Avoiding hardware and system failures due to natural and manmade disasters can be made easier by using new technologies such as enterprise content management (ECM) solutions. With ECM, insurance carriers and agencies can ensure that policyholders get the service they need through several deployment options, including:
- Deploying entirely via software as a service (SaaS), allowing the solutions for storing documents and automating processes to be housed in a completely outsourced, redundant, and secure data center.
- Incorporating a hosted solution into the disaster recovery strategy for an in-house ECM solution, allowing the system to be backed up at regular intervals to a hosted repository that acts as a hot site in the event of an emergency.
- Deploying a warm site, allowing backup media to be stored at the service provider and loaded onto a live server when a disaster is reported.
Disasters have a tendency to bring out either the best or the worst in people. How people handle themselves during difficult times communicates a lot about their true nature. Similarly, policyholders will judge insurers by how they react when the worst happens. Because the business model is built on the policyholder’s trust that an insurer will be there in a worst case scenario, losing documents or failing to maintain operations can cost much more than simply lost data. A business continuity plan that leverages secure online technologies to protect enterprise documents and data can maintain business continuity, customer satisfaction, and a hard-earned reputation while avoiding additional liability or regulatory findings.
Unfortunately, there are multiple kinds and levels of disasters that can prevent access to policyholder data and affect a carrier’s ability to provide service, including natural disasters, hardware/system failure and manmade disasters. Natural disasters are often the first scenario considered thanks to vivid media footage of flood-ravaged communities, towns torn apart by hurricanes and tornadoes, and neighborhoods being evacuated as wildfires come closer, resulting in loss estimates in the billions of dollars.
However, the National Archives and Records Administration (NARA) estimates that less than one percent of data loss is attributed to natural disasters; the greatest vulnerability is the infrastructure trusted to protect data. The NARA estimates that 78 percent of data loss is caused by hardware or system failure. Many organizations rely on the integrity of their backup solutions to create recoverable copies of their content, but too few perform a system restoration on different hardware to ensure that it is effective.
When the effectiveness of database backups are first tested, many organizations find that they have issues which would prevent full recovery. These are not incompetent organizations that lack skill or resources. Incomplete, insufficient or otherwise failed backups can result from seemingly routine (and advisable) actions, such as the installation of operating system service packs, newer versions of backup software and agents, database software, or virus detection software.
Manmade disasters may be the most difficult to protect against. From massive devastation such as terrorism or destruction that affects an entire region, to malicious actions by an individual in a single data center, data stored onsite is vulnerable. Offsite media storage is an option, but the potential for theft or loss associated with transporting data has been widely publicized.
SaaS, Hosted Systems Support Business Continuity
Many insurance carriers are evaluating SaaS and other hosted ECM strategies to ensure that policyholders get the service they need, whether that is in response to a widespread disaster or an agent’s need for immediate retrieval of a policyholder’s documents related to a minor claim.
One option is to deploy ECM technology entirely via SaaS, which means that the entire solution for storing documents and automating processes would be housed in a completely outsourced, redundant and secure data center. With the same functionality as a premises-based solution, a SaaS solution is available via a standard Web browser. In the event of a disaster that closes a location, users still have the opportunity to sign into the system from another location. In addition to world-class validation and recovery, an outsourced data center is physically secured against unauthorized access, reducing vulnerability to internal sabotage.
Insurance carriers also can opt to incorporate a hosted solution into the disaster recovery strategy for an in-house ECM solution. For instance, an ECM solution can be backed up at regular intervals to a hosted repository that acts as a hot site in the event of an emergency. If a carrier’s physical location is not functional, authorized users simply would have to access the online repository to maintain immediate business continuity. Depending on the level of risk, some companies opt for a warm site, which means that backup media is stored at the service provider and loaded onto a live server when a disaster is reported. Though less expensive, this option has a somewhat longer recovery period.
Regardless of whether a carrier chooses to use an outsourced data center for SaaS or for disaster recovery, the service provider should be able to provide the following:
- SAS 70 II audit - Developed and maintained by the American Institute of Certified Public Accountants (AICPA), SAS 70 is an audit of service providers that can impact the control environment of customers. A Type II audit is preferable to a Type I audit because, in addition to a list of controls, it also includes the auditors’ tests and opinions on the efficacy of the controls.
- SysTrust certification - A SysTrust audit evaluates and tests system reliability. It measures availability, security, and integrity. Service providers with this certification will be able to produce an auditor’s report.
- File-to-file replication – Most replication technology copies blocks of data, a method that increases the likelihood that any corruption will be replicated at the backup site. A solution that automatically replicates new/changed files and monitors data synchronization between the sites will provide the safest and most reliable failover site.
- Database validation – Hosting providers periodically should run through the actions taken during an actual server failure, including restoring the database to a different server. Tests should be run to verify that the data has been successfully and completely restored, the media is readable, and the database itself is free of internal errors.
- Geographically disbursed locations – Regardless of how much redundancy a primary data center has, even the most hardened site is susceptible to a major disaster. A hosting provider should be able to assure availability by providing multiple locations for storing data reliably.
- Industry expertise – Whether engaging a SaaS or a disaster recovery services provider, insurance carriers should work with ECM specialists that understand the insurance industry and its processes and have a track record of experience with the technology. This expertise, combined with a willingness to listen to the specific needs of an individual company, will ensure that the proper balance of functionality, compliance, and budget is maintained.
- Vendor independence – Particularly in a SaaS environment, insurance carriers need to ask about exit and migration strategies. If the SaaS is using an industry standard software solution, insurers have the flexibility to move the solution in-house if they wish. Documents stored in their native formats (e.g. Microsoft® Word, Excel®, PDF, JPEG, etc.) will be easier to access and migrate if the relationship with the SaaS provider sours.
There is no single technology that instantly will solve all of the challenges of disaster recovery, business continuity, and risk mitigation. However, a growing number of insurance carriers are evaluating how outsourcing ECM functionality to a service provider can increase control and reduce risks.
Jason King is director of financial services for
Hyland Software, Inc., the developer of the enterprise content management (ECM) software suite OnBase. Mr. King can be reached at (440) 788- 5000 or
jason.king@onbase.com.