Secure your business and stay compliant Talk to our Experts!

As CERT-In empaneled cybersecurity audit organization, DigiFortex provides a smooth and robust compliance solutions for ISNP Security Audit Framework developed by IRDA.

Our team of skilled auditors and consultants prioritizes transparency, accuracy, and actionable insights, helping you not only meet compliance but also enhance the integrity and resilience of your information systems. DigiFortex goes beyond basic auditing by offering guidance to strengthen your IT processes, protect assets, and secure data integrity, ensuring your systems function effectively under all conditions.

Request free consultation - Click Here

ISNP Security Audit

The Insurance Self Network Platform (ISNP) is an electronic platform established with the approval of the Insurance Regulatory and Development Authority of India (IRDAI) to support e-commerce activities in the insurance sector. To maintain secure and compliant online operations, IRDAI has set comprehensive guidelines (IRDA/INT/GDU ECM/055/03/2017) that any insurance entity intending to offer digital services must follow.

Under these guidelines, any insurance company, aggregator, or intermediary wishing to conduct e-commerce activities must establish an ISNP, which can take the form of a website (desktop or mobile), a mobile application, or both. Compliance with IRDAI’s ISNP regulations ensures that insurance providers implement and maintain robust security controls across their platforms.

Key objectives of an ISNP Security Audit include

Internal Monitoring Controls: Establish and manage data processing controls to safeguard sensitive information.

Annual Security Review: Conduct a board-approved review of systems, controls, procedures, and safeguards, performed by a qualified CISA or DISA auditor or a CERT-In empaneled agency.

ISO/IEC 27001 Compliance: Ensure alignment with ISO standards for Information Security Management Systems (ISMS) to manage risks and enhance security.

Incident Reporting: Identify and report any adverse findings impacting policyholders, promptly informing IRDAI.

Our Proven Audit Approach

Our detailed audit process ensures that your payment systems meet regulatory standards, while also strengthening your organization’s security posture.

Business Understanding: We begin by evaluating your business processes and environment to identify all relevant in-scope elements.

Audit Scope Finalization: A detailed questionnaire is shared with your teams to collect evidence on architecture, implementation, and controls.

Initial Audit: We assess your infrastructure to identify all storage locations containing payment-related data.

Risk Assessment: Our team conducts a risk analysis of your information security posture, highlighting potential vulnerabilities.

Data Flow Assessment: A comprehensive analysis is performed to understand data flow and detect any potential leakage points.

Remediation Support: We provide actionable solutions to address compliance challenges and strengthen your systems.

Scans and Testing: We perform rigorous testing to uncover critical vulnerabilities in your system.

Evidence Review: Evidence collected is reviewed to evaluate its maturity and alignment with compliance requirements.

Final Audit: A thorough examination is conducted to ensure all identified vulnerabilities are addressed and the system is secure.

Concise Reporting: Our team delivers a detailed report covering all findings and insights from the assessment cycle.

Why DigiFortex?

As a CERT-In empaneled and ISO 27001:2022 certified organization, DigiFortex is globally recognized in providing Information Security consulting. Our team started McAfee in India and holds 17 US patents.

Our team of skilled auditors and consultants prioritizes transparency, accuracy, and actionable insights, helping you not only meet compliance but also enhance the integrity and resilience of your information systems. DigiFortex goes beyond basic auditing by offering guidance to strengthen your IT processes, protect assets, and secure data integrity, ensuring your systems function effectively under all conditions.

A small glimpse of DigiFortex’s globally recognized work

  1. Completed the Prepaid Payment Instrument (PPI) audit for Amazon Pay, which included:
    1. IS Audit (Information System Audit)
    2. V-KYC (Video-based Know Your Customer)
    3. VAPT (Vulnerability Assessment and Penetration Testing)
    4. SAR (Security Assessment Report)
    5. RBI Data Localization compliance
  2. Conducted security assessments for the #1 U.S. financial institution, covering 17 of their websites across 17 countries.
  3. Performed a comprehensive Cloud Security Assessment for HDFC Bank.
  4. Provided IT audit services for the integration of HDFC’s system with the Government of India’s Solar Energy Corporation of India (SECI).
  5. Selected by Indian Bank to conduct a full security assessment of their data centers in Chennai and Mumbai.

Request free consultation - Click Here

For More Information

Contact Us

DigiFortex is a Cyber Security company focused on enhancing Security, Governance, Risk, Compliance (GRC) and Privacy postures for enterprises. Our flagship offerings are GRC, Advanced Penetration Testing(VA/PT), Cloud Security (CNAPP), Next-Gen Security Operation Center(SOC), MSSP, v-CISO and products for advanced Security Assessments.

© 2024 DigiFortex. All Rights Reserved.