Work With Genesis Insurance Company

Transcription

1 IN F O R M AT ION TEC HNOLOGY (IT ) SECURIT Y AT GEN ES I S security peace of mind You re covered. Access Control Application Security Business Continuity and Disaster Recovery Planning Cryptography Information Security Governance and Risk Management Legal, Regulatory and Compliance Operations Security Physical and Environmental Security Security Architecture and Design Telecommunications and Network Security 1

2 Working with Genesis brings financial security, stability and peace of mind to our clients including assuring our clients IT security. We take IT security seriously. Our IT security landscape is capable of addressing the everevolving security challenges and threats, and at the same time contributing to the development and deployment of robust IT governance mechanisms. This ensures safe, secure and reliable services to our clients, in accordance with the IT industry standard (ISC)2 CBK. 2

3 Access Control We take reasonable measures to ensure that Genesis associates access is given to those applications that they need in order to perform their job functions. All systems require authentication through a unique user ID and password. Our password standard ensures the password is complex, changed on a periodic basis, and prevented from reuse for numerous generations. Upon termination, the access is removed for users, vendors and authorized consultants. Periodic access reviews are conducted by the business owners and any changes to access proceed through the provisioning system to remove unnecessary access. Application Security Application systems are implemented following a software development lifecycle and a quality assurance and change management process. All users must have their own unique user ID and password in order to log on to corporate systems. Access reviews are conducted periodically on mission-critical systems, including systems that may contain sensitive or financial data. Appropriate access rights are defined by information owners based on requirements of business operations. Business Continuity and Disaster Recovery Planning Genesis maintains a business continuity management process that enables us as an organization to continue to manage our business under adverse conditions. This is accomplished through appropriate resilience strategies, recovery objectives, and business continuity plans in collaboration with, and as an integral part of, a risk management function. Genesis s disaster recovery plan details the restoration of critical systems, data, networks and telecommunications, and is updated and rehearsed annually. The processes outlined in our business continuity and disaster recovery plans are designed to ensure that Genesis can continue to provide services to our clients. 3

4 Cryptography Cryptographic solutions are used to protect the confidentiality of sensitive information. Transport Layer Security (TLS) and an industry-standard mail encryption solution are utilized. Portable devices (including laptop hard drives and mobile phones) are encrypted using accepted technology and strong governing standards. Information Security Governance and Risk Management Genesis maintains data privacy policies for the United States, Canada and international businesses, which include data security guidelines, training and controls. Our Legal department maintains, reviews and publishes these policies and assesses the training. Data Privacy Officers have been appointed in each business platform. Any service providers we use are governed by contractual agreements. Our IT systems and processes are audited internally and externally on a regular basis. We conduct a technical security assessment of its networks, firewalls and infrastructure systems on an annual basis. This assessment attempts to identify exploitable system/application level vulnerabilities that, if compromised, could adversely impact the operational and business objectives of Genesis systems. Risk management and security functions are the responsibilities of several areas, including our corporate Risk Committee, and the Human Resources, Legal and IT departments

5 Legal, Regulatory and Compliance Our IT department takes reasonable steps and applies applicable data privacy policies and procedures to protect personal information and sensitive data. Access management and controls are also used for identification, authentication and authorization to meet business requirements while maintaining confidentiality, integrity and availability. Authorized users are certified annually through Code of Business Conduct training where acceptable use standards are displayed. Access to Genesis data and file servers is restricted to authorized users for support functions. Changes to software configuration and server configuration are governed by a rigorous release management process that requires approval by management before implementation. The Genesis Security Incident Management process includes key personnel from various internal organizations to provide identification, investigative services, incident containment, recovery operations and post-incident reviews. 5

6 Operations Security The Genesis infrastructure network is segregated logically and physically as operational needs dictate. There are separate environments for development and production. Industry standard antivirus, firewall and encryption solutions are employed within the Genesis environment. Genesis uses network behavioral and vulnerability management devices to check the health of the network environment. Physical and Environmental Security Security controls and procedures are in place to prevent unauthorized access to Genesis facilities and systems. Access to data centers is controlled through a secure keycard system. Only those with an operational need are given access. Visitors must adhere to building security protocol based on location

7 Security Architecture and Design Our IT department follows a software development life cycle that evaluates security architecture and best practices. Detailed risk assessments are conducted for hardware, software and other technology solution providers. Telecommunications and Network Security Network monitoring is regularly conducted and appropriate action is taken to identify, locate and investigate unauthorized or suspicious traffic on the network. Penetration tests are conducted on the environment on a periodic basis. Vulnerabilities are reviewed, remediated, tracked and signed off by senior IT management. 7

8 About Genesis Genesis is the premier alternative risk insurance provider, offering innovative solutions to meet the unique needs of its public entity, commercial and captive customers. Comprehensive programs, underwriting expertise, superior claim handling and consistent performance are the core values that define the Genesis team of professionals. Our collective experience, knowledge and collaborative approach enable us to provide stability and consistency to our clients. Financial Strength Ratings A.M. Best: A++ Standard & Poor s: AA+ CONTACTS Jill Eaton Vice President, Genesis REGIONAL MANAGERS John Fumo Atlanta Vice President, Kevin Williams Chicago Vice President, Carl Oswald San Francisco Second Vice President, James Dart Stamford, CT Vice President, genesisinsurance.com Genesis Insurance Company is licensed in the District of Columbia, Puerto Rico and all states. Genesis Insurance Company has its principal place of business in Stamford, CT and operates under NAIC Number Insurance is placed with Genesis by licensed retail brokers/agents. Not all coverages described above are available in all states. Availability of coverage depends on underwriting qualifications and state regulations Genesis Management and Insurance Services Corporation, Stamford, CT ITGen2013-1