Insurance firms will have to mandatorily appoint a chief information security officer by April 30 whose main job would be ensuring data protection. This is part of sector regulator Insurance Regulatory and Development Authority of India (Irdai) cyber security guidelines that will be implemented in series, the first phase of which begins on April 30 and complete a full circle by end-March 2018. "By March 31, all insurance companies will have to appoint a Chief Information Security Officer (CISO) who will be responsible for articulating and enforcing the policies to protect their information assets and formation of Information Security Committee (ISC)," Irdai said in circular. Security audit and legal aspects on cyber security are other aspects of the guidelines. Insurance firms who are in existence for less than three years, however, have been exempted from the requirement of a full-time appointment of a CISO.

Source: dna April 09, 2017 07:13 UTC