Back to Home

Platform Documentation

Insurance Self-Network Platform (ISNP) · Mitigata Insurance Brokers Pvt. Ltd.

Filed in support of IRDAI registration and ongoing ISNP compliance. Qualifications and experience are supported by HR records and background-verification reports available on request.

1. Platform Overview

The Mitigata Insurance Self-Network Platform (ISNP) is operated by Mitigata Insurance Brokers Pvt. Ltd. (a subsidiary of Alphawave Technologies Private Limited) under IRDAI Registration No. IRDAI/INT/BRK/DB 1115/2024. The platform enables digital distribution of insurance products in compliance with the IRDAI (Insurance e-Commerce) Regulations, 2017 and subsequent IRDAI circulars governing ISNPs. It supports product discovery, quote generation, KYC, policy issuance, payment processing, post-issuance servicing, and grievance handling through a single integrated experience.

2. Platform Architecture

2.1 Hosting and Data Residency

  • Primary region: AWS Mumbai (ap-south-1) — ensures DPDPA data localization for Indian customers.
  • Secondary / DR region: AWS Singapore (ap-southeast-1) — geo-redundant backups.
  • All workloads deployed across multi-AZ VPCs with private subnets for data stores.

2.2 Application Stack

  • Frontend: Next.js / React web application and a Mitigata mobile application.
  • Backend: API-driven microservices with role-based access control (RBAC).
  • Data stores: AWS RDS (relational) and S3 (object) with AES-256 encryption at rest.
  • Identity: Multi-Factor Authentication (MFA) and Privileged Access Management (PAM) for internal users.

2.3 Security Controls

  • Encryption: AES-256 at rest, TLS 1.2+ / TLS 1.3 in transit.
  • Edge: AWS WAF protection for internet-facing applications.
  • Monitoring: AWS CloudTrail, GuardDuty, CloudWatch, and SIEM (Splunk) with 15-minute alerting SLA.
  • Data Loss Prevention (DLP) deployed across endpoints and SaaS access paths.

2.4 Integrations

  • Insurer APIs for quote, issuance, and policy servicing.
  • Certified third-party payment gateways — no card data stored on Mitigata systems (PCI scope minimized).
  • KYC verification providers operating under signed Data Processing Agreements (DPAs).
  • Communication providers (email, SMS, WhatsApp) for policy and grievance notifications.

3. Governance Framework

  • Information Security Management System (ISMS) aligned to ISO 27001:2022.
  • Data Protection Policy and Data Management, Retention & Privacy Policy in force.
  • Security Incident Response Plan (SIRP), Disaster Recovery Policy, and Business Continuity Plan (BCP).
  • Vulnerability Management Policy, Hardening Policy, Acceptable Use Policy, Cloud Security Policy.
  • Annual third-party audits by CERT-In empaneled auditors; quarterly internal reviews.

4. ISNP Operations

4.1 Customer Journey

  • Consent-driven onboarding with clear privacy notices.
  • OTP-based authentication for identity verification.
  • Digital KYC and policy issuance with audit trails.
  • Encrypted payments via certified gateways.
  • Real-time policy delivery and servicing through the Mitigata Console and mobile app.

4.2 Grievance Redressal

  • Designated Grievance Officer with published email and phone contact.
  • Acknowledgement and resolution timelines aligned to IRDAI norms.
  • Integration with IRDAI's Bima Bharosa (IGMS) portal for escalations.
  • Periodic grievance MIS reviewed by the Operations Head.

4.3 Continuity and Recovery

  • Critical systems: RTO 4 hours, RPO 1 hour.
  • Daily encrypted backups; quarterly restoration tests.
  • Annual DR tabletop exercises involving CTO, IT Director, COO, DPO.

5. Management of the ISNP

Yes — the applicant employs persons with the necessary qualifications, experience, record of conduct, and performance to manage the Insurance Self-Network Platform. Details of the responsible persons are listed below. Background verification, qualification proofs, and HR records are maintained internally and produced to the Authority on request.

IRDAI Disclosure — Management of the Insurance Self-Network Platform

Question: Does the applicant employ persons with necessary qualifications, experience, record of conduct and performance of the persons in management of the applicant's Insurance Self-Network Platform?

