Insurance IT, NPI-safe.
And cyber-insurable.
Insurance agencies sit on a stack of nonpublic personal information. Social Security numbers, financial records, health data, the works. Protected under GLBA and your state’s Department of Insurance rules. You also sell cyber insurance to others while filling out tighter and tighter cybersecurity questionnaires of your own. We help Phoenix agencies build IT that satisfies the Safeguards Rule, survives the wire-fraud attempts your producers are targets for, and answers your own carrier’s application without flinching.
Your IT problem is a fiduciary problem.
Insurance agencies operate under three pressures most MSPs do not understand: GLBA, your state’s DOI, and the cyber-insurance market you participate in from both sides.
NPI is regulated, not optional
Every Social Security number, every bank account, every health record in your AMS is nonpublic personal information under GLBA. The Safeguards Rule expects a risk assessment, a written information security program, and incident response. Documented, current, and defensible.
Wire fraud targets producers
Business Email Compromise is the #1 way money walks out of insurance agencies. Spoofed emails to accounting, fake premium-redirect requests, fraudulent invoice changes. The defenses are technical (MFA, email security, network segmentation) AND procedural. Both have to be in place.
Your own cyber application is tightening
You sell cyber insurance and you buy it. Carrier questionnaires now run 80+ pages with technical specifics. EDR, MFA, backup posture, training cadence. We help you answer them honestly with controls actually in place, not promises you cannot back up.
Your AMS is the business
When Applied Epic, AMS360, EZLynx, HawkSoft, or NowCerts goes down, the agency stops. Quotes do not happen, renewals do not bind, commissions do not process. Your IT has to treat AMS uptime as a business-critical metric.
Built for how Phoenix agencies actually run
Managed IT for Insurance
Workstation and server management, AMS integration (Applied Epic, AMS360, EZLynx, HawkSoft, NowCerts), document management, secure backup, and the proactive care that keeps producers selling. Includes the 24/7 Security Operations Stack on every managed device.
Cybersecurity for Insurance
MFA on everything, advanced email security with BEC and wire-fraud detection, endpoint EDR, encrypted email for client communication, dark-web monitoring, agency-wide security awareness training. Aligned with the GLBA Safeguards Rule and the controls your cyber carrier is asking about.
GLBA Compliance Documentation
Required Safeguards Rule risk analysis, written information security program (WISP), incident response plan, vendor management documentation, and the audit trail your state DOI and your carrier expect. Updated annually, defensible.
AI Tools for Insurance Ops
Policy document summarization, COI processing assistance, prior carrier correspondence drafting, claim intake triage. Built with the NPI handling that insurance compliance requires.
Frameworks first. NPI protected.
We do not claim certifications we do not hold. We build, document, and operate to the standards GLBA, your state DOI, your E&O carrier, and your cyber-insurance underwriter all expect. When the audit or the questionnaire comes, the answer is on file.
What it looks like when we work together
A producer’s email got spoofed and accounting almost moved the premium.
We investigate, lock down the affected accounts, work with your insurer and counsel, harden email and MFA across the agency, and write the incident report. Then we put the procedural controls in place so the next attempt does not get past the front line.
Your last Safeguards Rule risk analysis is years old (or never happened).
We complete a current risk analysis, build your written information security program, document the controls, and prep the file your state DOI or carrier auditor will ask for. You are no longer a sitting target if the inquiry comes.
You are moving agency management systems (Epic to AMS360, or similar).
We scope the data migration, the integration with comparative raters, the document and email handoff, parallel-run validation, and the producer training. Commissions and renewals do not skip a beat.
Your cyber-insurance application is due and the carrier’s questions multiplied.
We sit with you through the questionnaire, answer the technical sections with evidence, and remediate the gaps that would otherwise get you declined or rated up. You walk in with documented controls, not promises.
No contracts, no surprises, no offshore handoff
Three steps from “we should talk” to “we are your IT team.”
Discovery + walkthrough
30-min call about your agency, your AMS, your producer count, and your GLBA situation. Then a 30-min review of your environment, remote or on-site at your office.
Written assessment
Compliance-depth assessments take longer than a standard IT review, and that is the point. Within 1–2 weeks you receive a written gap report against the GLBA Safeguards Rule requirements, your cyber carrier’s questionnaire, and the controls auditors actually ask about. Prioritized recommendations, ROI/risk estimates, scoped proposal. Yours to keep.
Onboard + go live
If we are a fit, we run a structured 30-day onboarding. Documentation, monitoring, training, a named engineer who knows your agency, and a client portal where your credentials are always yours.
What agency principals ask before they call
Do you understand the GLBA Safeguards Rule?
Yes. We perform the required risk analysis, build the written information security program, document the controls, and update everything annually. When your state DOI asks or your carrier audits, the file is current and defensible.
Can you help us with our cyber insurance renewal application?
Yes. This is one of our most common engagements with insurance clients. We sit through the questionnaire with you, answer the technical sections with evidence, and identify the gaps to remediate before submission. Most agencies see a meaningful premium or coverage improvement after working with us.
Do you support our AMS (Applied Epic, AMS360, EZLynx, HawkSoft, NowCerts)?
Yes. We support the major agency management systems plus integration with comparative raters, document management, and the email/calendar workflow producers actually live in. Tell us your stack on the assessment call.
What about producers using personal devices in the field?
Common challenge. We deploy mobile device management policies that protect NPI without taking over personal devices. Separation of business and personal apps, remote wipe of agency data, MFA for AMS access. Producers stay productive, NPI stays protected.
How do you handle BEC and wire-fraud attempts?
Three layers: advanced email security with BEC pattern detection (Avanan / Check Point Harmony), MFA on every account that can move money or change records, and quarterly tabletop exercises with accounting so the procedural defenses are sharp. The attacks are not going to stop. Your defenses have to be in place when they happen.
Who owns our passwords and IT documentation?
You do. We maintain a client portal where all your credentials, vendor info, and IT documentation are always available to you, so if you ever need to vet another vendor or move on, nothing is held hostage.
Do you require a long-term contract?
No, we do not require one. Assessment is free, onboarding is scoped, and ongoing managed services default to month-to-month. Cancel any time. For agencies that want budget predictability or locked-in pricing, we also offer 1-year and 3-year agreements.
Before your next GLBA inquiry, your next cyber renewal, or the 3am incident response.
One hour with a Phoenix-based engineer who works with insurance agencies every day. You leave with a written GLBA Safeguards gap assessment and a prioritized fix list. Yours to keep.