Background
South Carolina is the first state to implement this law, developed by the National Association of Insurance Commissioners (NAIC).
The Director of the South Carolina Department of Insurance, Ray Farmer, is the current Vice-President of the NAIC and chaired the Cyber Security Working Group responsible for developing the model law.
Key Dates
January 1, 2019
Agencies are required to notify the SC DOI Director, no later than 72 hours after determining that a cyber Security event has occurred.
July 1, 2019
Agencies are required to have established a comprehensive, written Information Security program by July 1, 2019. Section 38-99-20
July 1, 2020
Agencies are required to have vetted their supply chain’s implementation of administrative, technical and physical controls to safeguard their Information Systems storing agency Non-Public Data. Section 38-99-20(F)
February 15, 2020
Agencies operating in South Carolina must submit a written statement certifying to the SC DOI Director, a written statement certifying that the insurer complies with the requirements set forth in the Act. Section 38-99-20(H)(2)(1)
Key Requirements
Risk Assessment
Comprehensive Written Information Security Program, including an Incident Response Plan
Chief Information Security Officer appointed to oversee the Information Security Program
Annual reporting by CISO to Board of Directors or Owner(s)
Annual reporting to SC Department of Insurance
Is Outsourcing Compliance Right For You?
Insurance agents routinely identify and calculate risks when developing a client's policy, be it health, auto, or life. Assessing security risks follows a similar processes of identifying risks and corresponding threats by answering these questions:
What are the known risks within your business?
What are your business's unidentified risks?
What are the existing and evolving threats to your critical lines of business?
What are you doing to effectively counter threats?
Are you managing the risks to the strategic initiatives across your business?
How We Help
Dragoon Security Group has researched the the SC Insurance Data Security Act and studied supporting initiatives by NAIC, outlining the core requirements of the NAIC’s goals. These goals are integral in our turn-key Compliance-as-a-Service program. Agencies continue to conduct normal operations, focusing on serving their customers rather than losing opportunity tending to the new regulatory requirements.
Dragoon Security Group brings decades of experience building and maturing Information Security Programs in highly regulated industries, both public and private sector. Our insight into delivering secure, cost-effective and efficient controls and solutions means Compliance and Security are handled with minimal impact to daily business activities.