This is our third information security bulletin, this time focusing on how our staff help to secure your client information through good security practices at work. We provide these so you can gather all the relevant facts about how we manage and deliver security to support your fulfilment of regulatory requirements for your business.
In our last bulletin we highlighted how we ensure security in application development – keeping your client data secure in our online systems. This bulletin is about how our team protect that data from human error or breaches in security.
Quotemonster has a set of internal security procedures that staff must follow when handling your information. Many of these will be invisible to you: how we select staff, check references, create policies about access, control access to our office, our systems, and how we track and manage access. Some of these procedures are new and will affect how we work with you. If you have called one of us to talk about a quote or research report recently – and that call has required access to your data – you will notice a change in process. We have to identify that the person we talk with on the phone is someone we can discuss the details of the quote with. This is another reason why the name on your account needs to be your name – so that when you call, we can be sure it is permitted for us to discuss your client information with you. By the way: if you are an administrator for an adviser using our services you do not have to pay the full subscription costs to have access to our systems. Admin or PA licences are only $20 + GST a month.
A reminder: remember that we are about to make 2FA mandatory on the site. It has been possible to ‘skip’ this step for a few months now. More than 80% of our regular users have set up 2FA – it only takes about five minutes – and so we are shortly going to require it for the last 20% who have not yet got around to it. Please allow a little more time in the next couple of weeks to set it up so you are not frustrated when it becomes mandatory.
You will not be able to share a login between different advisers once 2FA has been implemented. If you would like to talk to us about licence terms or obtaining additional licenses please contact us.
There are additional site security standards that you will have an opportunity to read about in the coming weeks as we aim to fill up your compliance file on our site security.
Want to know more?
We are here to help! You can email us to ask for copies of past security bulletins or find these on our blog. You can also look up our outsource provider statement at the bottom right-hand corner of every page on the site at www.quotemonster.co.nz. More information about relevant certifications, policies, and procedures will be shared in future information security bulletins. We recommend you keep these with other compliance documents.
Please contact us on 09 480 6071 or at [email protected] if you have any concerns or questions.
ISB 03-202301