Moore Stephens Recommends Information Security Health Check for Insurance Industry
According to Moore Stephens: companies in the insurance industry can quickly assess the quality of their information security and technology risk management by comparing their processes to good practice published by the FSA.
Writing in the latest issue of the firm’s Insured Interest newsletter, Steve Williams, a senior manager in the Moore Stephens IT assurance team, says, “The FSA, in order to support its statutory objective to reduce financial crime, is focusing strongly on information security and published 'good practice' guidance to firms of all sizes in 2008.”
Threats to information security may lurk in any number of areas of a company’s day-to-day business practice. If they remain undetected and unmanaged, they represent a significant threat to security of data. In our experience, answering some basic questions based on the published good practice can quickly indicate to senior management that there may be a problem with information security.”
So far as organisation and responsibility are concerned, firms should understand whether they have clear and transparent responsibility for and ownership of information security. Firms should have procedures for detecting loss of customer data and for considering how they communicate losses to customers and ensuring they treat customers fairly in the event of a breach. They should also be training employees regularly in their role in securing customer data.
A number of areas should be understood in connection with access to IT systems, including whether all users have unique username and password combinations, and how access to the internet and email is restricted for employees with access to customer data.
Under the heading of data management, firms should be clear whether their systems are regularly backed up, whether laptops and portable media are encrypted, if significant computing equipment is stored in a purpose-built machine room, and whether formal procedures are in place for the destruction of customer data, including paper and electronic formats.
So far as compliance is concerned, firms should be asking how they audit those third-party suppliers who have access to their customer data to ensure they have appropriate information security, and how their compliance function monitors whether or not their IT controls are working.
Steve Williams says that, if firms are not able to answer all the questions positively, their information security may be under threat and they should investigate further.
For a copy of Insured Interest, email: [email protected]
•About Moore Stephens LLP:
Moore Stephens LLP is noted for a number of industry specialisations and is widely acknowledged as a leading shipping and insurance adviser. Moore Stephens LLP is a member firm of Moore Stephens International Limited, one of the world's leading accounting and consulting associations, with 621 offices of independent member firms in 95 countries employing 19,279 people. Fee income increased in 2007 by US$340.3 million to US$1,884.0 million, a growth rate of 22%, doubling turnover in the past three years.