The Canadian Life Insurance EDI Standards organization (CLIEDIS) has finished developing a single set of security requirements that can be applied to protect all confidential data received by industry trading partners.

"In the wake of numerous recent data breaches, data security has become a strategic issue for life insurance providers. Tighter regulations combined with new CITS data feeds containing more and different types of data and new players in the market have put the need for CLIEDIS to provide direction on data security requirements," explains the standards organization. "As carriers reevaluate their security requirements and look to better validate compliance, distributors seek a consistent set of requirements to adhere to."

A working group was formed

In response to these concerns, a working group composed of CLIEDIS carrier members and representatives from the Canadian Association of Independent Life Brokerage Agencies (CAILBA) was formed late last year to draw up security requirements that were achievable, consistent, and realistic. Last week, CLIEDIS announced that the group had completed its task and posted three documents to the resource centre page of its web site:

• A data security schedule, which outlines a single set of data protections. It can be used alone or in conjunction with an existing contract in place between trading partners.
• A questionnaire that is aligned with each section of the data security schedule; it is meant to allow a company to document the methodologies and rules it follows.
• A set of frequently asked questions which are also aligned with each section of the data security schedule and provides additional details and guidance.

"The hard work begins now"

"The hard work begins now as we encourage companies to begin adopting this schedule in place of the proprietary, conflicting agreements that are currently in place," said CLIEDIS executive director Julie Parrott in a message thanking those who participated in the project.