Before moving into banking I spent many years in Insurance. I don't know of a resource as straight forward as the example from banking but on the insurance side, here are some suggestions of where you might be able to go to get more insurance specific information:
The NAIC guides the State DOI in regulations which I have used to drive contract requirements. The model regulation on information security link is here:
https://content.naic.org/sites/default/files/inline-files/MDL-673.pdfIndustry organizations are another good source of information, I have been successful utilizing AHIP on the health side to pose questions to members and share information in the past. Depending on what kind of insurance you are in there is likely a similar organization to AHIP
About Us - AHIPFinally, reinsurers are another great resource for posing questions and getting input/examples of what others in the industry are doing. If your company has any reinsurance agreements try reaching out to your reinsurers for resources. I have also had success having a reinsurance contact pose questions to multiple insurers to get ideas, examples, comment on specific questions and industry best practices.
Good luck in your search,
Shelly
Original Message:
Sent: 02-01-2021 12:11 PM
From: Charlotte Pennella
Subject: Information Security Provisions in Contracts
Danielle - this is a great source of information. I wish this applied to the Insurance Industry! We could use some specifics in our area. Does anyone know of something similar to what Danielle provided for the Banking industry, but for the Insurance Industry?
Thanks!
------------------------------
Charlotte Pennella
シャーロット ペネラ
Contracts Manager
Original Message:
Sent: 02-01-2021 10:48 AM
From: Danielle Lafollette
Subject: Information Security Provisions in Contracts
Carlos,
The following links for the FDIC and Federal Reserve will provide you with the industry standards for information security provisions your contracts will need:
https://www.fdic.gov/news/financial-institution-letters/2008/fil08044a.html
https://www.federalreserve.gov/supervisionreg/interagencyguidelines.htm
If anyone else has additional information, please feel free to share. We would love to add more resources to our list!
Thank you!
Original Message:
Sent: 01-29-2021 03:00 PM
From: Carlos Victoria
Subject: Information Security Provisions in Contracts
Hi ThirdParty ThinkTank Community,
Could anyone share or point me to where I could find standard / minimum Information Security Provisions to be included in third party contract templates? We would like to provide our legal team with a set of minimum information security standards and language to include in our contracts with third parties.
Thank you!