Jump to content
  • Announcements

    • Mark Sollis

      Why are we here!

      This Forum is designed for Insurance Broker / Underwriters using or interested in using, the Insurance administration solutions available from Open GI.   Feel free to register, roam around and join in any Topics of interest -or why not start a Topic of your own!   If you have any comments or questions, just "Register" and post you query here   Happy Hunting
    • aggy

      If you Make a Post or a Reply - Please be Patient!   01/12/15

      NOTE - When posting, please allow a minute or so for your post to be loaded!   It does take a few second​s to upload your post to the Forum, so please be patient with me while this happens   You can always check by going to the main Topic page and then to your post, to make sure all is looking good - and if you have done this twice, don't worry, you should be able to edit the extra one and mark as a "duplicate".   Thanks all   XX   Aggy


  1. New Users - Start Here!

    1. FAQs - How To Use The Forum

      A good place for finding information, help and advice on use of the Forum

    2. 1
  2. Open GI - Insurance Administration Software - Public Access

    1. Announcements

      Important Broker Notices

    2. PCI DSS Compliance

      Post your views questions and experiences of what PCI DSS means in your business - and how you've coped!

    3. General Queries and Feedback

      So what do you think of Open GI and their software & services. Does their IT help you? Does it really make your life easier? Share your thoughts here and ask others for theirs!

    4. In The News

      Links and Information about Open GI, the User Group and other related articles of interest found in the press

    5. AGM Details

      Details of Past Present and Future meetings

    6. Rambo's Rants

      An ever topical area with acute insight from one of our leading experts on how Open GI impacts a real Broker's business

    7. Poll Results and Feedback Summaries

      From time to time we gather feedback from Forum users as well as from industry groups.
      Poll and feedback results are published here for general review

    8. Forum / Web Enhancements

      Your chance to add any feedback / thoughts / issues / problems regarding the main Web site or indeed this Forum - be honest!

  3. Full Member Access Area

    1. Specialist User Forum Archive

      These are pages transferred from the fantastic SUF Forum and are available to all Full Members of the Open GI User Group

      • liam
    2. Core 14

      Join Cousin Clarissa and share all the news, views and thoughts on the next major Core release from Open GI

    3. Enhancements Wish Lists - What Do You Want?

      The Open GI User Group has a direct impact on how your software is developed. Tell us what you need to make life easier and we can put your ideas forward!

    4. Discussion Forum

      Feel free to post any General Discussion Topics here - Everyone has a view and an opinion!

    5. InfoCentre

      How to use, hints, tips, advice and suggestions

    6. Agony Aunt

      OK - If you have an Open GI problem or don't know your ReportNet from your Calc Code, then post your questions here. Someone, somewhere will have the answer and you may get a faster response than a support call!

    7. Upgrade Information

      News on upgrades planned from open GI.
      Not guaranteed but gives you chance to see what's on the horizon and chance to comment and have your say. All views welcome

    8. ELTO

      What does this mean to you and how has your business implemented the directive?

    9. Uploaded Files

      Files uploaded for the benefit of Open GI User Group members

    10. Technology and Third Party Applications

      Area for general Technology discussions and Third Party Applications

    11. Hints & Tips

      A Treasure Trove of Information - lots of detail for our members

  • Who's Online (See full list)

