Layer 1 · Risk Managers · Auditors — implementation
IRDAI Control Catalogue — 14 Security Domains
All 14 IRDAI security domains with key mandates and the evidence auditors expect.
| # | Security Domain | Key Mandate | Evidence Required |
|---|---|---|---|
| 1 | Governance & Organisation | Board must constitute an Information Security Committee (ISC); appoint a CISO; IS policy reviewed annually and approved by board | Board minutes, IS policy, CISO appointment letter |
| 2 | Information Security Policy | Comprehensive IS policy covering all domains; communicated to all staff; reviewed when there is a significant change | Signed IS policy, training attendance records |
| 3 | Human Resource Security | Security awareness training at induction and annually; background checks for privileged users; termination checklist for access revocation | Training records, background check certificates |
Unlock all 14 rows — Pro
Sign in to unlock — every free trial includes full Pro access to the deep-dive catalogues.
Sign in to unlock