National insurer device management: how 2,500 field laptops run across India
National insurer device management at the 2,500 device scale is not a procurement problem. It is a logistics problem dressed as a CapEx conversation. The CFO of one national insurer we work with stared at a Rs.21 crore four-year laptop refresh quote in February 2026 and asked a question every IT operations head in BFSI has heard, “Is there any other way to do this?” There was.
On this page
- What national insurer device management actually looks like at 2,500 devices
- The Rs.21 crore CapEx trap and the four hidden cost lines
- The 72-hour tier-3 city replacement SLA nobody asks for in the RFP
- IRDAI ICSG and DPDP: the three device controls the regulator will check
- The two-track contract: what the insurer kept, what the partner took
- How to pitch this to your CFO in one slide
- Frequently asked questions
Here is how to run a national insurer device management programme across 220+ Indian cities with a 72-hour tier-2 and tier-3 replacement SLA inside an opex envelope your CFO will sign, even if your fleet has historically lived on a Rs.21 crore CapEx refresh cycle. We have run the operating model below for one national general insurer, two NBFCs, and one health insurer over the last 18 months. The pattern holds.
What national insurer device management actually looks like at 2,500 devices
A national insurer with 4,200 employees and 2,500 field surveyors does not have one fleet. It has approx five, and national insurer device management has to handle all five with one operating model.
The HQ fleet in BKC sits on a desk Monday to Friday, runs claims and underwriting workflows, talks to SAP and the policy admin system, and refreshes on a slow 48-month cycle because the work is sedentary and the chassis survives. The branch ops fleet in 220+ cities is a mix of desktops at the front counter and laptops for the branch manager, refreshing on a 42-month cycle because Indian branch offices run a bit dustier and a bit hotter. The surveyor and agent fleet is the painful one, approx 1,600 laptops bouncing between Maruti dashboards, train compartments, monsoon-soaked motorcycle bags, and tier-3 city hotels for three years until the chassis gives up. The investigator fleet is a small cohort of approx 80 ruggedised devices that do not refresh on a calendar at all, only when one dies. The contractor and temporary staff fleet is approx 100 to 140 devices that rotate every 6 to 18 months. National insurer device management means owning all five at once with one operating model and one dashboard.
Naveen, the Head of IT Operations at the insurer we worked with through March 2026, summed it up in our first scoping call in BKC. “My IRDAI auditor doesn’t care whether a laptop is HQ or field. He cares whether the data on it is encrypted, the access logs work, and the disposal certificate exists. My CFO doesn’t care which fleet either. He cares about the line item. I’m the one in the middle and right now I’m losing on both sides.” That sentence is the case for a single operating model.
The Rs.21 crore CapEx trap and the four hidden cost lines
The CFO’s first instinct on national insurer device management is the right one financially and the wrong one operationally. A 2,500 laptop refresh at approx Rs.62,000 weighted average per device (mix of HQ workhorses, branch laptops, ruggedised surveyor units, and an investigator slice) lands at approx Rs.15.5 crore in hardware. Add freight, imaging, asset tagging, MDM enrolment, replacement cover for the 6 to 8 percent DOA rate across a national rollout, and a tier-3 city onsite warranty upgrade because the OEM standard plan stops at tier-1 metros. Total comes to approx Rs.20 to 22 crore for a single refresh cycle. The CFO sees Rs.21 crore. What the CFO does not see is what comes after the PO is signed.
Four cost lines hide behind that headline number. They do not show up on the procurement line item. They show up on the IT operations expense head 14 to 30 months later.
It [absorbs the per-incident escalation logistics for tier-2 and tier-3 cities] so you can [stop chasing the OEM’s authorised service centre map every Tuesday afternoon] which means [your fleet ops lead spends her week on IRDAI evidence and not on FedEx waybills].
First, the tier-2 and tier-3 onsite SLA gap. Dell ProSupport, Lenovo Premier Support, and HP CarePack Standard are all priced for metro coverage. A surveyor’s laptop dies in Indore on a Tuesday. The OEM’s authorised service centre is in Indore and is paisa-vasool. A surveyor’s laptop dies in Hubli on a Tuesday. The nearest ASC is in Bengaluru. Without an explicit tier-3 onsite uplift in the warranty contract, the surveyor is offline for 5 to 9 working days waiting for the device to courier in and out. At approx Rs.4,200 per surveyor day of lost productive field hours across approx 60 incidents per quarter, that is Rs.10 to 18 lakh per quarter the CFO never sees on the procurement line.
Second, attrition-driven device churn. Field agent and surveyor attrition in Indian general insurance runs approx 22 to 30 percent annually. On a 1,600-device field fleet that is approx 400 laptops cycling through the IT manager’s desk every year, each one needing wipe, audit log, redeployment to a new joiner, asset tag update, and a DPDP destruction certificate if the device is being retired. In-house team time alone on this is approx 4 to 6 FTE-months a year. The CFO never sees that either because it is buried in the helpdesk headcount.
