The IRDAI has published comprehensive Guidelines on Information and Cyber Security that are a detailed set of directives aimed at enhancing the cyber security posture of the insurance sector in India. These guidelines cover a broad spectrum of areas including governance, risk management, operational controls, and compliance

 As a CERT-In Empanelled Security Auditor, Security Brigade can help you address a wide range of these requirements.

Complying with IRDAI Guidelines on Information and Cyber Security

Across our portfolio of Cyber Security Consulting and Compliance Services from Security Brigade and our Award Winning Digital Risk Management Platform, ShadowMap – We can help you comply with a wide number of areas required in the IRDAI Guidelines on Information and Cyber Security

Governance and Organizational Framework

Governance and Organizational Framework: It emphasizes establishing robust governance structures, including the formation of various committees and roles like the Information Security Risk Management Committee (ISRMC), Chief Information Security Officer (CISO), and others.

Our expert team of Compliance Experts can help you build, review, audit and certify Governance Frameworks that meet the requirements defined by IRDAI. Learn more about our IRDAI Cyber Security Compliance Service.

Risk Management

The document provides detailed guidelines for managing cyber and information security risks, including risk assessment, treatment processes, and the establishment of risk management frameworks.

Security Brigade’s Cross-Functional Teams of CERT-In Empanelled Security Auditors can help carry out comprehensive Technical Assessments such as: Vulnerability Assessment, Penetration Testing, Web-Application Penetration Testing, Website Security Certification, etc. Furthermore our Compliance Experts can help you prepare the risk management frameworks and treatment processes as part of our IRDAI Cyber Security Compliance Service.

Security Policies and Controls

The guidelines include comprehensive security domain policies covering data classification, asset management, access control, human resource security, and operational security measures.

Our Compliance Experts can help you frame from scratch various information security policies required as part of our IRDAI Cyber Security Compliance Service. Furthermore, these policies and frameworks can often allow you to additionally comply with ISO 27001 and other standards as well without additional effort.

Compliance and Auditing

The guidelines mandate regular audits, compliance checks, and reporting protocols. The roles of internal and external auditors are elaborated upon, along with the process for conducting audits.

Our CERT-In Empanelled Security Auditors can play the role of experienced Third Party External Auditors to help you validate your security controls, processes and benchmark them against IRDAI’s Cyber Security Guidelines.

Incident Management and Response

Detailed procedures for incident management, including detection, response, and recovery processes, are outlined. This includes the establishment of incident response teams and protocols for managing different types of cyber incidents.

Our ShadowMap platform and its Threat Intelligence Module allows you to have real-time visibility on attack trends, industry attack vectors, active threat actors, etc. More over our Vulnerability and Threat platform helps raise alerts for active misconfigurations, vulnerabilities, data leaks, etc that can be leveraged by attackers.

Business Continuity and Disaster Recovery

The guidelines stress the importance of having robust business continuity plans (BCP) and disaster recovery strategies, including regular testing and updates to these plans.

As part of our IRDAI Cyber Security Compliance Service, our teams help you establish Business Continuity and Disaster Recovery process and plans. Furthermore our Technical Assessment teams can help you carry out Comprehensive BCP DR Drills to validate the effectiveness and coverage of your existing practices.

Third-Party and Vendor Management

Specific guidelines are provided for managing third-party risks, including due diligence, contractual requirements, and ongoing monitoring of third-party vendors.

ShadowMap’s comprehensive Vendor Risk Management platform allows you to track all of your vendors in near real time and get accurate Security Risk Scorecards for each of your vendors. These score cards include details about active vulnerabilities, latest data breaches, data leaks, dark web leaks, etc.

Technology and Infrastructure Management

Guidelines for managing IT infrastructure, cloud services, virtualization, and other technological aspects are included to ensure a secure and resilient technological environment.

ShadowMap’s Attack Surface Management platform allows you to maintain a real time asset inventory of all your public infrastructure, SaaS platforms, Cloud Platforms, Hosting Providers, etc. Furthermore our Comprehensive Web-Application Penetration TestingNetwork Penetration TestingNetwork Vulnerability AssessmentsSecure Code Reviews, etc services can help you maintain continuous vigilance of your technology and infrastructure risks.

Employee Awareness and Training:

The document underscores the need for continuous employee awareness and training programs to ensure all personnel are informed and capable of responding to cyber security challenges.

