Modern businesses are facing technology failure and information breaches at an alarming rate. According to one study, data breaches cost organizations nearly $4 million in 2020. And third-party breaches, on average, cost twice that amount. So, it's no wonder that data security is top of mind for many leaders, especially in the highly-regulated insurance industry. 

Beyond the hard costs of remediating gaps in security protocols, impacted organizations must deal with the long-tail challenges of eroded trust among customers and partners. If they can control the damage, rebuilding that trust will still take years, which is unfortunate for an avoidable event.

To protect themselves, benefit brokers and carriers routinely require their third-party partners, like ThreeFlow, to attest to compliance with security standards. At ThreeFlow, we decided early on that we would prioritize securing our client's and partner's data, knowing that we can't help the industry move forward if we can't protect their data. 

But data security goes beyond ticking boxes on a checklist. That's why we recently pursued and received our SOC 2 Type 2 report attesting to our compliance with data-security measures. 

Why we started with SOC 2

The SOC 2 framework aligns with how we treat our data, assets, and people. Their criteria for managing customer data are based on five principles: 

  • Security
  • Processing integrity
  • Confidentiality
  • Availability
  • Privacy

These tenets have also been part of how our company builds software and, more broadly, reflects our commitments to our clients and partners. 

As we embarked on the process of auditing our systems, we decided to partner with Vanta, a compliance automation software, and BARR Advisory as our auditing partner. They both made the process extremely simple.

The audit took a deep look into our internal processes and systems. Our physical and hardware components that support our IT environment were scrutinized. The operating software and programs we use to facilitate data and system processing were tested for vulnerabilities. Even the personnel involved in the management, security, governance, and operations to deliver services to customers were assessed.

Committing to a security audit and pursuing compliance certifications shows customers, employees, and partners where our priorities lie and how security, privacy, and reliability are approached. These core principles—and the specific controls that SOC 2 evaluates—are also foundational to other compliance frameworks such as HITRUST. 

Looking toward the future

At ThreeFlow we see compliance and data security as a life-long commitment. Committing to these protocols and checks allows us to continue growing and offering our customers the most innovative services and tools from our Benefits Placement System to interoperability.

Brokers and carriers trust ThreeFlow to support their workflow from plan proposals to renewals. So keeping that data secure, ensuring our customers and partners have a stable platform to work on, and keeping out unauthorized users, means that they can focus on running their business.

SOC 2 certification is just one way we're working to keep our customer's data secure. Visit our security page to learn more.