Technology and Information Security

Database planningBrownGreer prides itself on using cutting edge technology to maximize performance, security, and efficiency. Our team of seasoned architects, project managers, software developers, systems and network administrators, and information security officers identify each unique requirement of a project, and then design, update, and report from custom-built, secure platforms. Our web-based database applications not only track claim and litigation activity, they also serve as tools to trigger claim processing events. Our customized, secure settlement portals allow for instantaneous exchange of information, eliminating costs associated with data entry. Through the use of unique user credentials, only authorized individuals can submit data, conduct ad hoc reporting, and access claim information.

We are committed to securing the data of our clients and claimants in the settlement programs we administer. Our firm has a dedicated, industry certified Information Security team that focuses on ensuring our environment meets or exceeds industry best practices to protect the sensitive and confidential data we are trusted to manage. Our Information Security Program is based on the framework detailed in NIST Special Publication 800-53 to provide a strong foundation to address both today’s and tomorrow’s security requirements, as well as any of our clients’ compliance and data security needs.

Key components of BrownGreer’s Information Security Program include:

SOC Service Org logo

External Validation.

Our Information Security Program is based on industry best practices. We have successfully completed an external SOC 2 examination. We have a fully documented Information Security Program that clearly details how we secure our data and resources.
External validation graphic

Defense in Depth.

We follow a defense in depth model to provide multiple layers of protection, detection, and alerting. A defense in depth approach ensures there are additional layers of defense in place to protect our environment, in the event that a layer of security is bypassed or is unsuccessful in blocking a specific attack.
Access graphic

Access Control.

Our Access Control Program is built on the principle of least privilege ensuring the minimum level of access required is given to any user. Our Program also ensures access requested are approved by the data or system owner and periodic reviews occur to ensure access permissions are kept up to date.
Incident response

Incident Response.

We have an established Incident Response team prepared to immediately activate to address incidents both big and small. In addition, external partnerships are already in place in the event specialized assistance is needed as part of any incident. Our Information Security team performs risk assessments to continually measure the risk of our environment and prioritize remediation efforts.
Security training session

Awareness and Training.

We believe security awareness and training is one of the most critical security controls in a business. All BG workers participate in security awareness training and role based training is delivered to teams that perform critical tasks. This includes annual review and acknowledgment of our Acceptable Use Policy, Data Protection Standard, and security awareness events throughout the year.