ENSURING SAFETY

Maintaining a Safe and Secure Technical and Working Environment

PerfectQuote commits to ensuring that a safe and secure technical environment exists for its products and services as well as providing a similar experience for its diverse and skilled teams. PerfectQuote endeavors to protect confidential data from unauthorized access, misuse, disclosure, destruction, modification or disruption.

Policies

PerfectQuote maintains detailed information security policies. Employees are required to complete security awareness training upon hire and annually thereafter. The security awareness training modules require employees to read and provide acknowledgement of the Corporate Information Security Policy. The policies are for official use only and are reviewed at least semi-annually by PerfectQuote Senior Management.

Application Security

PerfectQuote retains an Application Development and Security team for purposes of defining and enforcing mandatory best-practice secure software development. The teams that we utilize maintain a policy which details these practices and works closely with PerfectQuote’s development teams.

Incident Management

PerfectQuote Operations maintains an Incident Management program to handle any incident with operational impact — security or otherwise. It is PerfectQuote’s policy to notify customers of any confirmed material breaches of customer data.

Business Continuity Planning / Disaster Recovery

PerfectQuote Operations maintains an a Business Continuity Planning / Disaster Recovery program to ensure that infrastructure is always recoverable.

Testing and Audit

PerfectQuote’s Internal Audit and Information Security Assurance is set up to conduct tests utilizing various methods to verify compliance with written polices and to assess vulnerabilities. In addition, PerfectQuote teams support examinations from multiple regulatory bodies, and commission independent penetration tests.

A rigorous Service Organization Control (SOC) audit is performed annually to produce independent verification and testing of PerfectQuote controls for external parties and auditors that rely on PerfectQuote. The scope of this report is evaluated each year and tailored in response to customer feedback and business developments.

Inquiries Into Information Security Program

Due to the number of requests received from regulators, members, customers of subsidiaries, and other stakeholders, PerfectQuote does not respond to individual inquiries or questionnaires from customers regarding the security of PerfectQuote systems. Further, to protect the security and integrity of PerfectQuote environments, it is company policy that we do not share information related to internal policies and procedures with third parties. We understand that our customers, as part of their internal vendor management procedures, request information related to security process and posture from their vendors from time to time. As such, from time to time, PerfectQuote may share SOC reports with our customers that independently validate our internal information security controls.

Work Environment

PerfectQuote is an equal opportunity employer and prohibits discrimination and harassment of any kind. PerfectQuote is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at PerfectQuote are based on business needs, job requirements, and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military services, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where it operates.

PerfectQuote has established a reporting mechanism for employees of the company or 3rd parties to notify the company of issues or concerns that may arise within or outside of the workplace that relate to the foregoing by emailing employeerelations@perfectquote.io. It is important to note that if the person reporting the issue or concern desires to remain anonymous, a non-identifiable sending email address should be used.