Information Security and Privacy
At Kinsale, data security and privacy are more important than ever. We employ a multifaceted approach using administrative and technical safeguards to protect our digital assets. We designed data protection strategies to monitor security threats, as well as clear protocols to respond to them.
Policy & Governance
Our goal is to provide a disciplined approach to safeguarding our digital assets, and that starts with a comprehensive set of security policies and standards designed to protect the confidentiality, integrity, availability, and privacy of our information systems and data. Our policies, standards, and practices leverage commonly accepted information security frameworks.
Training & Awareness
All Kinsale employees and contractors receive training on our privacy and information security policies during onboarding and again as part of our annual policy certification process.
All employees must acknowledge and agree to comply with our Code of Business Conduct and Ethics. We require all employees and contractors to treat information about employees, insureds, and claimants as confidential and access the information only for designated business purposes. Our Code of Business Conduct and Ethics governs our operations and helps ensure company data is not inappropriately shared or altered.
We provide regular targeted security awareness training on topics such as, but not limited to, phishing, password protection, and social engineering.
We educate our employees through several methods, including computer-based training, security materials and presentations, email publications, and various simulation exercises.
Kinsale uses information security tools designed to protect information and systems, including encryption, firewalls, backups, intrusion detection and prevention systems, patch management, vulnerability and penetration testing, and identity management systems. Our Information Security Team regularly monitors these tools to discover anomalous and suspicious patterns and is prepared to respond in a timely manner.
Kinsale’s Security Incident Response process consists of a set of coordinated procedures and tasks that our Incident Response Team executes to ensure the timely and accurate resolution of computer security incidents. In order to ensure that the framework functions efficiently, we conduct tabletop testing exercises using risk analysis to select which components of the plan to test.
Our data security and privacy protocols include regular compliance assessments on our policies and standards and applicable state and federal statutes and regulations.
We use security monitoring utilities and internal and external audits to validate compliance with our internal data security controls.