At GetInsured, we understand that security and privacy are the cornerstones of trust. Whether we’re managing sensitive consumer data or ensuring seamless system performance, our approach is grounded in rigorous protocols, modern technologies, and a relentless focus on compliance. Backed by our dedicated Infosec team, here’s how we safeguard the systems, data, and consumer interactions that power our state-based exchanges.

Built with Security in Mind

Our approach begins with a thorough understanding of federal, state-specific, and industry security requirements. Although our out-of-the-box security meets and exceeds most security-related requirements, we complete a gap analysis to identify any state-specific needs. This thorough process has led to delivering each of the states we serve with compliant, secure systems.

Data Protection at Every Step

Managing consumers’ personal and private data is a responsibility we take seriously. Our data management program is comprehensive and adheres to internationally recognized best practices. From data storage to transfer, security is non-negotiable:

  • Encryption: All data is encrypted both in transit and at rest, ensuring that sensitive information is always secure.
  • Continuous Monitoring: Security Information and Event Management (SIEM) tools log and monitor all activity, allowing us to detect and respond to any unusual patterns or access attempts.
  • Restricted Access: Role-based access control ensures that sensitive consumer information is accessible only to authorized individuals. Privileged access is tightly controlled and requires multi-level approval, role-based permissions, and multi-factor authentication (MFA).

Certified, Audited, and Compliant

We don’t just meet security standards: we work to exceed them. Our commitment to security standards is demonstrated through rigorous audits and certifications:

  • SOC 2 Type 2 Compliance: Our platform undergoes rigorous audits by nationally recognized firms, ensuring we meet industry standards for privacy, security, and data integrity.
  • NIST 800-53 Compliance: We adhere to the latest NIST guidelines to ensure robust protections for sensitive government data.
  • MARS-E Compliance: Our platform undergoes annual audits, maintaining compliance with CMS requirements for ACA solutions.
  • Vulnerability Scans and Updates: Regular scans and patch updates keep our systems secure, with proactive measures to address emerging threats.

Defense in Depth: Layered Protection

Our Defense-in-Depth strategy means that we implement security at multiple levels, ensuring no single vulnerability can compromise the system. Key components include:

  • Web Application Firewall (WAF) for DDoS prevention and traffic filtering.
  • Network-level and server-level firewalls with restricted access and enhanced security.
  • Intrusion Detection/Prevention Systems (IDS/IPS) and anti-malware protection.
  • Role-based permissions and VPN-restricted access to production systems.

Training and Awareness

Security begins with our people. All GetInsured employees complete comprehensive security and privacy training, both during onboarding and annually. Developers receive specific training to identify vulnerabilities, and ongoing awareness campaigns keep security top of mind for the entire team.

Resilient Infrastructure and Disaster Recovery

With Recovery Point Objectives (RPO) of 5 minutes and Recovery Time Objectives (RTO) of under 30 minutes, our infrastructure is engineered to respond swiftly in emergencies.

We host solutions on Amazon Web Services (AWS) within U.S.-based data centers, ensuring high availability and minimal downtime. Key features include:

  • Continuously replicating data in near real time to backup locations.
  • Conducting annual disaster recovery testing, ensuring our systems can recover quickly with minimal data loss.

Security is in our DNA

At GetInsured, we don’t just secure systems – we secure peace of mind. Security and privacy are not afterthoughts – they are embedded into every process, from system architecture and software development to employee training and client support. With executive sponsorship and a dedicated Information Security team, we deliver solutions that prioritize trust, compliance, and consumer protection.

By partnering with us, our clients can be confident that their data is safeguarded by a proven, reliable, and continuously evolving security framework.