The Insurance industry is a very regulated industry. Lives literally depend on it. Establishing a solid and custom framework for managing risks and ensuring adherence to regulations related to cybersecurity for the sensitive data in the insurance industry is the cornerstone of trust. Cybersecurity governance, risk and compliance (GRC) for insurance companies focuses on protecting sensitive policyholder data, maintaining operational stability, and managing the financial implications of cyber incidents.
- Data Protection:
Insurance companies handle vast amounts of sensitive data, making them prime targets for cyberattacks. GRC helps protect this data from unauthorized access, use, or disclosure.
- Financial Stability:
Cyber incidents can lead to significant financial losses through remediation costs, legal fees, and potential regulatory fines. GRC helps mitigate these financial risks by reducing the likelihood and impact of cyberattacks.
- Regulatory Compliance:
The insurance industry faces increasing regulatory scrutiny regarding cybersecurity. GRC helps ensure compliance with these regulations and avoid potential penalties.
- Maintaining Trust:
Cyber breaches can damage the reputation and erode the trust of policyholders. GRC helps maintain a strong security posture, which is essential for building and maintaining trust.
| Auto Owners Insurance | Governance Risk and Compliance Categorizing DataFiles shares •MS Exchange •Laptop and Desktop •SharePoint •IMs •MIME •Public Folders Legal •Early Case Assessment •Legal Hold Archiving Data •Email Management: Messaging Architecture for on premise and remote client access. Archiving 4,000 email users •SharePoint archiving 3,600 users •File archiving 500 users |
| Travelers Indemnity Company | Provide Visibility into Data Sources (understand data to develop action plan) Clean Up Data Sources (move, copy, quarantine, delete, etc.) Identify Sensitive Information (PII/PCI, SSN, Credit Cards, TIN, HIPAA) Categorize Information (sensitivity, age, ownership, type, etc.) Reduce Risk (delete data no longer needed, move sensitive data to secure location, apply defendable disposition policy, ongoing monitoring) Quickly Respond to Unstructured Data Requests (FOIA, Open/Public Records Act, Help Desk) Quickly Identify Records Across Unstructured Data Sources and Move Them into a System of Record Federated •Norcross GA •St Paul MN •Hartford CT |
| John Hancock | Provided Architectural Design Consulting, Statement of Requirements Definition and Development for long-term care (LTC) specific solution to address incoming Rerate Response documents. Reviewed the information architecture (IA) Architecture documents and submitted detailed recommendations for improvements. •Designed solution to handle incoming paper and documents with volumes to exceed 1.2 million documents. •Leveraged custom VB components for Scan, Index Validation and DB exports. •Extended solution to support primary and secondary document types |
| Southern Farm Bureau Life | Data remediation of unstructured data for the purpose of moving data to tiered storage depending on the access of data and to adhere to the following company policies: Archive Stale Data: Migrate all files not accessed for more than 6 months to the destination/archive folder. Acceptable Usage Policy Enforcement: Move all MPEG and JPEG files to the destination/archive folder. User Data Management: Move all files owned by a specific user to the destination/archive folder. PST Consolidation: Consolidate all PSTs into a central destination/archive folder |
| Conseco (Bankers Life & Casualty) | Developed and introduced emerging technologies: •Streamlined company communication and collaboration by introducing Netscape’s Enterprise Server Suite: Messenger, Proxy, Calendar, and news groups •Developed a LDAP structure that would include all acquired businesses. •Assimilation of acquired companies by coordinating system integration, both data and telephone |
| XL | Created and delivered an architectural document and design document for the global installation of XL. There were three geographical regions. The company is based in Bermuda which allows a tax incentive. Yet, the issue was to show that data needs to originate from Bermuda to allow XL to enjoy this advantage. The solution utilized Citrix metaframe. The docbases were distributed content and central, depending on if policies were local or global. |