    There are no registered users currently online

  • Posts

    • Hi Bryan - of course!! Apologies - there are a couple of answers that are applicable - and I was trying to formulate a coherent response. The "day job" has stalled my response .... Let me complete tomorrow and I'll post up the options here. But of course - there are more questions than answers ..   Meanwhile - can you confirm (i) whether you use APM - prospect manager? Also - (ii) what data MUST you transfer as a minimum - i.e.  Client Policy Risk Diary ClaimsWriter detail PolicyNumbers Insurer OpenAttach documents Transactions EDI records   Or simply - is it just the Client / Policy and Risk pages?   Let me know - but will be back to you here tomorrow (Thursday)!   M  
    • Hi Mark   have reistered on the forum    if you can help with any idea's re transfering risks between branches   thanks  
    • Hello,   I wanted to take this opportunity to say Thank you, to the members of the user group, who since 2014, have previously mentioned, recommended and invested in Callstream Vault: to attain PCI-DSS Level 1 Compliance when taking card payments over the phone through Open GI CreditLine Plus (See: https://www.opengi.co.uk/broker-software/accounting/creditline-plus/).   What is Open GI CreditLine Plus?         What do the FCA and PCI Security Standards Council advise when it comes to Protecting Telephone Based Payment Card Data through Open GI CreditLine Plus?   Whilst Insurers and Brokers are regulated by the FCA. It is the PCI Security Standards Council who would mandate that all Insurers and Brokers be PCI compliant. PCI-DSS requirements are developed and maintained by the PCI Security Standards Council but they are not mandated by the FCA.   The PCI Security Standards Council published a supplement on Protecting Telephone Based Payment Card Data:  https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf as well as PCI Data Storage 'Do's and Dont's: https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf.    (If your business sells Cyber Liability Insurance, you will be aware of the risks of Data Breaches, Data Theft, Governance and Risk).    Pertinent to PCI-DSS, there are 3 High Level SYSC rules and guidance set out in the FCA Handbook:   SYSC 3.2.6 - https://www.handbook.fca.org.uk/handbook/SYSC/3/2.html SYSC 5.1.2 - https://www.handbook.fca.org.uk/handbook/SYSC/5/1.html SYSC 6.3.6 (4) - https://www.handbook.fca.org.uk/handbook/SYSC/6/3.html   Whilst the FCA set out these rules and guidance in the Handbook, ultimately it is the Insurers and Brokers decision what commercial systems and processes it implements.   It is important to remember that PCI standards are enforced by the five payment card brands; VISA, Mastercard, American Express, JCB International and Mastercard.   For reference, Barclays Bank PCI Breach penalties in (£GBP) passed on to their customers (imposed on Barclays by VISA and Mastercard):     What is Callstream Vault for Open GI CreditLine Plus?   Callstream Vault is an PCI-DSS Level 1 hosted telecoms software as a service with an interface that has been developed with Open GI to connect to Open GI CreditLine Plus. It enables Insurers/Brokers to securely process card payments over the telephone.    How does Callstream Vault work?   The service can be delivered through either porting your telephone number or diverting telephone numbers to Callstream' 'PCI-DSS Level 1 Cloud Server' which is an highly encrypted server with software that tells the Open GI CreditLine Plus terminal the customers card details.    Simply put, your agent prompts your customer to provide their card number over the phone, clicking a button on their computer to which the customer is given a verbal prompt to enter their card details into their telephone keypad, followed by their card security number. Throughout the process, the agent does not handle the customers card data - hear or see the customers card details or the tones on the keypad being pressed. The card details are securely received by Open GI CreditLine Plus and the transaction is completed, PCI-DSS Level 1 compliant.   Food for thought, Callstream Vault explained in a  3 minute 16 seconds YouTube video:        What are the alternatives to Callstream Vault?   It is widely perceived that 'Pause and Resuming' Call Recordings is PCI-DSS compliant, because customers card details are not being stored by the Insurer/Broker. However, this involves designing business and IT system processes to manually or be automated to pause the call recording and then resume it.   Then there is the effort, time and associated cost of ensuring that these processes are not prone to human or system error - so card details and data does not accidentally get stored on the call recording.   There is also the element of insider theft risk which is brought up in Cyber Liability Insurance: does the agent need to hear the card details? Whilst the call recording is paused - what is being said, advised, saved, stored, stolen...     Many Thanks and Best Regards,     Anoop Dhaliwal - Product Specialist - Callstream Vault. anoop.dhaliwal@callstream.com Callstream Vault won the Insurance Times - Technology Partnership of Year - Award in 2014, 2015.      
    • Hi Gary - thanks for raising this one - and a concern for many I'm sure   There is a whole debate here around employee trust and general access control for any cloud solution in a commercial environment. One of the "benefits" of cloud based applications is their accessibility from anywhere (any beach?) in the world - and the converse risk, is their accessibility from anywhere (any home!) in the world  ...   I would start by asking the question as to what restrictions are in place WITHIN the office environment that do not exist when accessing remotely - from "home"? In the office, can a staff member download customer data and copy this to a USB? Can they process unauthorised transactions / payments without supervision? Can they access HNW client data and farm addresses, numbers and personal information for their own use? Can they delete diary records, risk information? Can they falsify history, sales, quotes and other KPI records for their own gain? If they can do this in the office, why would they do they need to log in from home?   I suspect the office risk is only marginally better than an at home risk - but you will need to answer those questions - and all workplaces are different. Whether it's open plan, offices, restricted areas etc - all have risk and opportunity.   Putting all the above to one side however, there are (should be!?) many technical options within the providers capability. Restricting access to known locations (IP Addresses) is a simple and effective solution as well as applying restrictions by time of day as well as additional monitoring tools to look at user activity and behaviours. These are basic options and relatively easily achievable for any responsible provider - as long as they have the correct network architecture, cloud set-up and a security conscious approach - oh and the desire to do so ...   My recommendation would be to take compliance advice and assess any additional and validated risks with home access to any cloud solution - whether it's OGI, email accounts or phone systems. Part of that process will be to mitigate all known risks and part of that, is to have providers that can offer technical security to meet your needs. It's your data and your business and under legislation and compliance, you are required to protect both.    Please post back with the OGI response - meanwhile I'm sure other members here will have their own views   Thanks for posting   Mark
    • Open Gi are trying to convince me to go over to their Cloud System, with all of the associated products, benefits etc. I can see the advantages of doing so but my account manager has advised me (and has double checked his own advice) that my staff will then be able to access our Open Gi system from anywhere even outside of the office. I don't think I'm going mad here but why would any broker want to allow staff to do that ? I have one person who can access Open Gi remotely from his house but that is because I authorised him to. I have even put to my account manager that why had no one thought of this 'issue' at Open Gi. He has just advised me that they have had a number of comments about this and are trying to find a solution but there isn't one at the moment. I assume other brokers are aware of this who have already swapped to this system, but can anyone tell me if they have found their own solution to stop staff accessing the system outside of work. Many thanks.
  • Topics

  • Popular Contributors

    Nobody has received reputation this week.