top of page
INFORMATION SECURITY POLICY
Effective Date: July 13, 2026
1. PURPOSE
Ingenisure ("Ingenisure," "we," "our," or "us") is committed to protecting the confidentiality, integrity, and availability of information entrusted to us by clients, employers, employees, insurance carriers, benefit administrators, vendors, and other authorized parties.
This Information Security Policy establishes the administrative, technical, and physical safeguards utilized by Ingenisure to protect personal information, confidential information, proprietary business information, and other sensitive data in connection with our insurance brokerage, employee benefits consulting, enrollment, compliance, and related services.
This policy supports Ingenisure's Privacy Notice, Terms of Use, contractual obligations, and applicable legal and regulatory requirements.
2. SCOPE
This policy applies to:
-
Ingenisure personnel
-
Owners
-
Employees
-
Independent contractors
-
Temporary workers
-
Consultants
-
Authorized service providers with access to Ingenisure information systems
This policy applies to information maintained in any form, including:
-
Electronic records
-
Cloud-based systems
-
Mobile devices
-
Physical documents
-
Email communications
-
Enrollment systems
-
Customer relationship management systems
-
Shared drives
-
Backup systems
3. INFORMATION CLASSIFICATION
Ingenisure classifies information according to its sensitivity and business impact.
Public Information
Information approved for public disclosure, including:
-
Marketing materials
-
Public website content
-
Published educational content
Internal Information
Information intended for internal business use, including:
-
Internal procedures
-
Business planning materials
-
Operational records
Confidential Information
Information requiring restricted access, including:
-
Client information
-
Vendor information
-
Financial information
-
Contractual information
-
Business strategies
Sensitive Information
Information requiring the highest level of protection, including:
-
Social Security numbers
-
Dates of birth
-
Driver's license numbers
-
Tax identification numbers
-
Insurance enrollment information
-
Employee census data
-
Dependent information
-
Health-related information
-
Financial account information
-
Authentication credentials
4. INFORMATION SECURITY GOVERNANCE
Ingenisure management is responsible for:
-
Establishing security standards
-
Maintaining security procedures
-
Monitoring compliance with this policy
-
Responding to security incidents
-
Reviewing security practices periodically
Personnel are responsible for:
-
Protecting confidential information
-
Following security procedures
-
Reporting suspected security incidents
-
Using company systems responsibly
5. ACCESS CONTROL
Access to information shall be limited to authorized individuals with a legitimate business need.
Ingenisure implements:
-
Unique user accounts
-
Password-protected systems
-
Role-based access controls where practical
-
Least-privilege access principles
-
Periodic review of user access permissions
Access rights may be modified or revoked at any time.
6. AUTHENTICATION REQUIREMENTS
Where supported by applicable systems, Ingenisure utilizes:
-
Strong password requirements
-
Multi-factor authentication (MFA)
-
Device authentication controls
-
Account recovery procedures
Users must:
-
Maintain secure passwords
-
Protect authentication credentials
-
Avoid sharing login information
-
Report compromised credentials immediately
7. DATA STORAGE AND ENCRYPTION
Ingenisure utilizes commercially reasonable security measures to protect information stored electronically.
Where supported by service providers and systems, safeguards may include:
-
Encryption in transit
-
Encryption at rest
-
Secure cloud storage
-
Secure file sharing
-
Secure backup procedures
Sensitive information should not be stored on unauthorized devices or systems.
8. APPROVED TECHNOLOGY PLATFORMS
Ingenisure may utilize reputable third-party service providers to support business operations, including:
-
Cloud storage providers
-
Email and communication platforms
-
Electronic signature providers
-
Enrollment and benefits administration systems
-
Customer relationship management systems
-
Website hosting providers
-
Document management systems
-
Cybersecurity providers
Third-party providers may be granted access only as reasonably necessary to perform services on behalf of Ingenisure.
9. DATA TRANSMISSION
Sensitive information should be transmitted only through approved and secure communication channels.
Personnel should avoid transmitting sensitive information through:
-
Unsecured public networks
-
Unauthorized applications
-
Personal email accounts
-
Unapproved file-sharing services
Where practical, secure portals, encrypted communications, or approved business systems should be used.
10. PHYSICAL SECURITY
Ingenisure maintains reasonable physical safeguards designed to protect information and systems.
Examples include:
-
Controlled office access
-
Secure workspaces
-
Secure document storage
-
Secure disposal procedures
-
Device protection measures
Physical records containing confidential information should be secured when not in use.
11. DEVICE SECURITY
Devices used to access company information should be protected through reasonable security measures, including:
-
Password protection
-
Device encryption where available
-
Automatic locking
-
Software updates
-
Antivirus or endpoint protection where appropriate
Lost or stolen devices must be reported promptly.
12. REMOTE WORK SECURITY
Personnel accessing company information remotely must:
-
Use secure internet connections
-
Protect devices from unauthorized access
-
Avoid public or unsecured Wi-Fi when handling sensitive information
-
Follow company security procedures
Remote access may be restricted or monitored for security purposes.
13. DATA RETENTION AND DISPOSAL
Ingenisure retains information only as long as reasonably necessary to:
-
Provide services
-
Satisfy legal obligations
-
Meet regulatory requirements
-
Resolve disputes
-
Protect legitimate business interests
When information is no longer required, it may be securely deleted, destroyed, anonymized, or otherwise disposed of in accordance with applicable requirements.
14. SECURITY INCIDENT REPORTING
Personnel must promptly report any suspected:
-
Unauthorized access
-
Data loss
-
Security breach
-
Malware infection
-
Credential compromise
-
Suspicious activity
Reports should be made immediately upon discovery.
15. INCIDENT RESPONSE
Upon learning of a suspected security incident, Ingenisure may:
-
Investigate the incident
-
Contain potential threats
-
Preserve evidence
-
Restore affected systems
-
Engage third-party experts where appropriate
-
Provide legally required notifications
Response activities will be conducted based upon the circumstances and applicable legal requirements.
16. VENDOR MANAGEMENT
Ingenisure may engage third-party vendors that process or access information on its behalf.
Where appropriate, Ingenisure may evaluate vendors based on factors including:
-
Security practices
-
Regulatory compliance
-
Contractual protections
-
Reputation
-
Business necessity
Vendor access shall be limited to the information reasonably necessary to perform authorized services.
17. SECURITY TRAINING AND AWARENESS
Personnel may receive training regarding:
-
Data protection
-
Privacy obligations
-
Password security
-
Social engineering
-
Phishing awareness
-
Incident reporting
Additional training may be provided as necessary.
18. COMPLIANCE AND ENFORCEMENT
Violations of this policy may result in:
-
Removal of access privileges
-
Corrective action
-
Contract termination
-
Other actions deemed appropriate under the circumstances
Ingenisure reserves the right to monitor compliance with this policy.
19. POLICY REVIEW
Ingenisure may review and update this Information Security Policy periodically to reflect:
-
Changes in business operations
-
Technology developments
-
Legal requirements
-
Security risks
-
Industry best practices
Updated versions become effective upon approval and publication.
20. CONTACT INFORMATION
Questions regarding this Information Security Policy may be directed to:
Ingenisure
555 Anton Blvd., Suite 150
Costa Mesa, CA 92626
Phone: (949) 257-2797
Email: security@ingenisure.com
bottom of page