Keeping our clients data safe is of paramount importance at InsuBiz. And just as important to us is to reassure our clients that we at all times are on top of things. Therefore InsuBiz is audited in accordance with International Standard on Assurance Engagements (ISAE) 3402 Type II.
The scope of the 3402 standard is to ensure that all relevant processes are thoroughly documented, efficient controls are effectuated and that these controls are well documented and have been carried out in a certain period of time.
The InsuBiz ISAE 3402 accreditation has been designed with a focus on securing sensitive personal data and is based on the legal requirements on Processing of Personal Data in combination with relevant part of ISO 27001. The following main areas are covered:
InsuBiz uses only certified partners for server hosting and through our ISAE 3402 accreditation any outsourcing agency must comply with strict controls in areas like:
InsuBiz has a security policy in place that describes all issues concerning information security to ensure that the company always complies with the current legislation in this area.
Cyber attacks are becoming increasingly sophisticated. This can potentially lead to system crashes and loss of confidential data. The most effective way to prevent such attacks is by identifying vulnerabilities before they can be maliciously exploited.
In co-operation with one of the leading players in the field of Internet security Digicure Deloitte, InsuBiz uses a combination of two methods to keep the solution and infrastructure safe: Scheduled Security Vulnerability Analysis and Comprehensive Custom Penetration Testing.
4 times a year an external vulnerability analysis is performed against the InsuBiz infrastructure. The analysis leads to a rating of the IT security, and a detailed and unbiased vulnerability report that provides directions on how we can effectively remediate potential vulnerabilities.
The workflow of the analysis is:
|1 - DiscoveryIdentifying all active TCP & UDP ports on tested IP range.3 - Vulnerability scanningThe obtained information is used in combination with a range of cutting edge tools to implement extensive vulnerability analyses. Findings are compared against a database containing several thousand known vulnerabilities.5 - Manual researchThe analyses results are validated through the use of a variety of manual procedures and know-how. This is done in order to identify and validate other potential vulnerabilities.||2 - Enumeration of servicesEnumeration of services on open ports through use of tools.4 - Sanity checkTo avoid false positives, Digicure's experienced security technicians perform a detailed research and verification test. The purpose is to verify results through all available sources, and last but not least, validate all vulnerabilities manually.6 - ReportingDigicure's experienced security technicians craft a detailed, unbiased report, with recommendations for remediating potential vulnerabilities.|
InsuBiz uses only certified partners for server hosting and through our ISAE 3402 accreditation any outsourcing agency must comply with strict controls regarding:
Deloitte’s methodology for penetration testing is based upon central areas from the OWASP Testing Guide and the OWASP Development Guide. The methodology consists of a combination of automated and manual penetration testing techniques to ensure thorough coverage of the systems in scope.