| Personal Information |
| First Name
Required
|
|
| Last Name
Required
|
|
| Number of Owners
Required
|
|
| Name(s) of Company Owner(s), with % ownership
Required
|
|
| Description of Operations:
Required
|
|
| Formal Name of Business
Required
|
|
| Is your company a franchise?
Required
|
|
| If yes, provide full legal name of franchisor:
Optional
|
|
| Business Type
Required
|
|
| Year Established
Required
|
|
| Street
Required
|
|
| City
Required
|
|
| State
Required
|
|
| ZIP / Postal Code
Required
|
|
| Primary Phone Number
Required
|
|
| E-Mail Address
Required
|
|
| Website Address:
Required
|
|
| RISK BACKGROUND |
| Has any entity proposed for insurance closed, sold, merged with or acquired any company in the past 12 months or anticipates doing so in the next 12 months?
Required
|
|
| Do you perform services in the State of New York?
Required
|
|
| If “Yes,” what percentage is performed in the five (5) boroughs and what percent in the rest of New York?
Optional
|
|
| Please list all States in which you operate.
Required
|
|
| Estimated Annual Gross Revenue
Required
|
|
| Prior 12 months annual gross revenue
Required
|
|
| Number of full-time employees
Required
|
|
| Number of part-time employees
Required
|
|
| Number of temporary/ seasonal employees
Required
|
|
| Number of independent contractors
Required
|
|
| DATA AND RECORDS INFORMATION |
| Estimated number of individual client records whose information (credit card, soc sec #, etc.) is stored transmitted or collected by your company or any third party service provider on behalf of your client.
Required
|
|
| Estimated number of foreign individuals whose personal information is stored, transmitted, or collected.
Required
|
|
| Type(s) of personally identifiable information collected, transmitted, or stored"
Required
|
Hold down the Ctrl Key to make multiple selections. |
| # of records collected or transmitted each year: Social security # or individual taxpayer identification #s
Required
|
|
| Maximum number of records stored at any one time: Social security # or individual taxpayer identification #s
Required
|
|
| # of records collected or transmitted each year: Financial account record (e.g. bank accounts)
Required
|
|
| Maximum number of records stored at any one time: Financial account record (e.g. bank accounts)
Required
|
|
| # of records collected or transmitted each year: Payment card data (e.g. credit or debit cards)
Required
|
|
| Maximum number of records stored at any one time: Payment card data (e.g. credit or debit cards)
Required
|
|
| # of records collected or transmitted each year: Driver’s license # passport # or other State or Federal ID#
Required
|
|
| Maximum number of records stored at any one time: Driver’s license # passport # or other State or Federal ID #
Required
|
|
| # of records collected or transmitted each year: Protected health information (e.g. medical records)
Required
|
|
| Maximum number of records stored at any one time: Protected health information (e.g. medical records)
Required
|
|
| # of records collected or transmitted each year: Username/email address, in combination with password or security question
Required
|
|
| Maximum number of records stored at any one time: Username/email address, in combination with password or security question
Required
|
|
| # of records collected or transmitted each year: Other – Please provide details
Optional
|
|
| Additional Comments
Optional
|
|
| Maximum number of records stored at any one time: Other – Please provide details
Optional
|
|
| Additional Comments
Optional
|
|
| CURRENT CYBER LIABILITY/DATA BREACH POLICY INFO |
| Do you currently have a cyber liability/data breach insurance policy?
Required
|
|
| Current Insurance Provider
Required
|
|
| Effective Date
Optional
|
|
|
/ |
|
/ |
|
|
| Current Policy End Date
Required
|
|
|
/ |
|
/ |
|
|
| Current Limits
Required
|
|
| Current Deductible
Required
|
|
| Current Premium
Required
|
|
| CLAIM ACTIVITY |
| In the last five years, has the applicant had a data breach resulting in the misappropriation or public disclosure of personal Information?
Required
|
|
| In the last five years, has the applicant had any claim, suit, inquiry, complaint, notice of charge, notice of hearing, regulatory action, governmental action or administrative action related to the coverage applied for?
Required
|
|
| WEBSITE MEDIA LIABILITY |
| Does the applicant have a website or utilize a social media platform?
Required
|
|
| If “Yes,” please answer the following regarding the content used online: |
| Does the applicant review material that is posted or utilized online?
Required
|
|
| Does the applicant obtain written releases from all images used
Required
|
|
| Does the website have a privacy policy?
Required
|
|
| Information/Network Security Risk Management |
| Select all the controls your company utilizies:
Required
|
Hold down the Ctrl Key to make multiple selections. |
| Does the applicant proactively address system vulnerabilities, including regular updates to anti-virus/ malware protection and critical security patches?
Required
|
|
| Has the applicant had a vulnerability assessment, penetration test, or other network security assessment performed in the last 12 months?
Required
|
|
| Does the applicant have a data retention and destruction plan in place that includes both electronic and physical data?
Required
|
|
| Information/Network Security Policy |
| Does the applicant have a written physical and network security policy in place?
Required
|
|
| Do all employees receive training on the privacy policy at least annually?
Required
|
|
| Does the applicant have a designated individual responsible for the management of, and compliance with the applicant’s security policies?
Required
|
|
| If “Yes,” what is the name and title of this individual?
Optional
|
|
| Breach Response/Disaster Recovery/Business Continuity Planning |
| Does the applicant have a written data breach response plan in place?
Required
|
|
| Does the applicant back up all valuable/sensitive data, including personal information* of others, on a daily basis?
Required
|
|
| If not daily, how often?
Required
|
|
| Does the applicant have a disaster recovery and business continuity plan in place that is designed to avoid business interruption due to IT systems failure?
Required
|
|
| If "yes" Is this plan regularly tested and updated?
Optional
|
|
| If "yes", how many hours does it take the applicant to fully restore their systems?
Optional
|
|
| Encryption |
| Does the applicant encrypt personal information in the following scenarios?
Required
|
Hold down the Ctrl Key to make multiple selections. |
| Physical Security |
| Does the applicant have physical security in place to restrict access to computer systems or paper records that contain sensitive information?
Required
|
|
| Vendor Controls |
| Are business associate agreements in place for all third parties?
Required
|
|
| Has applicant confirmed payment processor and any third party assisting with payment cards is compliant with Payment Card Industry Data Security Standards? (PCIDSS)
Required
|
|
| Have you entered into a written contract or agreement with a service provider or utilize a third party that holds, transmits, or stores personal information* on your behalf?
Required
|
|
| If "yes" provide the Service Provider Name, Services Provided, Type of Personal Information stored and # of records stored
Optional
|
|
| Employee Controls |
| Does the applicant conduct background checks on all employees?
Required
|
|
| Does the applicant restrict employee access to Personally Identifiable Information on a business “need-to-know” basis?
Required
|
|
| Is remote access to the network permitted only if through Virtual Private Network (VPN) or equivalent system?
Required
|
|
| Does applicant terminate all associated computer access and user accounts as part of the regular exit process when an employee leaves the company?
Required
|
|
| Do you track and monitor all access to network resources?
Required
|
|
| Additional Comments
Optional
|
|
Submission Validation Required |
Enter the Validation Code from above.
|