On Nov. 7, PR RICO INS published rules on registration to the portal.
PR RICO INS published Circular Letter CN-2024-362-D on regulations applicable to the registration to the cybersecurity portal to comply with the requirements of Rule 108.
Cyber Portal Highlights
Implemented Rule 108 of Insurance Code Regulations, Cybersecurity Standards for Insurance Industry, approved on Sep. 10, 2024 (Regulation 9590 State Department).
Rule 108 aimed to establish cybersecurity rules for insurance industry and standards.
Portal includes free resources, best practices, and processes for good cyber hygiene.
Such as the Cybersecurity Controls Implementation Guide, which aligns requirements of Rule 108 with National Institute of Standards and Technology (NIST) best practices.
Besides, included a Checklist for Compliance with Rule 108 to facilitate compliance.
Cybersecurity Portal contains private access section for entities, with more than fifteen employees, that hold insurance licenses, authorizations, or certificates of authority.
Changes re duties of authorized personnel must be notified within 2 business days.
Effectiveness
Any regulated entity with more than fifteen employees required to comply with Rule 108 must obtain access to the Cybersecurity Portal on or before Dec. 1, 2024.
Regulators
PR RICO INS
Entity Types
Ins
Reference
Cir Lt CN-2024-362-D, 11/7/2024
Functions
Compliance; Cyber; Registration/Licensing; Reporting; Training