Data Privacy and Protection

Guidelines related to data privacy, including the handling of sensitive personal information and other data-related aspects, are included.

Monitoring and Logging

Detailed guidelines on monitoring, logging, and assessment of security controls are provided to ensure ongoing vigilance and quick response to potential threats.

Speak To Our Experts

First Name*

Last Name*

Work Email*



Client Speak

Reference Articles

UIDAI Information Security Policy for Authentication User Agencies

The UIDAI Information Security Policy for Authentication User Agencies (AUAs) and KYC User Agencies (KUAs) is a comprehensive set of guidelines designed to ensure the secure handling, transmission, and storage of Aadhaar data.

IRDAI Cyber Security Compliance

A comprehensive guide to RBI’s Cyber Security Compliance for Commercial Banks, NBFCs, PPI Issuers, Small Finance Banks, and Payment Banks. Learn about Security Brigade’s solutions to navigate these crucial regulations effectively.

RBI Cyber Security Framework for Banks

The RBI Cyber Security Framework for Banks sets out a comprehensive list that banks must comply with to combat escalating cyber threats. As a CERT-In Empanelled Security Auditor, Security Brigade can help customers comply with many of these requirements.

Code Review for PCI DSS Compliance

One of the key requirements of PCI DSS is to perform regular secure code reviews of all custom code that touches cardholder data. This helps to identify and fix security vulnerabilities in the code before it is put into production.

Vulnerability Assessment vs Penetration Testing

The main difference between Vulnerability Assessment and Penetration Testing is the level of detail and the level of interaction with the network. An Vulnerability Assessment is a high-level assessment that identifies vulnerabilities, while an Penetration Testing is a low-level assessment that exploits vulnerabilities.

OWASP Top 10 Web Application Security Risks

The OWASP Top 10 is a standard awareness document for developers and web application security professionals. It represents a broad consensus about the most critical security risks to web applications. The document is updated every three years to reflect the changing threat landscape.

Types of Red Team Assessments

Red Team Assessments can be classified into three main types: external, internal, and hybrid. External assessments focus on the organization’s external attack surface, while internal assessments focus on the internal network and systems.

Attack Surface Management in Red Teams

Attack Surface Management is a valuable tool that can help organizations to improve the efficiency and effectiveness of their red team assessments.

Importance of SOC 2 Compliance for SaaS Organizations

SaaS organizations that are SOC 2 compliant can demonstrate to their customers that they have taken the necessary steps to protect their data. This can help to build trust and confidence, and it can also open up new markets and opportunities.

Technology Risk Management Guidelines – Monetary Authority of Singapore

The Monetary Authority of Singapore (MAS) has issued the Technology Risk Management Guidelines that cover a wide range of topics, from establishing a sound cyber risk governance framework to implementing technical controls to protect IT systems.

Juby P - Botree Software
{In an age where cyber threats constantly evolve, having a trusted ally like Security Brigade is essential. The Security Brigade team consistently delivered well-structured reports that spotlighted critical vulnerabilities and potential security weaknesses. These reports were accompanied by actionable recommendations, allowing our teams to prioritize and rectify issues efficiently. Professionalism, responsive, and depth of expertise well appreciated, and we are happy to have engaged Security Brigade as our VAPT provider.
Juby Pappachan
Senior Manager - InfoSec, Botree Software
Gobinda Chandra Patra - ISIT Consultants
{We started working with Security Brigade as a cost effective solution for doing VAPT for applications and networks for our customers. But we have developed a great partnership with Security Brigade over the last 6+ years. They treat our customers as their own customers and provide solutions and do the activities as per agreed terms and sometimes even they don’t mind going beyond and deliver to customer. We will be happy to continue working with them and refer others as well.
Gobinda Chandra Patra
CEO and Co-Founder, ISIT Consultants
Peter Theobald Author Of Cybersecurity Demystified
{I have been using Security Brigade services for the past fourteen years. In my role as leading the cybersecurity Initiative at multiple national system integrators in India, I have worked with them to provide VA/PT, External Attack Surface Management, and Red Teaming services to large corporate customers. In each case they have met or exceeded expectations resulting in repeat business. I have no hesitation recommending their services for quality conscious customers wanting to enhance their security posture.
Peter Theobald, A.C.A
Cybersecurity Industry Veteran, Author of Cybersecurity Demystified