Cover-More Case Study

Stephanie Gray

Case Study

01 June 2021

Achieving compliance to SOC2, PCI and ISO 27001:2013 standards

Cover-More is one of Australia’s leading insurance providers. They specialise in travel insurance and pride themselves on working every day to protect the travel dreams of Australians travelling domestically and internationally for more than 30 years. For their customers, who are used to relying on technology, being able to trust their insurance provider that their sensitive data is protected is key.

InfoTrust worked with Cover-More to execute and mature their security initiatives and create a robust, mature Information Security Management System (ISMS) that would ensure Cover-More were compliant to SOC2, PCI and ISO 27001:2013 standards. As well as improving their security controls and meeting other legal, regulatory and contractual security requirements. 

The project

InfoTrust coordinated and worked together with Cover-More employees, auditors and other consultants to deliver this project. InfoTrust’s approach was to consolidate Cover-More’s IT resources for implementation and build an Information Security Management System that was robust and a centralised platform for Cover-More’s policies, security controls and risk goals.

By efficiently and effectively managing all the relevant stakeholders of this project and completing all work within the deadline InfoTrust ensured the best outcome for the customer - guiding Cover-More to certification in not only Australia but also the US.

The business drivers

This project was significant for Cover-More as the outcome was compliance to SOC2 and ISO 27001:2013, a requirement for their organisation.

Cover-More had multiple compliance and contractual obligations that were to be addressed and remediated within 6 months. This required conducting multiple analyses of not just the existing controls but also ensuring there was no double up as staff were pressed.

InfoTrust demonstrated innovation was in the form of the approach that we took; utilising a centralised GRC platform, customised to suit Cover-More’s requirements. InfoTrust created a one-stop go to resource that was utilised by multiple teams that were involved in this large undertaking.

These requirements were directly related to the way Cover-More operated its business and would have had a significant impact to the business if these requirements were not met.

The entire project was hinged on agility and the ability to deliver within a short, fixed amount of time. The project was delivered within 5 months, and complexities introduced were adding on an extra country that was originally not scoped for.

Delivering ROI

The alternative was to hire multiple staff, invest time and energy on training them, and then hire further staff to manage the overall project. The approach employed by Cover-More was to focus on the project management side of things, and leverage InfoTrust’s experienced consultants to deliver on the GRC and technical outcomes. This approach not only created massive savings from a hiring perspective, but as InfoTrust centralised everything, Cover-More saved massively on having to double-up on their response to multiple compliance and contractual requirements.

The value of InfoTrust

Cover-More appointed InfoTrust as the lead consultant on the project, meaning that InfoTrust served as the liaison between multiple consulting firms. Leveraging their consultants’ industry relationships, InfoTrust was able to devise and execute a well-rounded stakeholder management strategy. This strategy ensured that all involved parties were always on the same page, and as a consequence, Cover-More was always aware of the project status and how each external consulting partner was contributing to the overall success of their requirements.

Consulting

ISO27001

Share