The Cyber Risk Institute (CRI) expanded its offerings for a vital segment of the financial services sector: insurers and the insurance industry.
Washington D.C. — On Nov. 12, 2020, the Cyber Risk Institute (CRI) released an update to its Profile to expand the Profile’s offerings and increase its utility for a vital segment of the financial services industry – insurers and the insurance industry. This Version 1.1 incorporates the National Association of Insurance Commissioners (NAIC) Financial Condition Examiners Handbook (sometimes referred to as the NAIC IT Handbook) updates, particularly updates to its Exhibit C: EVALUATION OF CONTROLS IN INFORMATION TECHNOLOGY (IT). Additionally, Profile v1.1 now includes a full suite of “Informative References” for the functions “Governance” and “Supply Chain/Dependency Management,” better connecting those functions and related diagnostics to widely used industry standards such as ISO, COBIT and NIST 800-53.
CRI Managing Director Josh Magri characterized the release of Version 1.1 as a great “next step” in the development of the Profile. “CRI is always working to improve and amplify the Profile by integrating new elements — but I am especially pleased that for our first update, we are adding guidance which is used across the insurance industry. This clearly demonstrates the flexibility of the Profile, and in certain ways, is a symbol of what is to come: we aren’t limited to one portion of the sector.”
The NAIC Handbook “offers specific instructions and suggestions for carrying out each individual phase of examination” and the inclusion of Exhibit C and amendments in the Profile eases the ability of these users to ensure they’re meeting their cybersecurity and IT requirements. Because NAIC managed this mapping to the Profile directly, the inclusion of the Handbook’s Exhibit C reflects the progressive approach that the NAIC has taken toward supporting industry compliance efforts, and their confidence in the Profile. It also provides Profile users certainty in the matching of the Profile diagnostic statements to regulator intent…Read more