Data Security
Our Commitment to Data Security
At GTM, we understand that trust is the foundation of our relationship with you.
We are dedicated to maintaining the highest levels of data security, fraud prevention, and regulatory compliance to protect the sensitive information you entrust to us.
Our state-of-the-art security measures are designed to safeguard your data from unauthorized access and cyber threats. We employ a robust combination of physical, administrative, and technical controls, including advanced encryption technologies, continuous network monitoring, and strict access controls, ensuring your data is protected around the clock.
Security is integral to our operations. It’s at the very core of what we do, with multiple layers of protection embedded into our services, processes, and infrastructure.
We stay abreast of the latest regulations and standards in the insurance industry and work tirelessly to ensure our processes and policies meet or exceed all statutory and regulatory requirements, giving you peace of mind.
We are committed to delivering insurance services that are not only reliable but also rigorously secure and compliant.
Trust us to handle your insurance needs so you can focus on what matters most — running your business.
How GTM Keeps Your Data Secure
Compliance with state and national standards
GTM undergoes annual security assessments from the New York State Department of Financial Services (DFS) and complies with the DFS regulation establishing cybersecurity requirements for financial services companies, commonly referred to as 23 NYCRR Part 500 or “the Cybersecurity Regulation.”
GTM also adheres to the National Institute of Standards and Technology (NIST) for cybersecurity standards.
Internal training and security awareness
GTM employees complete monthly security awareness training and phishing testing. Topics include:
- Clean Desk
- Bring-Your-Own Device
- Data Management
- Removable Media
- Safe Internet Habits
- Physical Security
- Social Media
- Scams (phishing, vishing, smishing, spear phishing, and whaling)
- Malware
- Social Engineering
- Incident Response
- Security Responsibilities
Key personnel receive continual training in new guidelines and practices, testing, and advanced technology.
Data protection and fraud prevention
In addition to malware detection and prevention, firewalls, and other industry-standard tools, GTM’s testing and evaluation of our technology assures our clients and partners that we are serious about maintaining high-security standards and protecting sensitive data from potential cyber threats. These include penetration testing, monthly vulnerability scanning, and 24x7x365 intrusion and threat detection.
GTM’s dedicated fraud prevention program is essential for protecting against fraud, ensuring the integrity of financial transactions, and maintaining the trust of our clients and their employees. Our program encompasses a range of measures and tools designed to detect, prevent, and respond to fraudulent activities. Our program includes:
- Employee awareness and training
- Audit trails and monitoring
- Fraud detection technology
- Incident response plan
Combatting fraud is vital for any insurance agency, as it directly influences the security of sensitive financial data and the overall trust that clients place in the firm’s services.
Financial statement audit
A financial statement audit conducted by an independent auditor examines the accuracy and completeness of a company’s financial statements.
GTM prepares its financial statements under a framework of generally accepted accounting principles (GAAP) in the U.S.
Independent auditors evaluate the fair presentation of those financial statements using a framework of generally accepted auditing standards (GAAS), which set out requirements and guidance on how to conduct an audit.
Our clients and partners can be comforted by the independent assurance that GTM’s financial statements fairly present the company’s financial position and performance.
By undergoing a financial statement audit, GTM assures our financial health and adherence to accounting standards, which enhances trust and reduces risk for our clients.
Our Vendors’ Commitment to Data Security
Employee Navigator
Employee Navigator helps our clients easily set up, manage, and enroll all their employee benefits online.
Employee Navigator strives to lead the industry with the highest level of security and compliance for protecting sensitive, regulated data. The organization is audited annually for SOC 2 Type II, HITRUST, NIST, GDPR, HIPAA, 23 NYCRR 500, and CCPA requirements.
Employee Navigator complies with the Health Insurance Portability and Accountability Act (HIPAA), which establishes national standards to protect patients’ health information and prevent the unauthorized disclosure of sensitive patient health information.
Employee Navigator maintains SOC 2 Type 2 compliance. This type of audit, delivered by a certified public accountant, is designed to evaluate and ensure that a service provider securely manages data to protect the interests and privacy of its clients.
Applied Epic
Applied Epic® is GTM’s brokerage management platform for prospecting, customer relationship management, accounting, reporting, policy management, and benefits administration.
Applied Epic is certified as ISO/IEC 27001:2013 compliant. As a formal specification, the 27001 standard sets out requirements for implementing, monitoring, maintaining, and continually improving an information security management system. It also recommends best practices, including documentation requirements, responsibility divisions, availability, access control, security, auditing, and corrective and preventive measures.
Applied Epic also maintains SOC 2 Type 2 compliance. Applied Systems conducts SOC 2 Type 2 audits semi-annually within the Trust Services Criteria of security, availability, and confidentiality.
Applied Systems works with the Cloud Security Alliance, which promotes best practices in providing security assurance in cloud computing.
