Axa covers network against security violations

Axa covers network against security violations


Insurer looks at information security policy auditing

Insurance firm Axa plans to introduce new technology to check that its information security policy is being complied with.

The company is considering a number of suppliers for the project, which will allow the insurer to audit its IT network and check whether or not security meets the standards set out in its paper-based policy.

Axa is using vulnerability management technology from IT supplier Qualys to audit its security controls for Sarbanes-Oxley directives.

‘What we want is to have a true policy compliance product; one that can translate the paper policy into an actual solution,’ said Axa Technology Services global security technical domain manager Monty Couch.

‘It has only really been an issue for us in the past year, but it is likely that policy compliance will continue to be a major focus in the future, and so we will need to have a continued in-depth knowledge of our network and the risks to it,’ he said.

Axa hopes the technology will audit all of its IT systems and alert areas where the company is failing to comply with the group’s IT security policy.

The company is also using technology from Qualys to automatically detect vulnerabilities in its computer network, which could expose the firm to viruses, internet worms and hackers.