Unique Risks Need Custom
Solutions
Please answer all the
questions on this form. Before any
question is answered please carefully read, then sign, the declaration at the
end of the application form. Underwr
Any policy that may be
issued based upon this form will provide claims first made and reported
coverage.
Section 1 – Your Details
3. Contact name and title of individual
responsible to executive management for information security operations:
4. Contact’s telephone number and email address:
5. Names of
6. Please detail any mergers and acquisitions
undertaken in the last 3 years (including retro-dates):
7. Website home page (including subsidiaries):
Section 2 – Your Business
10. Detailed
description of business / Professional Services:
11. Identify
your corporate structure (C Corp, Partnership, S Corp LLC, Other):
12. Please
confirm the total revenues a) from your most recent financial
year;
b)
projected for your next financial year.
13. Please
confirm the total revenues from your Internet activities only
a)
for your most recent financial year;
b) projected for your next financial
year.
14. Do
you have any customers that represent more than 50% of your revenue: Yes No
15. Please
list
Section
3 – Your Professional Services
Please complete this section for Technology Errors
and Omissions coverage
16. Please provide an analysis of
your revenue (by percentage) from the following:
|
Technology Products and Services Provided to Third Parties |
|
|
Customized development |
|
|
Pre-packaged/Shrink Wrap |
|
|
Consulting |
|
|
Implementation/Integration |
|
|
Real Time Production |
|
|
Real Time Trading |
|
|
|
|
|
Distribution/Sales |
|
|
Training |
|
|
Other Tech. Prod/
Services-Desc. |
|
|
Other Tech. Prod/ Services-Desc |
|
|
|
|
|
Non-Technology Products or Services Sold to Third Parties |
|
|
Healthcare |
|
|
Financial |
|
|
Media, Advertising,
Entertainment |
|
|
Wholesaler or Retailer of
Products |
|
|
Manufacturing |
|
|
Non-Profit |
|
|
Education |
|
|
Non Tech. Other-Describe |
|
|
Non Tech. Other-Describe |
|
17. Please identify your mission cr
18. Do you or
will you w
i) Storage of customer/subscriber names and
addresses
Yes No
ii) Storage of cred
Yes No
iii) Storage of cred
Yes No
iv) Storage of
medical records or personal health
Yes No
v) Storage of intellectual property of others
Yes No If yes,
please give details:
vi) Storage
or access to bank records/investment data or financial transactions of
subscribers/customers
Yes No
vii) Storage or other customer/subscriber
Yes No If yes,
please give details:
viii)
Electronic publishing, marketing, dissemination or distribution of copyrighted
material of others
Yes No
ix) Electronic publishing, marketing,
dissemination or distribution of original works
Yes No
Do you provide content for third
party web sites?
Yes No
x) Electronic publishing, marketing,
dissemination or distribution of pornography or adult entertainment material
Yes No
xi) Advertising the products or services
of other companies on webs
Yes No
xii) Provide legal, financial
or personal finance advice
Yes No
xiii) Provide medical or
health advice
Yes No
xiv)
Provide other personal advice services such as counselling
Yes No
xv) Provide webs
Yes No If yes,
please give details:
xvi)
Registration of Domain Names for others (Domain Registrar)
Yes No
xvii)
Sell or share individual subscriber or user identifiable
Yes No
19. Please indicate the end-user application of your
company’s products/services by market sector:
|
Market Sector |
Revenue by
percentage |
|
|
|
|
Aerospace |
|
|
Agriculture |
|
|
Communications/Telecommunications |
|
|
Construction |
|
|
Educational Inst |
|
|
Financial Inst |
|
|
Government |
|
|
Healthcare/Medical |
|
|
Home Use |
|
|
Industrial/Manufacturing Use |
|
|
Trade/Commerce – retail/wholesale |
|
|
Other (please detail) |
|
|
Other (please detail) |
|
Section
4 – Your Website
Please complete for your Internet operations (if
applicable)
The
20. Does your webs
21. Does your company have an established procedure
for ed
If yes, please confirm whether this review
procedure is carried out by a qualified attorney.
