Skip Ribbon Commands
Skip to main content

Information Security Policy

Insurance Agency Information Security Policy

It’s the law that agencies have a security plan per Virginia Statute 38.2-613.2.  The statute requires that each insurance institution, agent, and insurance-support organization will have a written information security program that includes administrative, technical, and physical safeguards for the protection of policy information.

Don’t get overwhelmed with the technical jargon of the information required and discard complying with this code. IIAV has a solution for you with their information security policy template developed specifically for IIAV member agencies at no cost.  This includes an addendum for PCI compliance requirements, as a HIPPA Rule Addendum for those who need it. 

Download a Information Security Policy - Template



Accelerate2Compliance™ (A2C) offers the most cost-effective and easy-to-use information security compliance solution designed to help small to mid-size businesses - and their vendors - achieve and maintain regulatory compliance requirements. A2C delivers this through the A2C Portal™, the only all-in-one cloud-based subscription software solution to empower businesses with the most simple and efficient assessment process, robust tools and reports, and best business practices to guard against ever-increasing information security threats all in one place.


A2C™ is the only all-in-one integrated solution with easiest-to-use tools needed to manage the path to compliance on the A2C Portal™ including:

1. A2C Portal Dashboard & Reports - provide ongoing updates to information security compliance status with progressive assessment reports that provide visibility to deficiencies and progress along the path to compliance.

2. A2C Simple Assessments - the fastest, easiest-to-use, self-administered assessments on the market.

3. A2C Policies and Procedures™ - a full suite of enterprise-grade information security compliance policies and procedures that clients adopt, edit, and utilize as their own, and build the required Written Information Security Program (WISP).

4. A2C Training and Testing™ - modules that provide annual information security awareness training and testing as required by federal and state regulations. The modules are designed to move at the “learners' pace" with the ability to start and stop as needed throughout the process, and track participant progress through completion.

5. A2C Vendor Assessment- a very simple vendor-completed solution to enable vendor compliance engagement. In addition, illuminated dashboards and reports provide visibility for both clients and their vendors to review the information security compliance posture at a glance.

IIAV members receive a 15% discount! Use discount code IIAV2022.