September 28, 2016

Best Practices for Secure Agency – Carrier Communications Pt. 1

By: Sydney Beaudreault

Here at Vertafore, we're always discussing industry concerns followed by ways to automate and improve overall compliance processes, whether that be through uniformity and involving ourselves in industry groups, sharing expertise and best practices, or by providing technology solutions. Recently we have had agencies voice concern with issues submitting producer onboarding forms to carriers. The concern is that when sending requests via email, some carriers are rejecting forms because the "producer information is not secure."

We later found that several agencies within the industry are experiencing this same issue, and even heard more on the topic in the Agency-Carrier Faceoff at the SILA 2016 National Education Conference. Turns out that secure communications was the #2 most interesting agency-carrier communications topic on a 2016 SILA membership survey.

Vertafore's Patrick Masi was the referee in that session and described the situation as such:

"Since our industry is a high target for hackers, carriers are taking extra precautions to keep personally-identifiable producer information safe."

The issue for agencies is that they already have difficulties getting any information from their producers, and when carriers start asking for additional steps, the process becomes more frustrating.

So how can you securely transfer these documents?

In the SILA Agency-Carrier Faceoff session, Masi mentioned that in most situations you can find a solution to an agency – carrier communication issue in the SILA Best Practices handbook. In the case of producer onboarding best practices, the handbook suggests the "preferred Agency-Carrier workflow" is to use the ACORD 821 form for producer onboarding, in conjunction with the ACORD 877 and 876 forms for authorization, rights, disclosures, background investigation information, FCRA, etc. However, there isn't a mention of how to transfer these onboarding documents securely.

Since the best practices handbook did not cover secure communication, Masi referred the question to the panel of carrier and agency representatives. What are they doing today?

The agency representative suggested RightFax for strict access faxes or a secure vendor solution, and the carrier suggested encrypting emails. However, the representatives did not share how to specifically perform those actions.

So, I brought the topic to our Data Security Manager, Michelle Covert and she shared a few ways that agencies can quickly and easily improve their processes to ensure that their file sharing is secure.

1. Securely send your information via email
   1. Encrypt your documents before attaching them to an email
   2. Encrypt your entire email before sending it
   3. Save your documents to a secure online storage solution and email the carrier a link
2. Use secure onboarding technology

While each of these methods will secure your information, you should consider the pros and cons before making a decision. Don't worry if you're not familiar (yet) with the items mentioned – we're here to help.

Stay tuned for our next post in this series where we will guide you step by step through each of these encryption and technology practices!

Interested in learning more industry best practices? Subscribe to the Sircon blog for regular updates that can help you simplify your compliance processes.

---