top of page

INFORMATION SECURITY POLICY

Effective Date: July 13, 2026

1. PURPOSE

Ingenisure ("Ingenisure," "we," "our," or "us") is committed to protecting the confidentiality, integrity, and availability of information entrusted to us by clients, employers, employees, insurance carriers, benefit administrators, vendors, and other authorized parties.

This Information Security Policy establishes the administrative, technical, and physical safeguards utilized by Ingenisure to protect personal information, confidential information, proprietary business information, and other sensitive data in connection with our insurance brokerage, employee benefits consulting, enrollment, compliance, and related services.

This policy supports Ingenisure's Privacy Notice, Terms of Use, contractual obligations, and applicable legal and regulatory requirements.

2. SCOPE

This policy applies to:

  • Ingenisure personnel

  • Owners

  • Employees

  • Independent contractors

  • Temporary workers

  • Consultants

  • Authorized service providers with access to Ingenisure information systems

This policy applies to information maintained in any form, including:

  • Electronic records

  • Cloud-based systems

  • Mobile devices

  • Physical documents

  • Email communications

  • Enrollment systems

  • Customer relationship management systems

  • Shared drives

  • Backup systems

3. INFORMATION CLASSIFICATION

Ingenisure classifies information according to its sensitivity and business impact.

Public Information

Information approved for public disclosure, including:

  • Marketing materials

  • Public website content

  • Published educational content

Internal Information

Information intended for internal business use, including:

  • Internal procedures

  • Business planning materials

  • Operational records

Confidential Information

Information requiring restricted access, including:

  • Client information

  • Vendor information

  • Financial information

  • Contractual information

  • Business strategies

Sensitive Information

Information requiring the highest level of protection, including:

  • Social Security numbers

  • Dates of birth

  • Driver's license numbers

  • Tax identification numbers

  • Insurance enrollment information

  • Employee census data

  • Dependent information

  • Health-related information

  • Financial account information

  • Authentication credentials

4. INFORMATION SECURITY GOVERNANCE

Ingenisure management is responsible for:

  • Establishing security standards

  • Maintaining security procedures

  • Monitoring compliance with this policy

  • Responding to security incidents

  • Reviewing security practices periodically

Personnel are responsible for:

  • Protecting confidential information

  • Following security procedures

  • Reporting suspected security incidents

  • Using company systems responsibly

5. ACCESS CONTROL

Access to information shall be limited to authorized individuals with a legitimate business need.

Ingenisure implements:

  • Unique user accounts

  • Password-protected systems

  • Role-based access controls where practical

  • Least-privilege access principles

  • Periodic review of user access permissions

Access rights may be modified or revoked at any time.

6. AUTHENTICATION REQUIREMENTS

Where supported by applicable systems, Ingenisure utilizes:

  • Strong password requirements

  • Multi-factor authentication (MFA)

  • Device authentication controls

  • Account recovery procedures

Users must:

  • Maintain secure passwords

  • Protect authentication credentials

  • Avoid sharing login information

  • Report compromised credentials immediately

7. DATA STORAGE AND ENCRYPTION

Ingenisure utilizes commercially reasonable security measures to protect information stored electronically.

Where supported by service providers and systems, safeguards may include:

  • Encryption in transit

  • Encryption at rest

  • Secure cloud storage

  • Secure file sharing

  • Secure backup procedures

Sensitive information should not be stored on unauthorized devices or systems.

8. APPROVED TECHNOLOGY PLATFORMS

Ingenisure may utilize reputable third-party service providers to support business operations, including:

  • Cloud storage providers

  • Email and communication platforms

  • Electronic signature providers

  • Enrollment and benefits administration systems

  • Customer relationship management systems

  • Website hosting providers

  • Document management systems

  • Cybersecurity providers

Third-party providers may be granted access only as reasonably necessary to perform services on behalf of Ingenisure.

9. DATA TRANSMISSION

Sensitive information should be transmitted only through approved and secure communication channels.

Personnel should avoid transmitting sensitive information through:

  • Unsecured public networks

  • Unauthorized applications

  • Personal email accounts

  • Unapproved file-sharing services

Where practical, secure portals, encrypted communications, or approved business systems should be used.

10. PHYSICAL SECURITY

Ingenisure maintains reasonable physical safeguards designed to protect information and systems.

Examples include:

  • Controlled office access

  • Secure workspaces

  • Secure document storage

  • Secure disposal procedures

  • Device protection measures

Physical records containing confidential information should be secured when not in use.

11. DEVICE SECURITY

Devices used to access company information should be protected through reasonable security measures, including:

  • Password protection

  • Device encryption where available

  • Automatic locking

  • Software updates

  • Antivirus or endpoint protection where appropriate

Lost or stolen devices must be reported promptly.

12. REMOTE WORK SECURITY

Personnel accessing company information remotely must:

  • Use secure internet connections

  • Protect devices from unauthorized access

  • Avoid public or unsecured Wi-Fi when handling sensitive information

  • Follow company security procedures

Remote access may be restricted or monitored for security purposes.

13. DATA RETENTION AND DISPOSAL

Ingenisure retains information only as long as reasonably necessary to:

  • Provide services

  • Satisfy legal obligations

  • Meet regulatory requirements

  • Resolve disputes

  • Protect legitimate business interests

When information is no longer required, it may be securely deleted, destroyed, anonymized, or otherwise disposed of in accordance with applicable requirements.

14. SECURITY INCIDENT REPORTING

Personnel must promptly report any suspected:

  • Unauthorized access

  • Data loss

  • Security breach

  • Malware infection

  • Credential compromise

  • Suspicious activity

Reports should be made immediately upon discovery.

15. INCIDENT RESPONSE

Upon learning of a suspected security incident, Ingenisure may:

  • Investigate the incident

  • Contain potential threats

  • Preserve evidence

  • Restore affected systems

  • Engage third-party experts where appropriate

  • Provide legally required notifications

Response activities will be conducted based upon the circumstances and applicable legal requirements.

16. VENDOR MANAGEMENT

Ingenisure may engage third-party vendors that process or access information on its behalf.

Where appropriate, Ingenisure may evaluate vendors based on factors including:

  • Security practices

  • Regulatory compliance

  • Contractual protections

  • Reputation

  • Business necessity

Vendor access shall be limited to the information reasonably necessary to perform authorized services.

17. SECURITY TRAINING AND AWARENESS

Personnel may receive training regarding:

  • Data protection

  • Privacy obligations

  • Password security

  • Social engineering

  • Phishing awareness

  • Incident reporting

Additional training may be provided as necessary.

18. COMPLIANCE AND ENFORCEMENT

Violations of this policy may result in:

  • Removal of access privileges

  • Corrective action

  • Contract termination

  • Other actions deemed appropriate under the circumstances

Ingenisure reserves the right to monitor compliance with this policy.

19. POLICY REVIEW

Ingenisure may review and update this Information Security Policy periodically to reflect:

  • Changes in business operations

  • Technology developments

  • Legal requirements

  • Security risks

  • Industry best practices

Updated versions become effective upon approval and publication.

20. CONTACT INFORMATION

Questions regarding this Information Security Policy may be directed to:

Ingenisure
555 Anton Blvd., Suite 150
Costa Mesa, CA 92626

Phone: (949) 257-2797

Email: security@ingenisure.com

bottom of page