Information Security Mission Statement:
The primary objective of information security is reducing the risk to data assets. Through awareness, sound policies, internal controls and processes, DITCHEY GEIGER, LLC is committed to providing a secure environment safeguarded from loss or unauthorized use.
Our approach to information security and practices to secure our various systems and services include implementing a variety of internal controls to mitigate risk, ensure compliance to various requirements and enable ourselves and our customers to meet business requirements and objectives. Our internal controls consist of policies, procedures, practices and organizational structures and are put in place to reduce risks and provide reasonable assurance that our customer’s business objectives will be achieved and undesired events will be prevented, or detected and corrected. Samples of the internal controls we have deployed to the DG environment include:
- A security policy
- Operational procedures to support the policy
- Change management
- Asset management
- Data center physical and logical controls
- Use of specialized technology, including firewalls, anti-virus software and end point protection software
- Periodic testing for known vulnerabilities
- Various types of access control technologies (Password / User-ids)
- Documented processes and procedures
- A disaster recovery plan
- A business contingency plan
- A systems patching program
- Regular updates to our security practices
- An internal security awareness program
DITCHEY GEIGER is committed to securing our customer’s information. Information Security Management is an integral part of our internal and customer facing processes and we pledge to use best efforts to protect ours and our customer’s assets and information.
Risk Management Methodology, Analysis & Treatment:
Risk Management is the process of identifying, analyzing and responding to risk factors and is best achieved through a methodical approach employing best practice management principles. Proper risk management is proactive rather than reactive and will reduce not only the likelihood of an event occurring, but also the magnitude of its impact. For added protection, DITCHEY GEIGER also maintains a $5 million cyber-liability insurance policy.
A number of methodologies deal with risk management in an IT environment. Our risk methodology focuses on identifying and managing the risk associated with IT assets. The assets include:
- Policies / Processes / Procedures
Information Security Principals:
We have identified five principles that guide us in the development, decision-making, implementation and maintenance of information security strategies, plans, policies and procedures. These principles include:
Information security is an important and shared responsibility for the entire DG workforce.
Firm Partners support information security policies and practices that protect information systems and information assets.
Information security policies, standards, guidelines and procedures are developed to communicate security requirements and guide the selection and implementation of security control measures.
Personal accountability and responsibility for information security are incorporated in roles and responsibilities that ensure that every end-user is knowledgeable and applies the applicable information security policies, principles, procedures and practices in their daily work activities.
Information security education, training and awareness programs are important means to ensure that end-users are aware of security threats and concerns and are equipped to apply organizational security policies and principles.
Physical Data Security:
- Security alarm system with motion detection
- Multiple point entry locks to the internal office
- Electronic keypad locks on all office doors
- 24/7 Security camera to monitor office entry
- Visitor sign-in sheet
- Battery backups on all IT systems
- Daily data backups
- Password protection on all IT systems
- Anti-virus, malware, and end-point protection
- Firewall with intrusion, virus, phishing, and spam protection
- Data and web-traffic monitoring
- Website security program
We have developed and programmed our proprietary collections software system from the ground up. When searching for a claims management system, we found several available programs that could be used for legal, collections, or subrogation, but none that were designed to handle all those areas. By developing and programming our own system, we created and continue to enhance a claims management system that effectively handles all the various types of files we work. This also allows us to change or add additional functions to meet client needs.
Client Access and File Upload:
In addition to our claims management system, we created and host our website. Through the Client Login page, our clients can access the Client Portal to check the status of existing files and upload new placements. Electronically submitting files through the portal reduces the time and cost of sending files to DITCHEY GEIGER. It also increases the efficiency of adding the data and documentation into our clams management system, thereby allowing our team to begin working the files sooner. In addition to assigning new placements, the Client Portal allows clients to send additional large files or supplemental supports to our office via Quixit; A secure file transfer system that allows drag-and-drop capability for uploading individual claim documents, as well as folders in .zip format.
We are able to accept payments through our Payments webpage. Parties can pay via credit card, debit card, ACH, or on-line check. All payments are completed through secure third-party processor links. Real-time payment transfer means faster client remittance time cycles.