Created by the American Institute of Certified Public Accountants, SOC 2 (System and Organization Controls 2) is an assurance framework that helps organizations to ensure optimal protection of customer data and assets. SOC 2 Type II compliance provides SDS clients and partners with independent third-party assurance on robust data security, across all underwriting and claims management solutions. This achievement clearly highlights SCOR’s commitment to protecting its systems and customer data.
SCOR Digital Solutions (SDS), SCOR’s Life & Health Insurtech arm specializing in innovative digital solutions, has successfully completed a SOC 2 Type II attestation audit across its entire suite of underwriting and claims solutions. The audit was conducted by an independent third party and involved a comprehensive review of SDS’ security and governance controls – in terms of both design and operating effectiveness – over a defined review period.
The SOC 2 Type II attestation provides clients and partners with independent assurance that the SDS control environment is robust and in line with the SOC 2 Trust Services Criteria for Security. These criteria help to prevent unauthorized access to systems and information through a combination of governance, technical safeguards, and operational discipline. They include:
- Data protection: SDS safeguards sensitive information, including PHI and PII, using layered security controls such as encryption, secure configuration, and continuous security monitoring.
- Identity & access management: Access is governed by strong authentication, role-based authorization, and regular access reviews to ensure only approved users can reach critical systems and data.
- Security governance & risk management: SDS operates formal security policies, risk assessment processes, and control oversight to proactively identify, track, and reduce security risk.
- Change management & secure operations: System changes are controlled through defined processes, testing, and approvals, supported by logging, vulnerability management, and secure operational practices.
- Incident response: Established playbooks, escalation paths, and post-incident reviews help ensure timely response, containment, and continuous improvement.
- Third-party assurance: SDS assesses and manages supplier and sub-processor risk to maintain security expectations across its extended ecosystem.
Martijn Reijerse, Chief Technology Officer at SCOR Life & Health and SDS, comments: “In the insurance industry, where risk decisions are increasingly driven by data, AI and automated workflows, security cannot be a secondary priority. Achieving SOC 2 Type II compliance across our entire solution suite is a testament to our 'security-by-design' philosophy. It provides our clients with the independent, third-party validation they need to scale digital transformation with absolute confidence.”
Trust is absolutely crucial in insurance. The SOC 2 Type II compliance sits alongside SCOR Digital Solutions’ existing ISO/IEC27001 and ISO/IEC27018 certificates, providing clients with peace of mind and reinforcing SCOR’s Group-wide commitment to security, privacy, compliance, and responsible risk management.
About SCOR Digital Solutions
SCOR Digital Solutions is SCOR Life & Health’s digital solutions platform. Drawing on strong technological foundations, it combines SCOR’s industry-recognized expertise and data capabilities to help our clients navigate through and capitalize on the future of automated underwriting and claims solutions, maximizing market potential globally, driving better financial and operational performance, and delivering the best possible customer experience.