Brought to you by:
AMA Group
AMA Group

Industry urged to step up data protection

Facebook Twitter LinkedIn Google

Insurance software solutions provider Stelvio has urged the industry and its third party suppliers to consider using system and organisational controls reporting to protect the vast amounts of private data handled by their businesses.

System and organisational controls, or SOC 2 reporting standard for short, is often referred to as a certification, Stelvio Australia GM Yannick Giguère said.

“However it is more an audit of a company’s service-oriented controls to ensure they meet the SOC trust principles relating to IT,” he said.

“SOC 2 compliance means that an organisation has developed and is implementing very strict controls, policies, and procedures to protect customer information.”

While the reporting standard isn’t mandatory in Australia, he says it is a good way of demonstrating the care and consideration organisations take when managing data security and risk.

“SOC 2 is typically relevant for service organisations that develop and provide technology that stores customer and other important information,” he told insuranceNEWS.com.au.

“This means it may not be required for an insurance organisation directly. However, it is best for an insurer to engage with a technology provider that has achieved SOC 2 compliance, which provides additional assurance that their data is securely managed.”

He says data security and privacy are becoming increasingly important for consumers and businesses alike, so it’s essential that insurers take notice of the growing requirement to be compliant.

“Insurers must invest in cybersecurity tools and technologies as part of their own cybersecurity strategy, such as network monitoring or firewall protections,” Mr Giguère said.

“It’s also essential to engage third-party service providers that demonstrate a commitment to data security in their software solutions.

“Insurers must assess whether a service provider is securely managing data to protect the interests of the company and its customers or clients as part of the due diligence that businesses conduct when they choose a service provider.”