1.1 Assessing activities that the company has given consent to a licensed insurance company It is carried out using electronic means.

Selling insurance policies electronically (Online)

Using electronic methods for insurance policy offerings

Issuing an insurance policy

Insurance contract reimbursement

 

1.2 Assessing activities at the company broker or bank Use the service provider's information system service, which is a third party for

Electronic insurance policy offering service

Using electronic methods for insurance policy offerings

Issuing an insurance policy or reimbursement under the life insurance contract According to the Notification of the Insurance Commission on Criteria, How to issue an insurance policy offering and reimbursement under life insurance contracts using electronic methods

 

1.3 Assessing what is or is currently being done

Information system security policy

Guidelines for maintaining information security; or

Security Standards of Information Systems

Privacy Policy/Privacy Policy (for website service / online policy information service)

Personal Data Protection Practices or privacy and personal information management practices

data structure standard Standards for exchanging information or disclosing information

 

1.4 Evaluate what is currently available or working.

Documentation of activities and details requiring electronic methods

Flow chart showing activities using electronic methods.

A document showing the information systems and electronic methods used to support activities that use electronic methods.

Document guidelines for evaluating security standards of information systems according to a strict method of security in accordance with the specified criteria.

Privacy and Personal Data Management Policies and Practices

Information system security audit certificate by an independent auditor according to the certificate in the form Aor Or. 3

Information system security audit certificate by the independent auditors of the company at the strict level according to the certificate in the form of Aor Or 3

Letter of consent and certifying the company's information system that it has strict standards of security and safety of the company and is signed by the authorized director or attorney of the company.

2.1 Consider ways to improve (Documentation of activities using electronic methods)

• Documentation of activities and details requiring electronic methods

• Flow chart showing activities using electronic methods.

• A document showing the information systems and electronic methods used to support activities that use electronic methods.

• Information system service agreement between service providers

 

2.2 Consider improvement guidelines (policy, practice guidelines, security standards, etc.)

Information system security policy

Guidelines for maintaining information security; or

​

Security Standards of Information Systems (According to a strictly safe method)

Privacy Policy/Privacy Policy (for website service / online policy information service) or

​

Privacy and Personal Data Management Practices

data structure standard Standards for exchanging information or disclosing information

Risk Assessment System risk management internal control

security and support plans in the event that third parties are unable to provide services

3.1 Arrange for an audit to certify information systems by independent auditors.

​

Independent auditors who are certified or licensed in accordance with the established criteria.

CISA, CISM CISSP, and ISO 27001 (ISMS) for certification based on information systems security assessment guidelines based on a secure methodology.

​

Independent auditor who is a certification body for information systems (Certified Body)

In the case of certification according to the guidelines for assessing the security standards of information systems according to the secure method.

​

In the event that the company establishes an information security management system and submits a certification audit according to ISO/IEC 27001:2013 (ISMS).