transforming risk into opportunity
January 7, 2020
Protecting Clients from Cyber-security Attack
TRISTAR

TRISTAR has now achieved SOC 2 Type II certification.  These are the most comprehensive and rigorous credentials to obtain for system and organizational control protocols.  The certification signals to the marketplace that TRISTAR has a proven system designed to keep clients’ sensitive data secure.

 

At TRISTAR, we understand that the market demands a more secure data environment and recognize our obligation to our clients and their employees, and embrace changes to cybersecurity industry standards.  Our certification covers relevant cybersecurity and operational controls through a comprehensive program to mitigate cybersecurity risk. These controls include:

 

  1. Introduction of a managed security service provider to assist with network based intrusion monitoring.
  2. Regular scanning and implementation of procedures to quickly address any detected vulnerabilities.
  3. Annual IT risk assessments.
  4. Annual penetration testing, also called pen testing or ethical hacking, to test network and web application security for vulnerability that attackers could exploit.  
  5. Enhanced IT monitoring capabilities to detect system issues.
  6. Overhaul of IT policies and procedures to align with the most current security standards and best practices.  
    • Network Encryptions.
    • Restrict and define user access.
    • Conduct regular tabletop exercises to demonstrate and refine disaster incident responses.
  7. Implementation of multifactor authentication for administrative activities.
  8. Monthly Employee training
  9. Establishment of Vendor Risk Assessment Program to work with our strategic business partners to ensure inherent risks (contractual, cybersecurity, data transfer, record retention, destruction policy, data classification, safety risk etc.) are all minimized.

 

Call us today at 888.558.7478 and let us help you manage your organization’s workers’ compensation and liability programs while ensuring your data’s security and confidentiality.