Security at Groundspeed
Groundspeed is the most advanced submission digitization platform for the commercial insurance industry. Our clients trust us with their data, and maintaining that trust is key to our mission at Groundspeed.
Security program highlights
Secure development
At Groundspeed, the security of our software and infrastructure is paramount. To accomplish this, we follow the NIST Cybersecurity Framework guidelines and the OWASP Application Security Verification standard. In addition, industry-standard security analysis tools are integrated directly into our development pipeline, ensuring that security is never an afterthought.
Secure access
All Groundspeed systems are secured by MFA and SSO, using zero trust and identity-native access principles, ensuring that data and systems security is integral to the architecture. Real-time security monitoring and analysis tools constantly watch our network, systems, and data for anything out of the ordinary.
Secure data
The data that Groundspeed receives or transmits, stores, and processes is encrypted at all times, in flight, and at rest. We use best-practice industry standards for cryptography and key management throughout our infrastructure and applications. In addition, Groundspeed partners with security experts to undergo regular third-party penetration tests to validate our systems and environments.
Over 35 insurance carriers trust Groundspeed with their submission data, including:
Groundspeed is SOC 2 compliant
SOC 2 is an auditing measure developed by the American Institute of CPAs (AICPA) that ensures service providers securely manage user data. To demonstrate our commitment to security, Groundspeed maintains a SOC 2 Type II certification, covering the security, availability, processing integrity, and confidentiality trust principles. As a result, our clients can trust Groundspeed’s processes, policies, and capabilities to keep their data secure.
Since 2019, Groundspeed has worked annually with an independent auditor to thoroughly audited our systems and processes, verifying standards and best practices on everything from security to remediation procedures. By continuing to maintain a Type II report, auditors verify that all controls operated successfully over each annual reporting period. In addition, as we develop new products and capabilities and automate more complex unstructured documents, our policies ensure that we maintain these standards across our systems and processes.
If you wish to learn more about our SOC 2 compliance, need documentation, or are exploring a platform to digitize and understand underwriting risk much better and faster, contact us here.