Three Layers of Data Security

Our Guarantee to You is That Your Data is Safe with Us

 

Only 8% of organizations cited external attacks as the reason for data breach incidents in their organization, which is why it’s sometimes said that employees are the weakest link.

This is not the case at Generali Global Assistance (GGA), as we take robust measures to vet all of our employees and use best security practices when it comes to keeping our clients’ data safe. Click on each bullet below to learn more about how we protect your data from the inside out.

Our Employees Are An Important Factor in Your Data Protection.

    For us, data security is a continuous and ongoing priority. Workstation inspections are conducted weekly throughout our Resolution Center to ensure that all sensitive information is being stored properly and securely. Our Resolution Center is also a cellphone-free, paperless environment, and random audits are routinely done to ensure compliance.

    Our employee training is frequently reviewed and updated, with a focus on data security. During our recruitment process for Resolution Specialists, we look for people who already have significant experience working with sensitive information. After recruitments are hired, they receive two weeks of in-class training and two weeks of on-the-floor training, both with special emphasis on data handling. Training focuses on proper ways for collecting, sharing, and safeguarding personally identifiable information (PII); reporting any suspected or confirmed privacy incidents; and how to adhere to our strict company policies and procedures regarding information security and privacy protection via a three-prong approach (your computer, your workstation, and your building). All new employees are also provided chair-side coaching for the duration of their 90-day probationary period.

    All employees at GGA are also required to take annual HIPPA training and our parent company, Generali Group, has established an ongoing security awareness campaign that is cascaded down internally for all employees via email.

    The benefits of a comprehensive employment background screening are many but foremost among them is increased applicant and new hire quality. Because our employees routinely work with sensitive information, GGA Identity Protection (IDP) hires only the most qualified of applicants. Rigorous background checks are also shown to reduce employee turnover, improve regulatory compliance, and increase safety and security. We want to make the right decision the first time and, with the multi-step process we take in vetting our employees, we can be confident that we are.

    Certification for Resolution Specialists demonstrate a company’s investment in both its people and its services as well as a commitment to high standards of professionalism, compliance, and customer service excellence. FCRA certification ensures compliance with the Fair Credit Reporting Act, which was enacted to promote the accuracy, fairness, and privacy of consumer information. The CIPA program is an international professional certification program specifically developed to train and equip professionals to understand and address identity theft and related fraud, which means our specialists have completed coursework specific to consumer protection laws and related requirements, identity theft risk management standards and solutions, and legal and regulatory responses.

 

 

 

 

 

 
Customer Service-01-1.png

We Keep Our Building Secure, Too

    The Payment Card Industry Data Security Standard (PCI DSS) applies to all companies that accept, process, store, or transmit credit card information to ensure that they maintain a secure environment. We host our data securely with a PCI-compliant hosting provider.

    Electronic records are safer than paper for a number of reasons, so we made the obvious choice. Paper documents risk being accessed by the wrong people if accidentally left out on a desk or kept in an unlocked file cabinet. Electronic data, on the other hand, can be encrypted and/or password-protected. Furthermore, sensitive information can be redacted more easily on electronic files if necessary. Electronically stored documents can also better prevent data tampering and loss, since they can be timestamped and backed up.

    Only certified employees with comprehensive background and credit checks are able to enter the Resolution Center. Furthermore, no personal cellphones and other electronics are allowed in the Resolution Center. A Quality Assurance Manager completes frequent assessments of workstations to ensure compliance. In the end, our goal is to always protect our clients’/customers’ data.

    Our building has a security guard on-site during business hours. All personnel are required to carry a DataWatch badge for access into the facility and for use of elevators. There is a receptionist in the reception area to greet all guests, who must sign in and are escorted through the facility at all times. Guests are also required to carry a DataWatch badge at all times; visitor badges have minimal access throughout the building as different badges have different access rights. GGA IDP restricts access to areas where client/customer data is stored or processed.

    Only the IT staff and a few senior managers have access to servers to perform maintenance operations, and a video camera records access to the room.

 

 

 

 

Office-01-1.png

Your Data is Never Left Unsecured

      GGA is PCI certified and HIPPA compliant.

      GGA minimizes PCI scope by segregating payment systems from all other internal networks following PCI best practices and standards.

      As part of our PCI testing, we do monthly vulnerability testing whereby we receive a report of items that need to be addressed so we can take action and patch the vulnerabilities accordingly.

      Every external email with sensitive data is encrypted using TLS delivery or envelope encryption when TLS is not available. Forced TLS has been configured on our email servers to allow automatic encryption with compatible email servers. Our email system has been configured to automatically encrypt sensitive email communications sent from our operational systems, automatically encrypt emails based on sensitive key words or patterns, and allow users to force encryption on any outgoing communication. Lastly, regular training about why, when, and how to force emails to be encrypted is performed.

      Because of the nature of the information our portal users are required to enter to activate their credit and identity monitoring services, GGA IDP only stores the minimum information required to manage our customers’ subscription. Highly sensitive personal information such as SSN, credit data, and security questions are never stored within the GGA environment.

 

 

Server-01-1.png