Information Security and Privacy

Chubb Information Security & Privacy Practices          

Information security and privacy are top priorities for Chubb.  Chubb has taken a multidisciplinary and multi-faceted approach to protection of personal and corporate information.  We use administrative (e.g., governance and policy), technical (e.g., security tools) and physical safeguards (e.g.,  locks and other physical security measures) designed to protect information in our care. We maintain data protection strategies that are designed to monitor security threats as well as protocols to respond to them.

Data Protection Culture, Governance and Policy

Chubb promotes a data protection culture. We maintain policies and standards designed to protect personal and corporate information that have been developed by a multi-disciplinary team including representation from information security and IT compliance, privacy, IT legal, compliance and business representatives.

Technological Tools                                             

Chubb uses certain information security tools that are designed to protect information and systems (e.g., encryption, firewalls, intrusion detection and prevention systems, patch management and identity management systems). Our Information Security Team monitors the tools to discover anomalous and suspicious patterns and to respond accordingly. Chubb participates in information sharing networks (government and private) and deploys system updates and other technology as appropriate.

Employee Training                                                          

Chubb provides employees with data protection training covering topics like password management, secure transmission, social engineering (e.g., schemes to trick people into breaking normal security procedures to perform certain actions or to divulge confidential information) and privacy compliance.  Chubb also provides role based training for employees engaged in information protection, privacy and other risk management specialties. Chubb uses a variety of training methods including computer-based training, role based training, company intranet awareness campaigns and various simulation exercises.

Risk Assessments and Audit                                                              

Chubb’s information security policies and protocols undergo regular assessments and audits.  In addition, we benchmark our programs against key regulatory frameworks.