Yes No
22. Does your company use material provided by
others, such as content, music, graphics, and video streams, in your software,
or on your website? Yes No
If yes, please confirm
whether you obtain wr
23. Does your company use the Internet or an
intranet for pol
Section
5 – Your IT systems
Please complete for your network
The
24. Do you
use Microsoft Operation System environments for your public-facing systems
and/or services, such as IIS (web server), or other Microsoft Operating Systems
servers for database, email or DNS. Yes No
If
yes, do you have a formal patch management process in place and have you installed
the latest available security
vulnerability alert and service pack? Yes No
25. Is firew
Yes No
26. Does your
company use anti-virus software on
Yes No
27. Are
system backup and recovery procedures documented and tested for
28. Does your
company have a wr
Yes No
29. Does your company have
a published
Yes No
30. Are there
regular secur
Section
6 – Your Risk Mitigation
31. Does your
company use Independent Contractors to whom you sub-contract work?
Yes No
If yes, please confirm
whether you require Independent Contractors to carry professional liabil
32. If Yes to 31 above :
Does your company always use a wr
If Yes, please attach a
copy.
If No or Not always, please
describe how you agree the scope of the contract w
Please provide a copy of
your standard customer contract w
33. Within the last two (2) years, have any
customers either failed to pay for or requested a refund for a product or
service you provided due to an alleged
problem? (whether due to non-performance, dissatisfaction or otherwise) Yes No
34. Has your
company ever been declined for Errors and Omissions, Professional Liability or
Media Liability insurance or had an existing policy cancelled? Yes No
35. In the last
5 years has your company experienced any claims or are you aware of any
circumstances that could give rise to a claim that would have been covered by
this policy?
Yes No
If yes, please detail
separately and include any pending or prior incident, event or l
36. In the last
5 years has your company been the subject of any cease and desist orders or
been the subject of official admonishments, cr
Yes No
If yes, please detail
separately and include any pending or prior incident, event or l
Privacy Supplemental
37. Have you indentified all relevant
regulatory and industry compliance frameworks that are applicable to the organization? Yes No
(Please
provide details of compliance applicable to your organization, with details of
the latest audit carried out)
38. Is all sensitive and confidential
information that is transmitted within and from your organization encrypted
using Industry-grade mechanisms? Yes No
39. Do you have strict user revocation
procedures on user accounts and inventoried recovery of all information assets
following employment termination? Yes No
40. Do you have established procedures for ensuring the deletion of all sensitive data from systems and devices prior to their disposal from the company? Yes No
41. Is all sensitive and confidential information stored on your
organization’s databases, servers and data files encrypted? Yes No
42. Are access control procedures and hard
drive encryption in force to prevent unauthorized exposure of data on all
Laptops/ Blackberry’s, and home based PC’s? Yes No
43. Do you ensure
44. In response
all individuals who may be adversely
affected by such exposures? Yes No
45. Has the organization ever sustained a
significant system intrusion, tampering, virus or malicious code attack, loss
of data, hacking incident, data theft or similar? Yes No
46. Is the organization or any of its
partners, directors or officers aware of, or are there any circumstances that
may give, or have given, rise to a claim against the company or against this Insurance policy? Yes No
47. During the past three years, has anyone
made any Claim against the Applicant for invasion of or interference with any
right of privacy, wrongful disclosure of personal information, or violation of
any privacy related statute or regulation? Yes No
48. Do you store credit card details on your
network or does it go straight off to the payment processor? Yes No
49. Have you specifically checked that your
SQL servers with credit card details are programmed to prevent SQL injection
attacks? Yes No
50. Is your credit card data on your SQL
server always encrypted?
Yes No Yes No
51. Is
all Personally Identifiable Information (PII) encrypted at rest and in transit? Yes No
52. Is
all Personally Identifiable Information (PII) encrypted on the network and off
the network including remote devices, i.e. laptops, blackberries, disks, etc. Yes No
53. Are
all back up tapes / cassettes secure in transit? Are they picked up, shipped,
and stored by reputable third parties? Yes No
Declaration
I hereby declare
that I am authorized to complete this application on behalf of the applicant and that after due inquiry, to
the best of my knowledge and belief, the statements and particulars in this
application are true and complete and no material facts have been misstated,
suppressed, or omitted. I undertake to inform underwriters or any alteration or
addition to these statements or particulars which occur before or during any
contract of insurance based on the applications is effected. I also acknowledge
that this application (together with any other information supplied to
underwriters) shall be the basis of such contract.
I understand
that underwriters will rely on the statements that I make on this form. In this
context, any insurance coverage that may be issued based upon this form will be
void if the form contains falsehoods, misrepresentations or omissions.
Signed:* _____________________________________
Name:
______________________________________
Position:*_____________________________________ Date:
___________________
*the signatory
should be a director or senior officer of, or a partner in, the Applicant