-commerce activity. Such a platform can only operate after getting a permission from Insurance Regulatory and Development Authority of India (IRDA).

Insurance e-commerce guidelines clearly state that only a person registered or recognized by the Insurance Regulatory and Development Authority of India (IRDA) can apply for ISNP registration. For setting up an Insurance Self-Network Platform to carry on insurance e-commerce activities prior permission from the authorities is required.ISNP can be set up in any of the following forms:

  • Website (desktop or mobile version)
  • Mobile application
  • Both
Image

ISNP Audit Requirements

The main objective of these guidelines is to set standardized rules for conducting insurance e-commerce activities. As per these regulations, anyone willing to sell insurance online is required to set-up a digital platform known as Insurance Self-Network Platform (ISNP) and follows all the regulations specified for it. The scope of such external audit of the ISNP shall be as prescribed by the Authority from time to time.

Existing ISNP’s Insurer and Insurance Intermediaries who already set-up their own ISNP’s or insurance portals for selling and service insurance products. They should also comply with these guidelines and they can provide the Assurance to IRDA by implementation of ISO Standard (like ISO 27001:2013) or by conducting an independent review of their organization by Experienced CISA Qualified Auditor. Independent Audits often provide information that helps organizations manage risk, confirm efficient allocation of IT-related resources, and achieve other IT and business objectives.

Why ISNP Audits are important?

Any Insurance Agency that is looking to setup an Electronic Platform, they must comply with the following requirements as defined by the IRDA:

  • Implementation of Internal Monitoring Controls for Data Processing Systems
  • Board approved annual security review of the controls, systems, procedures and safeguards by CISA or DISA or CERT-In expert a CERT-IN empaneled security auditor
  • Compliance to ISO/IEC 27001 – Information Security Management System
  • Reporting of any adverse findings that impact policyholders with the IRDA

The Applicant shall place the report of the CISA or DISA or CERT-In expert and the Information Security Management System (ISMS) of ISNP before the Board or its sub-committee for their observation.

What is SecurWires Offering?

SecurWires is vendor-neutral; we do not resell any software or hardware and will always recommend the best solution for the organization. Our professionals provide industry-leading expertise to help organizations meet their evolving Data Security and Privacy needs. With Certified Information System Auditor (CISA) on-board, SecurWires is authorised to help you understand, manage and comply with IRDA’s Cyber Security requirements as published in the IRDA’s Guidelines on insurance e-Commerce.

Talk to expert Consultation

Copyright @SecurWires. Designed & Developer By MindScript