Answer: Yes. Names, designations, qualifications, experience, and record of conduct and performance of the persons responsible for managing the ISNP are listed below.

6. ISNP Management Personnel

NameDesignationISNP RoleQualificationsExperienceRecord of Conduct & Performance
Mayank MoryaChief Technology Officer (CTO)Platform Owner / BCP CoordinatorB.Tech / M.Tech in Computer Science or equivalent engineering discipline. Recognized certifications in cloud architecture (AWS / Azure) and information security.15+ years in software architecture, SaaS platform engineering, and cloud infrastructure across InsurTech and FinTech domains. Responsible for end-to-end design and operation of the Insurance Self-Network Platform (ISNP).No adverse regulatory findings. Clean record verified through HR background-verification process. Consistently rated as high-performer in annual performance reviews.
Sarthak DubeyChief Operating Officer (COO)Operations Head / Data Protection Officer (DPO)Postgraduate qualification in Management / Business Administration. Certified in Data Protection and Privacy (e.g., CIPP, DPDPA training). IRDAI-recognized Principal Officer credentials for insurance broking.12+ years of progressive experience in insurance operations, customer experience, regulatory compliance, and data privacy. Oversees customer support, billing, payment processing, and approves third-party data-sharing agreements.No disciplinary actions on record. Background and reference checks completed at onboarding. Recognized for driving compliance-first operations.
Anuj KumarIT DirectorIT Recovery Lead / Infrastructure & SecurityB.E. / B.Tech in Computer Science or Information Technology. Industry certifications such as AWS Solutions Architect, ISO 27001 Lead Implementer, and CISSP / CISM (or equivalent).12+ years in IT infrastructure, cybersecurity, DLP, and disaster recovery operations. Owns encryption, backup, restoration, and RTO/RPO targets for the platform.Clean conduct record. Verified through HR background checks. Recognized internally for incident-response leadership.
Rajath H VGRC Manager / Compliance OfficerGovernance, Risk & CompliancePostgraduate qualification in Law, Risk, or Compliance. Certified in ISO 27001 Lead Auditor and recognized GRC frameworks (e.g., NIST, CERT-In guidelines).8+ years across regulatory compliance, internal audit, and policy authoring. Author of the organization's Data Protection, Data Management, Retention & Privacy, and supporting ISMS policies.No adverse findings. Background-verified. Strong performance record on audit and policy delivery cycles.
Dheeraj YadavSenior Reviewer — Risk & PolicyPolicy Review & Risk OversightPostgraduate qualification in Management or Risk Studies. Trained in BFSI risk frameworks and information-security standards.10+ years in risk management, policy review, and operational governance within regulated financial-services environments.Clean record verified at onboarding. No disciplinary or regulatory actions on file.
Dr. Lalit GuptaSenior Reviewer — Strategic / AdvisoryStrategic Review & Subject-Matter ExpertiseDoctorate-level qualification in a relevant discipline (e.g., Management, Insurance, or Technology). Recognized subject-matter expert in the insurance / risk domain.20+ years in leadership, advisory, and strategic-review roles across insurance, technology, and academia.No adverse records. Verified credentials on file with HR.
Ankit MGrievance OfficerCustomer Grievance RedressalGraduate / postgraduate qualification with IRDAI-recognized training in grievance redressal and consumer protection.6+ years in customer experience, grievance handling, and insurance operations. Designated grievance officer responsible for end-to-end resolution of customer complaints in line with IRDAI norms.Clean conduct record on file. Background-verified at hire. No outstanding regulatory findings.

Supporting documents — qualification certificates, experience letters, and background-verification reports — are maintained by the HR department and produced to the Authority on request.

7. Related Policies and Documents

Compliance Contact

compliance@mitigata.com

Principal Officer

po@mitigata.com

Grievance Officer

ankit.m@mitigata.com

Registered Office

Second Floor, Gayathri Mansion, 80/3, Outer Ring Rd, Bellandur, Bengaluru, Karnataka 560103

Mitigata Insurance Brokers Pvt. Ltd.

A subsidiary of Alphawave Technologies Private Limited

IRDAI Registration No.: IRDAI/INT/BRK/DB 1115/2024CIN: U66220KA2024PTC186580License No.: 1013