Third, the MDM and EDR licence sprawl when nobody owns refresh discipline. The insurer we worked with had three MDM contracts running in parallel because three different procurement cycles had picked three different vendors. Approx Rs.34 lakh a year on overlapping licences. When refresh discipline is missing, this happens every cycle.
Fourth, regulator-grade asset records. IRDAI’s ICSG framework expects an asset register tied to access controls, tied to encryption status, tied to disposal evidence. When the in-house team is firefighting tier-3 city replacements, the asset register slides. A pre-audit reconciliation typically runs approx 6 to 11 weeks of senior IT manager time at one of these companies. National insurer device management done well makes this a 90-second pull from a dashboard.
Add those four lines up across a 4-year cycle and the CapEx Rs.21 crore quote is actually closer to Rs.28 to 34 crore landed. That number is what the alternative is competing with, not the Rs.21 crore. A national insurer device management contract has to attack all four hidden lines or it is just a procurement repaint.
The 72-hour tier-3 city replacement SLA nobody asks for in the RFP
The single most important clause in a national insurer device management contract is the one most insurer RFPs forget to ask about. Tier-2 and tier-3 city replacement SLA. Every national insurer device management deal we have closed in the last 24 months has lived or died on this clause.
Standard OEM warranty plans are written for metros. The customer-facing language says pan-India, the operational reality is metro-fast and non-metro slow. If you do not write the tier-2 and tier-3 SLA into the contract explicitly, by city tier with named MTTR targets and named ASC fallback, the partner will default to the OEM’s network, and the OEM’s network defaults to whatever the SLA contract allows. Real surveyors in real Indian non-metros end up offline for 5 to 9 days.
The two-track national insurer device management contract we wrote with Naveen specified four tiers of replacement SLA, with the partner taking the logistics off his desk for tiers 2, 3, and 4. Tier-1 cities (the 8 metro plus Pune, Ahmedabad, Jaipur, Kochi): onsite replacement inside 24 hours. Tier-2 cities (approx 60 cities, the OEM’s normal authorised service centre footprint): replacement laptop on site inside 48 hours, drawn from a regional buffer pool. Tier-3 cities (approx 150 cities, where the OEM’s network is patchy or absent): replacement laptop on site inside 72 hours, dispatched from the nearest buffer pool with a courier escalation matrix that bypasses the OEM channel entirely. Tier-4 (approx 10 to 20 truly remote postings, primarily in the North East and remote mining or port locations): inside 5 working days with a documented best-effort fallback.
This SLA cost approx 11 to 14 percent more than the OEM standard plan on a per-device basis. It eliminated approx Rs.42 to 58 lakh a year of surveyor downtime cost. The CFO understood that arithmetic the moment we showed him the per-incident MTTR baseline from the previous 6 months. He did not need a 90-minute defence.
IRDAI ICSG and DPDP: the three device controls the regulator will check
IRDAI’s Information and Cyber Security Guidelines (ICSG) and the DPDP Act of 2023 do not contradict each other on device controls inside a national insurer device management programme. They overlap on three checks that every IRDAI inspection visit in the last 24 months has surfaced.
Full-disk encryption with key custody documented is the first national insurer device management control IRDAI will test. Every device, HQ or field, must run BitLocker or equivalent with a key escrow chain that the partner can attest to and the in-house team can audit. The inspection question is not “is it encrypted?” The question is, “show me the key recovery procedure for a lost surveyor laptop in Bhubaneswar.” If the answer is “I will check with our laptop vendor”, the finding goes into the inspection report.
Privileged access logs tied to device identity are the second national insurer device management control. ICSG expects the audit trail to link a privileged action on the policy admin system back to a specific device serial number, not just a user ID. A surveyor’s laptop logging into the underwriting system from a hotel Wi-Fi in Madurai must show in the log as that device’s serial number, not just that user. The MDM and the SIEM must reconcile on this. If they do not, the regulator reads it as a control failure even when the underlying access was legitimate. Our BFSI cluster guide on DPDP compliance for insurers, banks and NBFCs walks through the regulator overlap map in detail.
DPDP-compliant disposal certificates indexed by serial number complete the third national insurer device management control. Every device that leaves the fleet (refresh, attrition, damage, theft, loss) must have a documented destruction or wipe certificate at NIST 800-88 grade, tied to the asset record. When a regulator asks for the disposal log for “all surveyor laptops retired in Q2 2025”, the answer must be a clean spreadsheet inside 4 hours, not a folder of PDFs nobody has indexed. The partner’s job is to produce these certificates as part of the refresh cycle. The in-house team’s job is to make sure they land in the asset register on time. National insurer device management is the framework that makes this routine, not heroic. Skip the framework and disposal evidence becomes the single biggest IRDAI inspection finding.
