Guidewire Demonstrates SOC 1 and SOC 2 Type 2 Data Security Standards Compliance for Guidewire Cloud

Independent audits demonstrate compliance and offer P&C insurers security for move to cloud

FOSTER CITY Calif. , March 19, 2019

Guidewire Software, Inc. (NYSE: GWRE), provider of the industry platform Property and Casualty (P&C) insurers rely upon, today announced it has successfully completed independent SOC 1 and SOC 2 Type 2* compliance audits for Guidewire InsurancePlatform™ products** hosted via Guidewire Cloud™, the company’s cloud environment.

“Celent believes that the evaluation of insurance core systems and solutions must go beyond features and functions. Other critical criteria include strong controls for financial reporting, security, availability, confidentiality, and privacy,” commented Donald Light, director, North America Property/Casualty Practice, Celent. “Successful completion of SOC 1 and SOC 2 audits provides an important level of assurance for those areas.”

“More and more insurers are moving to the cloud and entrusting the security of their data to a cloud service provider,” said Kirk Sanford, chief information security officer (CISO), Guidewire. “Guidewire has actively implemented controls and managed them in our cloud environments. To ensure that we have appropriate controls implemented and that they are working effectively, Guidewire has undergone independent audits of these environments. The audits, which are becoming a must-have requirement for cloud services providers, provide assurance that the information environment is secure.”

“Completing these audits is a testament to the commitment Guidewire is making to our comprehensive control framework and ensuring that our customer’s data managed in Guidewire Cloud is secure,” said Oleg Ganopolskiy, group vice president, Cloud Operations and Support, Guidewire. “Freeing our customers from this significant security concern and shouldering this responsibility on their behalf helps ensure they can better focus on the business of insurance.”

  • SOC 1 – Detailed report of controls placed into operation for services relevant to financial reporting. SOC 2 – Detailed report of controls placed into operation for services concerning security, availability, processing integrity, confidentiality, and/or privacy. Type 2 reports span a review period compared to Type 1 reports, which are point in time.

** Guidewire has completed AICPA (American Institute of CPAs) SOC (System Organization Controls) audits conducted by independent auditors as follows: The company’s core system suites, Guidewire InsuranceSuite™ and Guidewire InsuranceNow™, have demonstrated SOC 1 Type 2 and SOC 2 Type 2 compliance. Guidewire has also demonstrated SOC 2 Type 2 compliance for: Guidewire Digital™, Guidewire Live Analytics™, Guidewire Predictive Analytics™ and Guidewire Underwriting Management™. Guidewire has previously demonstrated SOC 1 and a SOC 2 Type 1 compliance.

Additional Guidewire viewpoint on the data security topic can be accessed here.