Chubb Information Security & Privacy Practices
Information security and privacy are top priorities for Chubb. Chubb has taken a multidisciplinary and multi-faceted approach to protection of personal and corporate information. We use administrative (e.g., governance and policy), technical (e.g., security tools) and physical safeguards (e.g., locks and other physical security measures) designed to protect information in our care. We maintain data protection strategies that are designed to monitor security threats as well as protocols to respond to them.
Data Protection Culture, Governance and Policy
Chubb promotes a data protection culture. We maintain policies and standards designed to protect personal and corporate information that have been developed by a multi-disciplinary team including representation from information security and IT compliance, privacy, IT legal, compliance and business representatives.
Chubb uses certain information security tools that are designed to protect information and systems (e.g., encryption, firewalls, intrusion detection and prevention systems, patch management and identity management systems). Our Information Security Team monitors the tools to discover anomalous and suspicious patterns and to respond accordingly. Chubb participates in information sharing networks (government and private) and deploys system updates and other technology as appropriate.
Chubb provides employees with data protection training covering topics like password management, secure transmission, social engineering (e.g., schemes to trick people into breaking normal security procedures to perform certain actions or to divulge confidential information) and privacy compliance. Chubb also provides role based training for employees engaged in information protection, privacy and other risk management specialties. Chubb uses a variety of training methods including computer-based training, role based training, company intranet awareness campaigns and various simulation exercises.
Risk Assessments and Audit
Chubb’s information security policies and protocols undergo regular assessments and audits. In addition, we benchmark our programs against key regulatory frameworks.