The two-track contract: what the insurer kept, what the partner took
This is the responsibility split we agreed with Naveen’s team. It is the model we now propose to every national insurer device management scoping conversation, and the contract structure has held across one general insurer, two NBFCs, and one health insurer.
| Workstream | In-house IT team | DLM partner |
|---|---|---|
| Strategy, security policy, regulator liaison | Owns | Reviews and supports |
| Procurement spec definition, OEM relationship | Owns | Provides market intelligence |
| Imaging gold image and refresh schedule | Owns gold image | Owns refresh execution |
| Tier-1 city deployment and helpdesk | Owns | Available on escalation |
| Tier-2, 3, 4 city deployment and warranty | Available on escalation | Owns |
| Asset tag reconciliation and SAP FA posting | Owns the SAP write | Posts monthly recon file |
| DPDP disposal certificate production | Owns the archive | Owns the production |
| IRDAI evidence pack assembly | Owns the narrative | Owns the artefacts |
| MDM policy authoring | Owns | Operates |
| Quarterly business review with CFO | Joint | Joint |
The two-track contract is the artefact that protects the in-house IT manager’s job, defines what good looks like for the partner, and gives the CFO a single throat to choke for the operational lines. Without it, the engagement defaults to ambiguity, and ambiguity always falls back onto the in-house manager’s desk on a Saturday. We have written about how this works for in-house IT teams of all sizes, and the structure scales from 200 devices to 2,500.
Most insurer IT departments think the answer to a 2,500 device problem is a bigger in-house team or a bigger CapEx budget. It usually is not. It is a contract boundary that lets a 4 to 6 person in-house IT team behave like a 12 person team without the headcount. The headcount approach does not scale because the work is not steady. National insurer device management is bursty by nature. A monsoon week in West Bengal generates 40 device incidents in 6 days. A normal week generates 8. You cannot staff for the spike without overstaffing for the average.
How to pitch this to your CFO in one slide
The slide that worked for Naveen when he pitched national insurer device management to his CFO had four lines.
Line one, headline number on national insurer device management. “4-year landed cost of refresh path A (CapEx): Rs.28 to 34 crore. 4-year landed cost of path B (DaaS with two-track contract): Rs.31 to 33 crore.”
Line two, cash flow profile. “Path A: Rs.21 crore in Year 1, then near-zero, then Rs.21 crore again in Year 5. Path B: approx Rs.7.7 crore evenly per year, OpEx line, predictable to the CFO’s planning cycle.”
Line three, what the CFO actually buys with the national insurer device management spend. “Tier-3 city 72-hour replacement SLA included. IRDAI evidence pack production included. DPDP disposal certificates included. No FTE growth required on the IT operations team.”
Line four, the risk reversal. “If the per-device cost runs over the approved budget for any quarter in the first 12 months, the variance is on us.” Naveen’s CFO signed the same week.
We have laid out the broader DaaS TCO math for 500 device fleets elsewhere, which scales linearly to the 2,500 device case. The arithmetic does not change. The cash flow profile is what changes the conversation.
I have sat through approx 30 BFSI national insurer device management scoping calls in the last 24 months. The same three sentences come up every time. “Our IRDAI auditor is coming in Q3.” “Our CFO won’t sign a CapEx spike this year.” “Our IT manager already has too much on his plate.” When Kavya and I went through Naveen’s scoping document in our Monday review, she pushed back on whether the in-house team should keep MDM policy authoring. Her counter was that at 2,500 devices, the policy author needs a dedicated week per quarter, and the in-house team in this case had approx 2 hours. We landed on policy authoring staying in-house but with a quarterly co-authoring session with our team. That is the kind of detail that does not survive a vendor deck but does survive a contract.
The CapEx number on the procurement line is not what your CFO actually pays for a 2,500 device refresh. The tier-3 city downtime, the attrition churn, the MDM licence sprawl, and the regulator evidence work double that number over four years. Show your CFO that math, not the procurement quote.
Here is the part nobody says out loud, boss. Most insurer device refreshes are not actually about devices. They are about the IT operations head trying not to fail an IRDAI inspection in Q3, the CFO trying not to take a Rs.21 crore hit in one quarter, and the field surveyor trying not to lose a customer because his laptop dropped during a survey in Pune. National insurer device management is the operating model that solves all three of those problems with one contract, theek hai? When we do this right, the IT operations head walks into the IRDAI meeting with a thumb drive of evidence that takes him 20 minutes to assemble. When we do it wrong, he spends approx 11 weeks recieving partial answers from three vendors and the asset register still doesn’t tie.
