Use of client information policy
LMB (“the Company”) upholds the highest professional standards in confidentiality and compliance when managing client and third-party information and business best practices. We also ensure that the Insurers with which we place business are compliant through every step of the policy placement and management process.
Defining information assets
Information assets are comprised of the information created or used to support business activities as well as the information systems used to process information, including:
Acceptable use of information assets
Our information assets are comprised of the information created or used to support business activities as well as the systems with which LMB uses to process information. LMB must protect these assets to ensure that they function properly and comply with regulatory, contractual and local law requirements. This policy establishes minimum requirements for the acceptable use of our information assets.
Scope of information asset use
This policy applies to LMB and third parties, including support services, vendors, independent contractors and consultants, who collect, use, disclose, transfer, retain, process, destroy (collectively referred to as “process”) or otherwise have access to our information assets. All LMB information assets are the property of LMB Insurance and only authorized individuals can process these information assets.
Avoiding inappropriate disclosure of information
LMB is not permitted to disclose non-public or confidential information to anyone, except as necessary to perform their specific job duties or as required by law. In addition, LMB must take reasonable care to ensure that non-public or confidential information is not inadvertently disclosed to anyone who does not have a need to know such information. LMB must also comply with applicable document retention policies and information classification and handling standards, as well as information security and data protection policies and procedures.
Preventing unauthorized access to information assets
LMB is not permitted to share passwords. Colleagues are required to safeguard passwords and not disclose them to others without legal or otherwise compulsory purposes for doing so. Desktop computers, laptops, and mobile devices must be encrypted or otherwise secured. Possession and use of tools for cracking, testing or bypassing security controls are prohibited.
All colleagues must access electronic information using a password-protected screen saver or by manually locking the system display screen when unattended. All facilities and storage locations containing company information must have appropriate physical security controls in place to prevent unauthorized access. In addition, mobile devices must be physically secured in a locked drawer, locked office or safe, or locked with a steel cable lock when not in use.
Appropriate use of information systems
All information systems will be protected by up-to-date firewall, malware protection, anti-virus software, virtual private network (VPN), and encryption software. LMB will adhere to copyrights and license agreements associated with printed or electronic materials, software or other multimedia content.
Information breach incident reporting
Any incidents involving actual or suspected data loss, theft, unauthorized disclosure or inappropriate use of LMB information assets by an unauthorized third-party will be investigated and the results of any investigation will be communicated to LMB’s clients.
Copyright © 2024 LMB Insurance - All Rights Reserved.