Security practices for commercial insurance data.
Policy records, policyholder PII, ceded reinsurance financials, and FNOL loss data require specific data security controls. Irys is built with encryption, role-based access, immutable audit logging, and US-only data residency as foundational requirements. We document what we have built — we do not claim certifications we have not completed.
Built for regulated industry requirements.
Irys is designed with the security controls appropriate for insurance operations data. We do not claim certification status not yet completed — we describe what we have built.
All data in transit is encrypted with TLS 1.3. Policy data, policyholder PII, and reinsurance financials are encrypted at rest. Encryption keys are managed with per-tenant isolation.
Role-based access control with carrier-level isolation. Underwriter, adjuster, finance, and admin roles are configurable. MFA available for all users. API access requires scoped keys.
Every policy change, claim action, user login, and data export generates an immutable audit event. Audit log is queryable and exportable for regulatory review or internal audit.
Standard deployment uses US-only data centres. State-level data residency isolation available on Regional tier for carriers with specific regulatory requirements.
Daily encrypted backups with a 30-day retention window. Point-in-time recovery available within the retention window. RTO and RPO targets documented per service tier.
Real-time infrastructure monitoring with automated alerts. Carrier admins receive notification of unusual access patterns. Security events are logged and investigated.
Security questions and disclosures.
If you have identified a security concern or vulnerability in the Irys platform, contact us directly at [email protected] with subject line "Security Disclosure." We review all reports and respond within 2 business days.