IRDAI's cyber-security and outsourcing framework.
The Insurance Regulatory and Development Authority of India publishes the cyber-security guidelines and outsourcing regulations that bind Indian insurers. Vihaya's engagements with health, life, and general insurers ship the IRDAI artefacts as standard deliverables — board pack, audit-evidence schema, exit-management plan.
How Vihaya maps to IRDAI requirements
| IRDAI requirement | Vihaya posture |
|---|---|
| Board-approved outsourcing policy | Board-pack template delivered at kickoff |
| Cyber-incident reporting | Detected events surface to your reporting workflow with required metadata |
| Right-to-audit | Clause in standard pilot SOW |
| Data accessibility in India | Customer data in customer's India-region VPC |
| Material-activity controls | Confidence-floor escalation ensures material decisions stay reviewable |
| BCP / DR | Runbook with RPO/RTO targets at handoff |
IRDAI FAQ
Which IRDAI direction governs AI?
Two are most relevant: IRDAI's Information and Cyber Security Guidelines (most recent: 2023) and the IRDAI Outsourcing of Activities regulations. Both apply to life, general, and standalone health insurers.
What does board-level oversight require?
The board (or a designated committee) must approve the outsourcing policy, review material risk events, and sign off on critical-activity outsourcing. Vihaya engagements produce a board-pack: scope, risks, controls, exit plan.
What's the incident-reporting requirement?
Insurers must report cyber incidents to IRDAI within prescribed timelines. Vihaya's audit trail surfaces detected incident events to the insurer's reporting workflow with the required metadata.
Does IRDAI require data localisation?
IRDAI is less prescriptive on localisation than RBI but expects records of policyholders to be accessible in India and recoverable on demand. Vihaya runs in the insurer's India-region VPC, so this is satisfied structurally.
Want to see this in your environment?
30-minute discovery call. Draft SOW within 5 business days.
Talk to us about a pilot →