Cyber Insurance PROPOSAL FORM. ITOO is an Authorised Financial Services Provider. FSP No

Similar documents
Cyber Insurance PROPOSAL FORM. ITOO is an Authorised Financial Services Provider. FSP No

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

DataBreach SM APPLICATION FOR DATA BREACH AND PRIVACY LIABILITY, DATA BREACH LOSS TO INSURED AND ELECTRONIC MEDIA LIABILITY INSURANCE

The Common Controls Framework BY ADOBE

General Data Protection Regulation

University of Pittsburgh Security Assessment Questionnaire (v1.7)

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Altius IT Policy Collection

IS Audit of Stock Brokers

Physician Office Name Ambulatory EHR Security Risk Analysis

Employee Security Awareness Training Program

Institute of Technology, Sligo. Information Security Policy. Version 0.2

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Data Sharing Agreement. Between Integral Occupational Health Ltd and the Customer

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

Juniper Vendor Security Requirements

AUTHORITY FOR ELECTRICITY REGULATION

Information Technology General Control Review

Daxko s PCI DSS Responsibilities

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Cyber security tips and self-assessment for business

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

ADIENT VENDOR SECURITY STANDARD

IBM Security Intelligence on Cloud

INTERNATIONAL SOS. Information Security Policy. Version 2.00

INFORMATION RESOURCE SECURITY CONFIGURATION AND MANAGEMENT

Information Security Policy

Version 1/2018. GDPR Processor Security Controls

PS Mailing Services Ltd Data Protection Policy May 2018

Procedure: Bring your own device

IBM Case Manager on Cloud

Subcontractor Approval Form

Payment Card Industry (PCI) Qualified Integrator and Reseller (QIR)

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

emarketeer Information Security Policy

Altius IT Policy Collection Compliance and Standards Matrix

Enviro Technology Services Ltd Data Protection Policy

InterCall Virtual Environments and Webcasting

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

Carbon Black PCI Compliance Mapping Checklist

Altius IT Policy Collection Compliance and Standards Matrix

Bring Your Own Device Policy

April Appendix 3. IA System Security. Sida 1 (8)

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

Vendor Security Questionnaire

Keys to a more secure data environment

SECURITY & PRIVACY DOCUMENTATION

Lakeshore Technical College Official Policy

Network Security Policy

Data Protection Policy

IT Security Standard Operating Procedure

2017 Annual Meeting of Members and Board of Directors Meeting

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

Oracle Data Cloud ( ODC ) Inbound Security Policies

It s still very important that you take some steps to help keep up security when you re online:

Responsible Officer Approved by

Payment Card Industry (PCI) Data Security Standard

A practical guide to IT security

OUR CUSTOMER TERMS CLOUD SERVICES - INFRASTRUCTURE

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Information Security Controls Policy

University of Sunderland Business Assurance PCI Security Policy

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

Data protection. 3 April 2018

Table of Contents. Page 1 of 6 (Last updated 27 April 2017)

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

Security Audit What Why

ECSA Assessment Report

Access Control Policy

DataBreach SM APPLICATION FOR HACKER LIABILITY AND HACKER LOSS TO INSURED INSURANCE

Privacy Policy Wealth Elements Pty Ltd

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Data Centers & Technology:

Information Technology Standards

CERTIFICATE POLICY CIGNA PKI Certificates

Information Security Data Classification Procedure

HIPAA Compliance Checklist

CONNX SECURITY OVERVIEW

1. Full name of applicant: 2. Address, City, State and Zip: 3. Main Website Address: 4. Additional Website Addresses Owned:

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Seven Requirements for Successfully Implementing Information Security Policies and Standards

NEN The Education Network

Security Policies and Procedures Principles and Practices

HF Markets SA (Pty) Ltd Protection of Personal Information Policy

Information Security in Corporation

Identity Theft Prevention Policy

IBM Cloud Service Description: Watson Analytics

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY

Checklist: Credit Union Information Security and Privacy Policies

INFORMATION ASSET MANAGEMENT POLICY

IBM Emptoris Managed Cloud Delivery

IT risks and controls

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

The simplified guide to. HIPAA compliance

Cyber Essentials Questionnaire Guidance

Company Policy Documents. Information Security Incident Management Policy

Transcription:

PROPOSAL FORM Cyber Insurance Underwritten by The Hollard Insurance Co. Ltd, an authorised Financial Services Provider www.itoo.co.za @itooexpert ITOO is an Authorised Financial Services Provider. FSP. 47230

1 Please answer ALL questions completely Should any question or part thereof not be applicable, please state N/A Should insufficient space be provided, please continue on your company letterhead 1. Name of Insured 2. Physical Address 3. Primary contact phone number 4. Primary contact email address 5. Registration Number 6. VAT Number 7. Public facing URL addresses (websites and services such as file transfer facilities) 8. Choose an item which closely matches primary nature of business Choose an item >> If other please specify 9. Products and services offered 10. Subsidiary names (if applicable) 11. Revenue Annual Turnover/ Gross Revenue Last year Current year Gross e-business revenue Last year Current year Value of asset base Last year Current year 12. Geographical split of gross revenue by region South Africa Last year % Current year % Europe (specify) Last year % Current year % USA Last year % Current year % Other (specify) Last year % Current year %

