Securing Your Information

Security

Your information is important, and protecting the confidentiality, integrity and availability of that information is our priority.  We value our customers’ trust and have an Information Security Program that implements a multifaceted approach to protecting the confidential data of our customers, partners and associates.

Policies and Standards

OneAmerica's written policies and standards create a foundation for our program and align with industry best practices and regulations.  These policies and standards establish guidance for the implementation of additional security controls used to manage our environment.

Risk and Threat Management

We maintain a risk management process that is integrated with Enterprise Risk Management (ERM), and identifies, assesses, prioritizes and addresses the threats and risks to our systems and information. 

Access Controls

We maintain an access control policy and procedures to ensure access to your data is available only to those who need to have it.  Credentials are created in accordance with defined user account and password complexity standards.  Multifactor authentication (MFA) provides an additional layer of access security for our customers.

Systems Security

We search for weaknesses in our systems using internal and external vulnerability assessments to evaluate our systems. Vulnerabilities are prioritized and remediated using a risk-based approach.  Anti-malware is used on both servers and user workstations to detect and prevent the spread of malware and viruses.

Secure Transmissions

Your confidential information is protected while transmitted via public and private networks using encryption.  Examples include email and file transfer encryption, secure email portal for customer use, laptop/desktop encryption and encryption of backup media.

Incident Management

We use industry leading tools and teams to monitor the health and security of our systems.  In the event of an emergency, the leaders of our incident response teams come together to prioritize and manage all issues arising from the emergency event.

Business Continuity

We categorize our information systems and requires business recovery plans. Policies and procedures provide a pre-established framework for control and effective communication of these plans. Critical system recovery plans are exercised annually with results communicated up through senior management.

Training and Awareness

All associates are required to adhere to policies and practices regarding security and privacy rules. Annual training includes privacy, fraud and security measures including social engineering, phishing awareness and an overview of regulations impacting OneAmerica.