Follow Us:



NAIC Insurance Data Security

The National Association of Insurance Commissioners (NAIC) adopted the Insurance Data Security Model Law in October of 2017 to set standards for insurance industry information security and investigate cybersecurity events. The language of this law is similar to that of the law passed in New York, 23 NYCRR 500. In a nutshell, these rules mandate insurance providers across the nation conduct Cybersecurity Risk Assessments and implement cybersecurity programs based on the risk assessment. The NAIC Model Law is now available for individual states to consider making an active law that will be enforced by each state’s insurance commissioner.


Our Insurance Data Security Gap Analysis will evaluate your organization against the requirements of your state’s Insurance Data Security Law and provide recommendations where gaps exist to satisfy requirements. The resulting report becomes your roadmap for complying with your respective state’s Insurance Data Security Law. For those who wish to take proactive steps prior to enacted state legislation, SCA will perform a gap analysis based on the Insurance Data Security Model Law as adopted by the NAIC. Ancillary services such as the Cybersecurity Risk Assessment, Vulnerability Assessment, Penetration Testing and Cybersecurity Policy and Procedures are also available to help your organization meet Insurance Data Security Law requirements.


American Land Title Association (ALTA)

The American Land Title Association created seven best practices, or pillars, for the real estate settlement and mortgage lending industries to demonstrate the high professionalism followed to protect consumers and businesses in the real estate settlement and mortgage settlement. While the ALTA best practices are voluntary, adopting them will help your organization meet lender requirements and regulatory scrutiny.


Best practice pillar #3 requires the implementation of a privacy and information security program. To meet this requirement, SCA provides an ALTA Best Practice Pillar #3 Certification. This attestation can be presented to lenders and other parties you do business with who require evidence of your compliance with Pillar #3 requirements.


To achieve certification, your organization will undergo assessments to evaluate your information security posture and must complete remediation of deficiencies. For a one-stop ALTA best practices shop, SCA will also provide an analysis with assistance in meeting the other six best practice pillars.