Cyber Liability IQRM

Armor 360 Logo

What is IQRM?

The IQRM (Intelligence Quotient for Risk Management) is the first step to identifying the risks that most greatly affect your business.

Why IQRM?

With this integral piece of The Insurance Market’s Armour 360® process, we will ensure you receive a comprehensive program that maximizes your insurance investment.

How IQRM works?

We will work together to analyze the effectiveness of managing risks, develop strategies to protect your assets, and improve your risk profile. Additionally reducing your insurance costs, monitoring, and fine-tuning risk management programs as your business evolves.

MM slash DD slash YYYY
1. We have implemented Multi-Factor Authentication (MFA) on all email and remote access, including privileged accounts.(Required)
2. We use Next Generation Anti-Virus (NGAV) and/or Endpoint Detection and Response (EDR) software to secure all system endpoints.(Required)
3. We have disabled Remote Desktop Protocol (RDP) and/or Remote Desktop Gateway (RDG) on all system endpoints or servers. Alternatively, access is only granted after proper Multi-Factor authentication via our VPN.(Required)
4. A dedicated individual or team is responsible for overall privacy and network security protection.(Required)
5. A cyber incident response plan is in place to determine in advance which breach services firm, PR firm, forensics investigator, etc. we would utilize.(Required)
6. All valuable/sensitive data is backed-up daily, stored outside the network and tested/validated periodically.(Required)
7. Regular software updates and patching procedures are performed, including applicable Microsoft vulnerability updates, post their 2021 incident.(Required)
8. Encryption is in place for sensitive data, especially on portable devices.(Required)
9. We regularly conduct cyber security audits of our own systems. We are committed to remedying all significant deficiencies.(Required)
10. We train and test our employees on recognizing and avoiding phishing, social engineering, and email scams.(Required)
11. We have established the number of unique personal information records (PII) that we have stored on our network or that are stored by others on our behalf (i.e. 3rd party cloud providers).(Required)
12. We limit employee access to sensitive data based upon their role in the company and their business need to access such data.(Required)
13. We require training for employees on appropriate business use of social media.(Required)
14. We have procedures in place to obtain any data/information assets back from vendors or existing employees and/or contractors upon termination of the relationship.(Required)
15. We are compliant with regulations regarding sensitive data that apply to our business including but not limited to HIPAA/HiTECH.(Required)
16. If we accept payment cards, we are in compliance with applicable Payment Card Industry Data Security Standards (PCI/DSS).(Required)
17. For contracts with third parties to manage, host and/or access our data, we ensure such contracts have strong hold harmless agreements. For contracts with third parties that grant us access to their data, we carefully review the hold harmless agreements and insurance requirements to ensure that they are balanced to both parties.(Required)
18. For contracts with third parties to manage, host and access our data, we require these organizations to have comprehensive professional liability (if applicable) and cyber liability insurance.(Required)
19. We have a data destruction policy to remove PII from our systems when no longer needed.(Required)
20. When acting upon a new or changed request to wire transfer funds to a third party, whether the request is from someone internally or externally, we verify that the request is valid (either in person or by calling a known valid number).(Required)
This field is for validation purposes and should be left unchanged.