Continuity has obtained the ISO/IEC 27001 certification issued by the independent body ACCORP. This certification is the principal international reference for information security management. It confirms that the company has implemented a structured, documented and controlled system that ensures the protection of data and the management of operational risks associated with its activities.
In a context of accelerated transformation of professional underwriting, this certification provides insurers with a clear framework to evaluate the level of security and governance of the technology partners that accompany them.
An international framework to structure data security and governance
The ISO/IEC 27001 standard defines a set of requirements covering the identification of information risks, the implementation of control measures, documentation of processes, incident management, and regular review of security measures. It imposes a comprehensive and systematic approach to information security management, based on measurable and audited criteria. Obtaining certification means the organisation applies an information security management system (ISMS) that complies with the requirements of the standard.
This implies, in particular:
- a regularly updated information risk mapping;
- formalised policies covering all areas of security;
- strict access and authorisation controls;
- continuous monitoring of sensitive activities and technical logs;
- precise documentation of critical procedures;
- internal audit cycles and management review;
- mechanisms for incident handling and escalation.
This system aims to ensure the confidentiality, integrity and availability of processed information, regardless of its nature or sensitivity.
Strengthened challenges for professional insurers
Professional & Enterprise insurers rely on significant volumes of heterogeneous data, structured or unstructured, from multiple sources: underwriting documents, declarations, internal databases, external data, company histories or financial information.
Their use requires systems capable of ensuring regulatory compliance, reliability of processing and control of operational risk. In this context:
- data quality conditions risk analysis;
- process robustness is necessary to industrialise underwriting journeys;
- supplier risk control is now systematic in the due diligence of CIOs, CISOs and risk departments.
The ISO/IEC 27001 certification allows P&C insurers to integrate Continuity into their IT and regulatory environments with a stronger level of trust. It provides a clear reference framework to analyse security practices, documentation requirements and the commitments monitored by the company over time.
A security management system integrated into Continuity’s business
To meet the standard’s requirements, Continuity structured and formalised its entire security management system. This process mobilised several teams—technical, product, legal, security, operations—and resulted in a methodical strengthening of all internal practices.
The work covered several aspects:
1. Governance and risk management
An information risk management process was defined and deployed. It includes:
- regular identification and qualification of risks;
- impact and probability analysis;
- documentation of treatment plans;
- periodic review by management.
2. Policies and procedures
A set of policies governing security, system access, incident management, business continuity, backups, cloud environments or internal resource usage was formalised and implemented.
3. Technical and operational controls
The certification requires strict access control, monitoring of sensitive activities, regulated environment management and regular verification of system integrity.
4. Team awareness
Security also relies on behaviours. Training and awareness campaigns were implemented to ensure all employees understand good practices and procedures applicable to their scope.
5. Internal audits and continuous improvement
The standard imposes periodic process reviews and regular internal audits. These mechanisms ensure that practices remain aligned with the standard’s requirements and that identified improvements are implemented in a structured manner.
Direct implications for P&C insurers and partners
The ISO/IEC 27001 certification brings several concrete benefits to P&C insurers who rely on Continuity’s solutions to industrialise or modernise their underwriting processes:
- Reduced supplier risk: thanks to audited and documented controls, the residual risk associated with using the solution is easier to assess and manage.
- Simplified due diligence: CIOs, CISOs and risk directors have a documentary basis conforming to market standards, facilitating the analysis of security practices and accelerating project reviews.
- A secure framework for data processing: data from underwriting documents, company histories or other sources are processed in a controlled and monitored environment.
- Acceleration of digitalisation projects: the certification provides a trust framework that facilitates the integration of Continuity’s solutions into existing systems, reducing validation delays and required iterations.
A structuring step in Continuity’s trajectory
This certification is part of the company’s ongoing strategy: providing professional insurers with reliable, secure solutions compatible with the operational and regulatory requirements of the sector. It forms a solid basis for supporting business scale-up, strengthening partner confidence and responding to insurers’ growing expectations in data governance.
Beyond obtaining the certification, the standard imposes ongoing monitoring and continuous improvement of the security management system. Continuity will continue this work over time, integrating security as a permanent element of its organisation and product evolution.
