DATA PROTECTION AND SECURITY POLICY
Pacific Claims takes such steps as are reasonable for data protection and security to protect digital information from unauthorised access, theft, or corruption.
Pacific Claims is supported by Managed IT Services. It includes:
Encryption: Converting data into a code that can only be read by authorised parties
Access control: Managing who can access data and resources, and ensuring they have the appropriate level of access
Backups and recovery: Creating and storing copies of data in case of loss
Policies and procedures: Establishing rules for how data is handled
Training: Program of staff training including cyber security awareness
Monitoring: Monitoring user and network activity
Data security protects information throughout its life cycle, including hardware, software, storage devices, and user devices.
Components of data security
Confidentiality: Keeping data private
Integrity: Ensuring data is accurate and reliable
Authenticity: Ensuring data is genuine
Availability: Ensuring data is accessible when needed
Technical safeguards
Endpoint protection: Secure all endpoints, including servers, with regular patching and firmware updates
Data encryption: Encrypt data to protect it from unauthorised access
Vulnerability management: Manage vulnerabilities in systems and components
Organisational safeguards
Access control: Limit access to information and systems to authorised users
Physical security: Protect data centres from physical threats like fire, flood, and unauthorised entry; Scheduled tests of Business Continuity Plan
Personnel security: Train employees on security best practices and how to identify and respond to threats
Incident response: Have procedures in place to respond to security incidents
Other policies
Asset management: Manage the lifecycle of information technology resources, from acquisition to disposal
Cloud and network infrastructure security: Secure cloud and network infrastructure
Third-party security: Ensure third parties are secure and follow best practices