AURA is Data-Driven
To grow, insurers must customize the customer journey. This takes more than data; it demands insight and an emphasis on security. Benefit from AURA's data-driven decisioning.
Transform your underwriting data into actionable insights with AURA.
- AURA is the only decision management platform that can easily add new evidence sources with multiple decision points. This provides a more complete picture of risk, with easier inclusion of new decision tools like predictive models, advanced analytics, machine learning, and even the Internet of Things (IoT).
- At RGA, ensuring the safety and integrity of data is an integral part of our development lifecycle. We apply security best practices to protect you, so you can be more effective at protecting people.
Curious? Learn more about our security practices below.
RGA data protection policies prohibit the disclosure or misuse of information about your customers.
AURA data is classified as restricted, which requires the most stringent level of security and data protection controls.
AURA data stays in the Amazon Web Services (AWS) region where services are consumed so that data does not cross geographical boundaries. AURA services run solely on ISO-compliant AWS platforms and services.
All data, at rest and in transit, use the latest cryptographic protocols for encryption. Anti-malware solutions exist to protect all AURA workloads. Least privilege principles are in place to limit the number of individuals who have access to your data. Regular host and network level vulnerability scans are executed, and findings remediated as a priority.
AURA and RGA take the utmost care to ensure policies and procedures are adhered to that protect against unauthorized access.
Comprehensive monitoring and logging systems are in place and allow for a holistic view of the environment.
In conjunction with industry leading Intrusion Detection/Intrusion Prevention (IDS/IPS), comprehensive network security technologies allow for swift detection of, and reaction to, any potentially malicious behavior. Externally available services are secured by a Web Application Firewall (WAF) and are regularly subjected to penetration testing allowing vulnerabilities to be detected before they could be exploited.
These technologies all tie into detailed incident management and response policies and procedures that are regularly reviewed and improved.
AURA services are consumed by our customers from AWS public cloud hosting facilities.
Public cloud hosting has changed the way organizations approach availability and Disaster Recovery (DR).
Traditionally, DR has involved a primary and secondary data center in a geographically dispersed region. When the primary fails, and a disaster is declared, services would be made available at the secondary facility to restore services.
With AWS hosted workloads the key AURA applications that could negatively impact a customer’s business operations during an outage use a highly available configuration within one AWS region. That region contains multiple data centers called Availability Zones (AZs) in geographically dispersed areas, on different floodplains, weather patterns, power grids, HVACs, etc. AURA services are all load-balanced across multiple AZs, and AURA is set up in an Active / Active high availability model. Further, AURA takes advantage of cloud auto-scaling capabilities to handle peak loads and utilizes self-healing technologies.
RGA is investing in both security and compliance programs.
Security programs are focused on:
- access management,
- secrets management,
- certificate management,
- vulnerability scans,
- penetration testing,
- data loss prevention,
- intrusion detection and prevention,
- incident response,
- privileged access management programs,
- user access reviews,
- networking security,
- and more.
Compliance programs continue to focus on designing and executing appropriate controls in order to maintain SOC 2 certification for the current AURA SaaS solution.