IRDAI ICS Audit & ISNP Security Assessment for a Private General Insurer
Sector
Insurance — Private General Insurance Company
Engagement Type
IRDAI ICS Audit + ISNP Security Audit + DPDPA Readiness Assessment
Duration
8 weeks
SEO Keywords
IRDAI ICS audit case study, ISNP audit India, insurance DPDPA compliance
The challenge
A private general insurer was due for their IRDAI annual ICS audit and simultaneously needed to get their new ISNP platform audited before launch. The ISNP platform — a direct consumer portal for motor and health insurance — had been developed rapidly and needed a security assessment before IRDAI approval. Additionally, the insurer’s DPO had flagged DPDPA compliance gaps in the policyholder data handling processes.
What Zorixx Did
- Conducted IRDAI ICS audit across all 12 security domains — 140+ control points assessed
- Performed ISNP platform security audit — web application VAPT, API security testing, payment gateway integration review, customer data security assessment
- Identified 3 critical vulnerabilities in the ISNP payment flow — remediated before audit submission
- Conducted DPDPA readiness assessment — policyholder health data, nominee data, KYC data flows
- Designed consent framework for ISNP — granular, purpose-linked consent notices for motor and health products
- Developed data retention schedule covering all policyholder data categories
- Prepared IRDAI ICS audit report structured for regulator submission
Outcomes
ICS Audit
Submitted to IRDAI with zero critical findings. 4 medium observations with remediation timeline.
ISNP Audit
ISNP platform cleared security audit. IRDAI approval obtained within planned timeline.
Critical Vulnerabilities Fixed
3 critical payment flow vulnerabilities fixed before platform launch — preventing potential fraud exposure.
DPDPA
Consent framework operational at ISNP launch — compliant from Day 1.
Client Statement
"Zorixx understood the insurance regulatory context deeply. They didn't just test our platform — they knew exactly what IRDAI would look for."