GRC or Governance, Risk and Compliance, mainly refers to the strategy for managing the organization’s governance, enterprise risk and compliances. GRC has three main components:
This report was submitted by the working group created by the RBI to address the issues on information security, electronic banking, technology risk management and cyber fraud.
The report is divided into different chapters and each chapter include introduction, associated roles and responsibilities and the desired control recommendations from the RBI for banks to implement compulsorily.
The report covered 3 topics in-depth:
Objectives of the working group:
ISNP stands for Insurance Self Network Platform. In order to create a digital platform for the insurance industry, the Insurance Regulatory and Development Authority of India (IRDAI) issued guidelines for insurance e-commerce on 9 March. Guidelines are issued by IRDAI for ISNP under reference number IRDA/GDL/ECM/055/03/2013.
The idea of these guidelines is to standardize e-commerce rules across different entities selling insurance online. Anybody who now wants to sell insurance on a digital platform will need to setup an insurance self-network platform (ISNP) and follow the rules for it. Insurance Self Network Platform means an electronic platform set up by any applicant with the permission of the authority.
Only insurers, brokers, agents, intermediaries or other entities recognised by IRDAI can sell policies on the online platform. Insurance intermediaries include distributors such as corporate agents, web aggregators and insurance marketing firms. As agents are tied to one insurer, they can use the digital platform of the insurer to sell policies online.
Having a systematic approach to information security is the key to its success in an organization. ISO 27001 is the only standard which gives you a best practice management framework for implementing and maintaining security. ISO 27001 helps implementing organizations to protect your information assets by eliminating vulnerabilities. It brings consistency in the entire organization’s approach to information security making it highly manageable.
How we can help?
Implementation: Implementation, consulting and advisory services to assist in design and development of controls and policies with assistance in successfully obtaining certification Transition/Readiness/GAP Analysis: Readiness audit / Gap analysis for certification; transition assistance from ISO27001:2005 to ISO27001:2013,; Technical Risk Assessment
Monitoring, Maintenance and Optimisation: Monitoring the organization ISMS, Controls Maintenance, Optimization of ISMS including metrics / KPIs; Enabling process and technology controls – change management, patch, backup etc; BCP/DR; GRC and process automation solutions.
PCI DSS was developed by 5 major credit card companies: Visa, MasterCard, Discover Financial Services, JCB International and American Express. No matter how big or small a business is, if it takes credit or debit card payments, it needs to comply with the Payment Card Industry Data Security Standard (PCI DSS).
It was mainly developed to increase card holder’s data security and to facilitate wide adoption of data security measures globally.
The major objectives of PCI DSS are:
Benefits of PCI DSS:
Heath Insurance Portability and Accountability Act was signed by President Bill Clinton on Aug 21, 1996. HIPAA came into place in order to protect vital patient’s information so that the patient can rely on the health organization who ensured the safety of their information. HIPAA compliance is applicable to 3 covered entities:
HIPAA contains 5 sections:
There are 8 key steps which an organization should consider, regardless of the size or complexity of the organization, when it is preparing to comply with the security rule:
What is considered protected health information under HIPAA?
Information regarding the payment of the care provided that identifies the patient
General Data Protection Regulation (GDPR) as a new law, effective May 25, 2018, requires some significant changes in the way Mobile Apps, Websites operate currently. Core of the law requires ‘Forget Me’ for end users and this implies relevant user interface changes as well as data encryption in transit and archiving. Apps using AI or machine learning also need tweaks in the way data can be processed or presented for end users opting to ‘Restrict Processing My Data’.
Data Protection Model Under GDPR