IRDAI Guidelines for ISNP:
ISNP remains for Insurance Self Network Platform. With a specific end goal to make a computerized stage for the protection business, the Insurance Regulatory and Development Authority of India (IRDAI) issued rules for protection online business on 9 March. Rules are issued by IRDAI for ISNP under reference number IRDA/GDL/ECM/055/03/2013.
The possibility of these rules is to institutionalize internet business manages crosswise over various substances offering protection on the web. Anyone who presently needs to offer protection on an advanced stage should setup a protection self-organize stage (ISNP) and take after the tenets for it. Protection Self Network Platform implies an electronic stage set up by any candidate with the consent of the specialist.
Just safety net providers, specialists, operators, delegates or different substances perceived by IRDAI can offer arrangements on the online stage. Protection middle people incorporate wholesalers, for example, corporate specialists, web aggregators and protection showcasing firms. As specialists are fixing to one back up plan, they can utilize the computerized stage of the safety net provider to offer strategies on the web.
ISO 27001 Readiness:
Having a precise way to deal with data security is the way to its achievement in an association. ISO 27001 is the main standard which gives you a best practice administration system for actualizing and looking after security. ISO 27001 causes actualizing associations to secure your data resources by taking out vulnerabilities. It gets consistency the whole association's way to deal with data security making it exceedingly sensible.
How we can help?
Execution: Implementation, counseling and warning administrations to aid plan and advancement of controls and approaches with help with effectively getting confirmation Transition/Readiness/GAP Analysis: Readiness review/Gap examination for affirmation; progress help from ISO27001:2005 to ISO27001:2013,; Technical Risk Assessment
Observing, Maintenance and Optimization: Monitoring the association ISMS, Controls Maintenance, Optimization of ISMS including measurements/KPIs; Enabling procedure and innovation controls – change administration, fix, reinforcement and so forth; BCP/DR; GRC and process computerization arrangements.
PCI DSS :
PCI DSS was created by 5 noteworthy charge card organizations: Visa, MasterCard, Discover Financial Services, JCB International and American Express. Regardless of how enormous or little a business is, whether it assumes acknowledgment or charge card installments, it needs to follow the Payment Card Industry Data Security Standard (PCI DSS).
It was basically created to expand card holder's information security and to encourage wide appropriation of information safety efforts all around.
The major objectives of PCI DSS are:
Exchanges ought to be directed in a protected domain.
Cardholder's data, for example, date of birth, father's name must be secured wherever it is put away.
Frameworks ought to be secured against malignant assaults by every now and again refreshing enemy of malware programming projects.
Confinements ought to be forced on the entrance to framework data.
Frameworks ought to be continually observed to guarantee that all safety efforts are working appropriately.
A formal data security arrangement must be kept up and taken after by all elements and constantly
Benefits of PCI DSS:
Diminished danger of security ruptures.
Genuine feelings of serenity for our customers.
Lift in client certainty and along these lines increment in consumer loyalty.
Exorbitant fines are maintained a strategic distance from.
Moderately snappy and simple exchanges
HIPAA:
Heath Insurance Portability and Accountability Act was signed by President Bill Clinton on Aug 21, 1996. HIPAA came into place in order to protect vital patient’s information so that the patient can rely on the health organization who ensured the safety of their information. HIPAA compliance is applicable to 3 covered entities:
Providers of Health care who transmit information electronically
Health care insurance companies
Health care clearing houses who are the facilitators for processing of health information for billing purposes.
HIPAA contains 5 sections:
HIPAA Health Insurance Reform.
HIPAA Administrative Simplification.
HIPAA Tax Related Health Provisions
Application and Enforcement of group help plan requirements.
Revenue Offsets
There are 8 key steps which an organization should consider, regardless of the size or complexity of the organization, when it is preparing to comply with the security rule:
Obtain and maintain senior management support
Develop and maintain Security policies and procedures
Conduct and maintain inventory of ePHI
Be aware of Political and Cultural issues raised by HIPAA
Conduct Regular and detailed risk analysis
Determine what is appropriate and reasonable.
Documentation
Prepare for on-going compliance
What is considered protected health information under HIPAA?
Patient’s name, address, birth date and social security number
Individual’s health condition
Aid provided to the individual
Information regarding the payment of the care provided that identifies the patient
GDPR Compliance Readiness:
GDPR Compliance Readiness
General Data Protection Regulation (GDPR) as a new law, effective May 25, 2018, requires some significant changes in the way Mobile Apps, Websites operate currently. Core of the law requires ‘Forget Me’ for end users and this implies relevant user interface changes as well as data encryption in transit and archiving. Apps using AI or machine learning also need tweaks in the way data can be processed or presented for end users opting to ‘Restrict Processing My Data’.
Why Is It Important?
Straightforwardness, reasonableness, and legality in the taking care of and utilization of individual information
Limiting the gathering and capacity of individual information
Guaranteeing the exactness of individual information and empowering it to be eradicated or amended
Constraining the capacity of individual information.
Guaranteeing security, trustworthiness, and secrecy of individual information
Extended jurisdictional reach
Extended "individual information" definition
"Specialized and authoritative [security] measures"
Extreme punishments (4% of in general Turnover of the Company or €20M, whichever is more noteworthy)
How We Can Help?
Protection Framework for Governance
Preparing for DPO (Data Protection Officer)
Information stock – recognize forms and unlawful held information
Review and Mapping of Data Flow
Consistence and Technical Gap Analysis
Data Commissioner Notification bolster
Actualizing Personal Information Management System
Protection GAP/Current State Assessment
Execution of ISMS according to ISO 27001 Standard
Characterizing and Creating Incident Response Process
Nonstop Monitoring, nearby Consultancy
Powerlessness Assessment and Penetration Testing
Yearly Readiness Audit