ACORD, Microsoft Join Forces to Boost Security for Insurance Industry

LAS VEGAS, May 24, 2004 — Microsoft Corp. and ACORD, a global, nonprofit insurance association whose mission is to facilitate the development and use of standards for the insurance, reinsurance and related financial services industries, unveiled today at the ACORD LOMA Insurance Systems Forum a collaborative effort to help the insurance industry put in place and maintain security-enhanced environments for business operations.

The collaborative effort will consist of developing joint task forces focused on key areas in the insurance industry, including agent and company workstation security, patch management, identity management, and business compliance. Each task force will produce guidelines and best practices that will be made available to ACORD members through the organization’s Web site and other distribution channels. In addition to the task-force work, Microsoft will provide prescriptive architectures for patch and identity management to ACORD for member distribution.

“The security issues faced by our industry as a whole, and by agents specifically, are an area of increasing focus for all of us,” said Ron Dudley, vice president of standards at ACORD. “Security and its related compliance challenges are clearly constant facts of business that all ACORD members are and will be dealing with on an ongoing basis. It’s our responsibility as an industry body to provide guidance and leadership in this area.”

“It’s critical that business managers in financial services have access to best practices around security,” said Mark Horvath, director of security mobilization for the Commercial Sector Group at Microsoft. “Microsoft, as a software provider to the insurance industry, feels a special responsibility to make sure that we provide the highest-quality guidance we can.”

Although security is important at all levels of the insurance value chain, ACORD and Microsoft recognize that the smaller agencies are often left without guidance. “Large companies engage with Microsoft on a variety of levels and have a multifaceted relationship with us around security,” said Dennis Maroney, managing director for the insurance industry for Microsoft. “However, the smaller companies, partners and agencies are often overlooked or left to their own devices. This can result in security gaps, through which everyone becomes vulnerable.”

For example, the systems of independently owned agencies frequently interact with the infrastructures of the large carriers, inadvertently relaying e-mail virus attacks, Trojan horses and other security threats to the larger system. By shoring up the security around agency desktops, ACORD and Microsoft hope to increase the overall reliability and security of all insurance industry members.

“The Agents Council for Technology looks forward to coordinating efforts with ACORD and Microsoft on this critical area for independent agencies and brokers,” said Jeff Yates, executive director of the council, which is affiliated with the Independent Insurance Agents & Brokers of America (IIABA). “The security best practices envisioned in this initiative — which will be continuously updated — will be extremely valuable to all segments of the industry. This new initiative will mesh well with ACT’s current efforts to provide independent agents with more guidance as to how to protect the security of their systems and customer information.” IIABA is a national alliance of 300,000 business owners and their employees who offer all types of insurance and financial services products. ACT, established in 1999, addresses critical technology issues facing the independent agency system.

The proposed ACORD and Microsoft joint task forces fit well within Microsoft’s Trustworthy Computing Initiative, a plan launched in 2002 designed to improve the overall security of Microsoft’s products and partners. “Microsoft has a lot of prescriptive guidance around securing information technology systems that take advantage of its products,” Dudley said. “We think the guidance will be very useful to our members. For example, simply disseminating instructions to the broadest possible audience on how to automate the process of security downloads would provide an enormous benefit.”

“We also see this as an opportunity to extend the reach of the security guidance provided by many of our leading partners,” Horvath said. A list of Microsoft Insurance Value Chain partners attending ACORD LOMA, and information on Microsoft’s support of the insurance industry, can be found at .


Based in New York, ACORD (Association for Cooperative Operations Research and Development) is a global, nonprofit insurance association whose mission is to facilitate the development and use of standards for the insurance, reinsurance and related financial services industries. With offices in London as well, ACORD accomplishes its mission by remaining an objective, independent advocate for sharing information among diverse platforms. ACORD Standards and services improve efficiency and expand market reach. Affiliated with ACORD are hundreds of insurance and reinsurance companies, and thousands of agents and brokers, related financial services organizations, software providers, and industry organizations worldwide. To learn more about ACORD standards or the benefits of ACORD membership, please visit the ACORD website at: .

About Microsoft

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Microsoft is a registered trademark of Microsoft Corp. in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft®
Web page at on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at .

Related Posts