The thing I will push back on inside the BFSI vendor community is this: insurers keep being sold “pan-India coverage” without an explicit tier-3 SLA in the contract. The OEM channel is not lying. They genuinely have a presence in 27,000+ pincodes. But what “presence” means in tier-3 city Madhya Pradesh in monsoon week is not what the slide deck suggested. A real national insurer device management contract names the cities, names the MTTR target, and names the escalation path. Anything less is a slide deck, not an SLA. National insurer device management lives or dies on this single discipline.
Frequently asked questions
What is national insurer device management?
National insurer device management is a single operating model that handles laptop and tablet procurement, imaging, deployment, warranty, refresh, and disposal across an insurer’s HQ, branches, surveyors, agents, and investigators in tier-1, tier-2, tier-3 and tier-4 Indian cities. The model is typically delivered through a DLM contract that splits scope between an in-house IT team and a national partner, with the partner taking on logistics-heavy work in non-metro cities and the in-house team retaining strategy, policy, and SAP integration.
How is national insurer device management different from a normal corporate fleet?
Three things make it different. Geography (220+ cities including tier-3 postings the OEM channel under-serves), regulator load (IRDAI ICSG plus DPDP Act of 2023 controls on every device), and attrition pattern (approx 22 to 30 percent field force churn means approx 400 devices a year rotating through the IT team’s desk). A normal corporate fleet of comparable size on a metro footprint with 8 percent attrition needs roughly half the operating discipline.
Can a small in-house IT team run national insurer device management?
Yes, with the right contract. The insurer we worked with ran a 4-person IT operations team plus a partner. The partner absorbed approx 1,300 helpdesk tickets a quarter, approx 90 tier-3 city replacements a quarter, and approx 600 imaging and dispatch jobs a quarter. The in-house team focused on architecture, SAP integration, MDM policy authoring, and IRDAI evidence narrative.
What does IRDAI actually check on devices during an ICSG inspection?
Three controls in our experience. Full-disk encryption with documented key custody. Privileged access logs tied to device serial number. Disposal certificates at NIST 800-88 grade, indexed by serial number, archived and queryable inside 4 hours.
Is DaaS the right answer for 2,500 devices or is CapEx still cheaper?
The headline CapEx number is cheaper. The 4-year landed cost is usually within 5 to 10 percent either way, but the cash flow profile, the tier-3 SLA, the IRDAI evidence pack, and the no-FTE-growth promise are what most insurer CFOs end up buying. We have seen DaaS win on landed cost in approx 7 of the last 9 BFSI scoping cycles once the four hidden cost lines are added back to the CapEx side.
By the way, did you know we provide a parallel quote on your current insurer fleet at no charge? You send us a serial number list, current monthly support cost, and your last 12 months of MTTR data. We come back inside 7 working days with a per-device national insurer device management cost, a city-tier SLA proposal, and a side-by-side landed-cost comparison. No commitment, no follow-up calls unless you want them. Reply “INSURER” on WhatsApp to claim it.
Free fleet audit: national insurer device management for BFSI
Free fleet audit for insurers and NBFCs running 1,500+ field devices. If we don’t find at least Rs.40 lakh of recoverable savings over 36 months on landed cost, the national insurer device management audit is yours free and we do not chase you.
200+ businesses trust Sirius Star with their device operations. Response within 4 hours. We sit down with your IT operations head first, not your CFO, because national insurer device management only works when the operations head owns the scope conversation.
Get my free fleet audit on WhatsApp
Audit includes: per-device landed-cost model over 36 months, city-tier SLA proposal with MTTR targets named by tier, the two-track responsibility split tailored to your team, DPDP and IRDAI ICSG evidence-readiness scorecard, and the parallel quote against your current fleet. Plus a one-page CFO slide if you want one.
P.S. The four-tier SLA template from this article is also available as a one-page PDF we have shared with approx 18 BFSI IT operations heads in the last 6 months. It is the document we put on the table in the first national insurer device management scoping meeting. Reply “INSURER” on WhatsApp and we will send it. It includes the city-tier MTTR targets, the IRDAI ICSG evidence checklist, and the SAP FA reconciliation field map you can run against your own asset register before any vendor call.
About the author
Arjun Mehta is Device Operations Lead at Sirius Star Enterprise Technologies, where he runs device lifecycle management programmes for Indian mid-size and large companies across pharma, BFSI, manufacturing and logistics. He has led approx 80 DaaS scoping conversations in the last 24 months, including national insurer device management programmes for general insurance, NBFC, and health insurance clients running 1,500 to 3,000 field devices across tier-1, tier-2 and tier-3 Indian cities. He works out of Vashi, Navi Mumbai.
Profile: /author/arjun-mehta/
