All regulated entities are directed to scrupulously follow the provisions regarding reporting of incident to IRDAI and Cert-In. Further, the regulated entities are required to submit available details of `Cyber Security Incident’ to the regulator in an enclosed format within 24 hrs of intimation of the incident, said the IRDAI
Hyderabad:
Pointing out negligence by the industry players in complying with the existing norms on the management of `Cyber Security Incident’, the IRDAI has asked the regulated players to strictly implement the existing rules saying, “Organization has to mandatorily report cyber incidents to Cert-In within six hours of noticing or being brought to notice about such incidents with a copy to IRDAI and other concerned regulators/authorities.
Though, there are laid down norms on “Incident and Problem Management’ in IRDAI Information and Cyber Security Guidelines,’ it is observed that the regulatory entities are not adhering to the above mentioned timelines and also not keeping the IRDAI in loop in their communications to CertIn,” said IRDAI on Wednesday.
All regulated entities are directed to scrupulously follow the provisions regarding reporting of incident to IRDAI and Cert-In. Further, the regulated entities are required to
submit available details of `Cyber Security Incident’ to the regulator in an enclosed format within 24 hrs of intimation of the incident, said the IRDAI.
Further, the details in the reporting format needs to be updated with flow of information from the forensic analysis as and when obtained and submitted to the IRDAI as subsequent version(s) within 24 hrs of such information being made available, said the IRDAI.