Information Security
Management System
ISO/IEC 27001:2022 Certified Framework
🛡
Protecting Data. Building Trust. Enabling Innovation.
PRESS → OR CLICK TO CONTINUE
01 — Overview
OIP Insurtech Security at a Glance
0
Security Policies & Procedures
Comprehensive ISMS Documentation
0
Total Documents & Artifacts
Policies, Forms, Registers, Templates
0
Documents Updated in Q4 2025
Active Maintenance Cycle
v2
Latest Revision Cycle
OIPIP Document Framework
Our Commitment
OIP Insurtech maintains a comprehensive ISMS aligned with ISO/IEC 27001:2022 and EU GDPR. Our documentation suite demonstrates organizational maturity, including clearly defined segregation of duties, active governance, and continuous improvement across all information security domains.
✓ ISO/IEC 27001:2022
✓ EU GDPR Compliant
✓ Annual Audit Cycle
✓ Continuous Improvement
02 — Framework
ISMS Framework — Plan-Do-Check-Act
📋
PLAN
⚙
DO
🔍
CHECK
⚡
ACT
ISMS
📋 Plan — Establish the ISMS
- Define ISMS scope and boundaries (OIPIP01)
- Risk assessment methodology (OIPIP03)
- Information security policy (OIPIP13)
- Statement of Applicability (OIPIP06)
- ISMS objectives and plans tracking
- Legal & regulatory requirements (OIPIP10)
03 — Documentation
Policy & Procedure Documentation
Governance
Technical Controls
Operational
Compliance
Business Continuity
04 — Controls
ISO 27001 Annex A — Control Coverage
All control categories implemented and maintained with documented evidence.
05 — Risk Management
Risk Assessment & Treatment
LIKELIHOOD →
Based on OIPRP03 Risk Assessment Methodology
Active
2025 Risk Register maintained (XLSX)
4-Step
Risk Treatment Process
✓
Risk Acceptance Criteria Defined
✓
Business Impact Analysis (OIPIP23)
Treatment Options
Mitigate
Accept
Transfer
Avoid
06 — Cloud Security
GCP Security Architecture
Project: oip-security (396205169530) — Defense-in-depth across all layers.
🛡 Perimeter Security
Cloud Armor WAF
DDoS Protection
Cloud DNS Security
External Load Balancer
SSL/TLS Termination
🔗 Network Security
VPC Network Isolation
Firewall Rules
Private Google Access
Cloud NAT
VPC Flow Logs
Network Segmentation
⚙ Application Security
IAM & RBAC
Service Accounts (Least Privilege)
Secret Manager
Binary Authorization
Container Security
Secure Development (OIPIP22)
🔒 Data Protection
Encryption at Rest (AES-256)
Encryption in Transit (TLS 1.3)
Cloud KMS
DLP API
Backup Policy (OIPIP20)
Cryptographic Controls (OIPIP19)
07 — Operations
Monitoring, Logging & Incident Response
📈 Logging & Monitoring (OIPIP27)
- ✓ Cloud Audit Logs enabled across all services
- ✓ Centralized log aggregation & SIEM
- ✓ Real-time alerting & anomaly detection
- ✓ Log retention policies aligned with compliance
- ✓ VPC Flow Logs & Network Intelligence
🛠 Configuration Management (OIPIP28)
- ✓ Infrastructure as Code
- ✓ Change management procedures
- ✓ Configuration baseline & drift detection
🚨 Incident Response (OIPIP15)
1
Identify
Detection & classification of security events
Detection & classification of security events
2
Contain
Isolate affected systems, limit damage
Isolate affected systems, limit damage
3
Eradicate & Recover
Remove threat, restore operations
Remove threat, restore operations
4
Lessons Learned
Post-incident review, CAPA (OIPIP17)
Post-incident review, CAPA (OIPIP17)
📊 Threat Intelligence (OIPIP25)
- ✓ Threat feed integration
- ✓ Vulnerability management process
- ✓ Proactive threat hunting
08 — Resilience
Business Continuity & Disaster Recovery
🏭 Disaster Recovery Plan (OIPIP11)
Comprehensive DR procedures with live-tested validation.
Damage Assessment
Team Mobilization
DR Event Recording
Communications
Recovery Tasks
DRP Test Report (Oct/Nov 2025)
📊 Business Impact Analysis (OIPIP23)
- ✓ Critical process identification
- ✓ RTO/RPO defined per service
- ✓ Impact severity classification
- ✓ Resource dependency mapping
📖 Business Continuity Plan (OIPIP24)
🚀
Activation Criteria
Defined triggers for BCP activation
Defined triggers for BCP activation
👥
Crisis Management Team
Roles, responsibilities, escalation paths
Roles, responsibilities, escalation paths
🔄
Recovery Procedures
Step-by-step recovery for all critical systems
Step-by-step recovery for all critical systems
🔒 Backup Strategy (OIPIP20)
- ✓ Automated daily backups
- ✓ Geo-redundant storage
- ✓ Regular restore testing
- ✓ Encryption of backup data
09 — Governance
Governance & Continuous Improvement
📜 Internal Audit (OIPIP16)
Comprehensive audit program with 8 supporting documents:
Audit Plans
Audit Reports
Non-conformity Reports
Operational Audits
Archive & History
🔧 CAPA Process (OIPIP17)
Corrective & Preventive Action procedure ensuring identified issues are systematically addressed and prevented from recurring.
📚 Documentation Protocol (OIPIP18)
Standardized document control with version tracking, classification, approval workflows, and retention policies.
Document Update Timeline
December 2025
12 documents updated to v2 — major revision cycle covering Risk Assessment, Classification, Access Control, Cryptography, Logging, Configuration Management, BIA & BCP
Oct – Nov 2025
DRP Test Report completed — validating disaster recovery procedures through live testing exercises
April – May 2025
Full ISMS migration to OIPIP framework — all 30 policies re-established as v1 under new document control scheme
Q1 2025
ISMS Management Review Meeting (1st quarterly), Incident Response procedures established, Incident Log tracking initiated
Security by Design.
Compliance by Default.
0
Policies & Procedures
0
Documents & Artifacts
0
Annex A Controls
100%
Control Coverage
🛡
Thank you — Questions & Discussion
OIP Insurtech • Information Security Management System • ISO/IEC 27001:2022