2 13. Number of employees Permanent Contractors Temporary SECURITY POLICIES AND STANDARDS 1. Have you implemented information security policies which have been approved by management 2. Are security policies reviewed on an annual basis 3. What security certifications do you hold (for example PCI DSS) 4. What is the minimum password length restriction applied to accounts Choose an item >> 5. How regularly are users required to change their passwords Choose an item >> 6. After how many failed authentication attempts are accounts locked out Choose an item >> 7. How long are accounts locked out for after failed authentication attempts Choose an item >> 8. Are users prevented from re-using their passwords for at least 5 changes 9. Are password rules enforced on all sensitive systems, for example password parameters defined on active directory SECURITY REVIEWS AND ASSESSMENTS 1. How frequently are your IT environments subjected to vulnerability or penetration testing Choose an item >> Please attach the latest testing report SENSITIVE AND PRIVATE INFORMATION 1. Do you collect/store/process any of the following EMPLOYEE & CLIENT data Bank records or financial account details Medical records or health information Payment card details Personal identity information (names, contact details, addresses) Third party corporate confidential data 2. Have your internet facing systems been configured so that no sensitive or personal data resides directly on them, but is instead stored behind a firewall on internal databases/systems

3 3. Have you implemented encryption for the following Data stored on portable devices (laptops, external storage devices, tablets, phones, etc.) Sensitive data transmitted outside your environment Sensitive data/backups stored outside your environment Sensitive data stored in your environment If YES, please provide additional information SECURITY IMPLEMENTATION 1. Have you implemented anti-virus software on all computers and mission critical servers (where applicable) 2. Have you implemented firewalls at all breakout points to external networks 3. As part of system configuration do you ensure that all default vendor accounts are secured, via disabling/deleting or changing the account password 4. Do you actively in real time monitor sensitive/critical servers and applications 5. Do you secure all computers and servers according to your technical security configuration standards 6. Have you implemented controls to restrict unauthorised access to sensitive data via your wireless network 7. Do you allow for remote access to your network Choose an item >> 7.1. If yes, is remote network access exclusively over secured channels (for example Virtual Private Network (VPN) with 2 factor authentication) 7.2 If yes, are controls implemented to protect accounts including installation and administration accounts from brute force password attacks PHYSICAL AND ENVIRONMENTAL SECURITY 1. Have you implemented physical controls such as surveillance cameras or access control mechanisms to restrict access to your server room and other sensitive processing facilities 2. Have you implemented physical security controls such as reception to screen visitors or access control mechanisms to restrict access to your offices 3. Do your remote locations including disaster recovery and redundant processing sites have physical security that is at least aligned to the primary processing site

4 SYSTEM AND SECURITY LOGS 1. For what period of time do you maintain logs Choose an item >> SECURITY PATCHES AND VIRUS DEFINITIONS 1. How frequently do you update virus definition files on computers and servers Choose an item >> 2. How long after release do you implement security related patches and updates on computers, servers and network appliances (routers, firewalls, etc.) Choose an item >> THIRD PARTY SERVICE PROVIDERS Functions outsourced to third party providers Outsourced to third party provider Third party providers name Cloud data processing/storage Data centre/hosting Data processing (marketing/payroll) Managed security services Network implementation/maintenance Off-site archiving, backup and/or storage Payment processing Software implementation/maintenance Systems development, customisation and maintenance Other (please specify) 1. What level of access do you grant to third party service providers Choose an item >> 2. Do agreements with third party service providers require levels of security commensurate with your information security policies 3. Do you review that third party service providers are adhering to contractual and/or regulatory requirements regarding data protection 4. Do you require indemnification from third party service providers for any liability attributable to them (including data breach and system downtime)

5 BUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY 1. Do you have documented and approved disaster recovery and business continuity plans 2. Do you review, test and update disaster recovery plans on at least an annual basis 3. How frequently do you generate backups Choose an item >> 4. Do you monitor for the successful generation of backups PERSONNEL SECURITY 1. Do you conduct background checks on potential employees as part of the recruitment process 2. Do you have a process implemented for granting, reviewing and disabling user accounts and privileges 3. How long after termination of employment do you typically revoke user privileges Choose an item >> 4. Have employees been required to attended any security/data privacy training/ awareness courses within the past 12 months 5. Have you implemented controls to manage and/or restrict internet access and usage CLAIMS AND INSURANCE HISTORY If YES, please provide additional information 1. Have you ever had an insurance policy cancelled or been declined insurance cover 2. Have you sustained an unscheduled network outage over the past 24 months Cause and duration of outage 3. Are you or any of the partners, directors or officers, aware of or are there any circumstances within the past 5 years that would have given, may give, or have given, rise to a claim against the organisation or against this insurance policy 4. Have you previously held similar cover to this application

6 LIMIT OF INDEMNITY Option 1 Option 2 Option 3 Option 4 Quote Deductible DECLARATION I/We, the undersigned, declare that the statements set forth in this proposal form together with any other information supplied are true and correct and that I/we have not misstated or suppressed any material facts. I/We agree that this proposal form together with any other information supplied by me/us shall form the basis upon which the contract of insurance is concluded and shall be incorporated therein. I/We further undertake that in the event that the information provided changes between the date of this application and inception of cover, I/We will notify ITOO of such changes as soon as reasonably possible. Name (duly authorised) Designation Signature D D M M Y Y Y Y Date

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback