• Say What You Do Products
• Change Management
• Information Assurance Compliance Maturity Model Index (IACMMI)
• The Language of Compliance
• Systems and Info Classification
• Administrative Management
• Workplace Policy Development and Management
• Facilities, Fleet, and Equipment Management
• Travel
• Help Desk Services
• Physical Security Management
• Compliance Development and Enforcement
• Standards Setting/Reporting Guideline Development
• Policies, Standards, and Procedures Publication
• Policy and Guidance Development
• Public Comment Tracking
• Regulatory Creation
• Inspections and Auditing
• Controls and Oversight
• Program Evaluation
• Corrective Action
• Program Monitoring
• Credit and Insurance
• General Insurance
• Loan Guarantees
• Direct Loans
• Education
• Higher Education
• Elementary, Secondary, and Vocational Education
• Financial Management
• Budget & Finance
• Financial Reporting Information
• Asset & Liability Management
• Accounting
• Payments
• Unemployment Compensation
• Collections and Receivables
• General Retirement and Disability Program Management
• General Organizational Support
• Taxation management (governmental agencies)
• Centralized Fiscal Operations
• Legal Functions
• Records and Statistics Management
• Centralized Personnel Management
• Property Management
• General Executive Functions
• Staff Income Information
• Benefits Entitlement Event Information
• Representative Payee Information
• Strategic Executive Functions
• Personal Identity and Authentication
• Goods and Services Creation and Management
• Facilities and Infrastructure Management
• Goods and Services Production
• Construction
• Healthcare
• Health Care Services
• Consumer Health and Safety
• Human Resources
• Personnel Management
• Security Clearance Management
• Benefits Management
• Worker Safety
• Labor Rights Management
• Staff Recruitment and Employment
• Payroll Management and Expense Reimbursement
• Resource Training and Development
• Information & Technology Management
• System Development
• Information Management
• Record Retention
• IT Security
• IT Infrastructure Maintenance
• System Maintenance
• Lifecycle/Change Management
• Internal Risk Management and Mitigation
• Disaster Preparedness and Planning
• Contingency Planning
• Continuity of Operations
• Service Recovery
• Emergency Response
• Law Enforcement
• Criminal Apprehension
• Criminal Investigation and Surveillance
• Citizen Protection
• Property Protection
• Crime Prevention
• Legal, Litigation, and Judicial
• Judicial Hearings
• Legal Defense
• Legal Investigation
• Legal Litigation
• Resolution Facilitation
• Permits and Licensing
• Planning and Resource Allocation
• Strategic Planning
• Enterprise Architecture
• Budget Formulation
• Capital Planning
• Budget Execution
• Workforce Planning
• Management Improvement
• Research Operations
• Public Affairs
• Customer Services
• Official Information Dissemination
• Public Relations
• Product Outreach
• Revenue Collection
• Debt Collection
• Staff Fee Collection
• Organizational Asset Sales
• Supply Chain Management
• Inventory Control
• Logistics Management
• Goods Acquisition
• Services Acquisition
• Advising and Consulting
• Knowledge Dissemination
• Third Party Relations
• Third Party Program Project Information
• Third Party Liaison
• Third Party Program Proposal Development
• Third Party Program Tracking

General Insurance involves providing protection to individuals or entities against specified risks. The overall accountability rating for this information classification is Low.

Confidentiality level = Low

The confidentiality impact level is the effect of unauthorized disclosure of general insurance information on the abilities of responsible entities to provide protection to individuals or entities against specified risks. General insurance activities include both insurance issuing and insurance servicing. Insurance issuing is any activity such as provider approval, underwriting, and endorsements. The consequences of unauthorized disclosure of insurance issuing information will generally result in a limited adverse effect on organizational operations, organizational assets, or individuals. Insurance servicing supports activities associated with administering and processing insurance include payment processing, initial and final closings, loss mitigation, claims management, and retiring insurance. The confidentiality impact level is the effect of unauthorized disclosure of insurance servicing information on the abilities of responsible entities to administer and process insurance. The consequences of unauthorized disclosure of insurance servicing information will generally result in a limited adverse effect on organizational operations, organizational assets, or individuals.

Known mitigating factors toward changing the confidentiality level

The more serious consequences may result from 1) unauthorized disclosure of provider’s proprietary information, or 2) premature disclosure of organizational plans or changes under consideration for contracts, plans, or policies. Unauthorized disclosure of information that can affect contract arrangements to the detriment of the interests of the organization, and of the public at large (e.g., planned or anticipated termination of a major contract insurer), can result in damaging increases in public expense and exposure to impact. In the case of unauthorized disclosure to an individual organization, unfair competitive advantage may result – with major financial consequences. In the case of unauthorized disclosure of preliminary and unsubstantiated data that is both incorrect and pessimistic (e.g., budget projections), the consequent unwarranted alarm of the public may have serious operational consequences for affected entities. In the more serious cases, the confidentiality impact will be at least moderate. The more serious consequences of unauthorized disclosure of insurance servicing information may result from unauthorized disclosure of private information concerning the insured (e.g., various state and international privacy laws information). (The various state and international privacy laws Information provisional impact levels are documented in the Personal Identity and Authentication information type.) In the more serious cases, the confidentiality impact will be at least moderate.

Integrity level = Low

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of general insurance information may depend on the urgency with which the information is typically needed. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) typically has a limited adverse effect on organizational operations and/or public confidence in the organization.

Availability level = Low

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to reestablish access to general insurance information. The nature of general insurance processes is usually tolerant of reasonable delays.

Known mitigating factors toward changing the availability level

Extensive delays in insurance servicing activities can result in financial harm for individuals and businesses and in public alarm and repercussions in the financial markets. In more serious cases, delays may have serious political and operational consequences for affected entities. In such cases, the confidentiality impact may be at least moderate.