top of page

Security and Privacy FAQs

Full Privacy Statement

Q: Do you have security and privacy policies?

Yes. 360IS maintains formal Information Security and Data Protection policies, available under NDA. A high-level Privacy Policy is published on our website.


Q: Where is data stored?

All client data is stored in U.S-based, enterprise-grade cloud environments (AWS, Salesforce, and OpenAI under restricted enterprise license).


Q: How is data protected?
 

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).

 

  • Role-based access control with MFA.

 

  • Continuous monitoring and audit logging.


Q: Do you hold certifications?

360IS inherits SOC 2, ISO 27001, HIPAA, GDPR, and FedRAMP compliance through our providers. Full attestations available on request.


Q: Do you sell or use client data for training?

No. Customer data is never sold, shared, or used to train models.


Q: What about business continuity?
 

  • RPO: 24 hours, RTO: 4 hours

 

  • Data is backed up across multiple U.S. regions.

​

  • Incident response and DR testing are conducted annually.



Q: How do you manage staff and vendors?
 

  • Employee background checks and annual security training.

  • Vendor risk assessments and contractual safeguards in place.


Q: Can your platform support both Commercial and Personal Lines?

Yes. 360IS ingests ACORDs, custom supplemental forms, loss runs, MVRs, and personal lines documentation. We support current PAS workflows and future Guidewire expansion.

bottom of page