Privacy & Security

Travelers Information Security Practices

Travelers takes data security seriously and has a multi-faceted approach to strengthen the security of customer information. We use organizational, technical and administrative safeguards to protect information in our care. We have established a wide range of comprehensive data security protections and maintain an overall data risk management strategy that includes monitoring emerging security threats in the marketplace and assessing appropriate responsive measures and steps to react accordingly.

Organization and Policy

At Travelers, data protection is embedded throughout our business operations and information technology program. Our goal is to provide a disciplined approach to safeguarding our customer data and company information assets. As a foundation to this approach, Travelers maintains a comprehensive set of information security policies and standards which have been developed in collaboration with a wide range of resources such as information technology, information security, legal, compliance and business resources. This comprehensive and collaborative approach allows us to further the organizational culture of data security awareness, the effectiveness of data governance and the responsiveness to evolving data management protocols.

Technology

Travelers utilizes sophisticated tools designed to protect information through the use of technology including: encryption, firewalls, intrusion detection and prevention systems, and identity management systems. We monitor events to understand exceptions to normal processing and then act on those anomalies. We participate in vulnerability information sharing networks and track industry and government intelligence sources for impact in the marketplace and deploy necessary updates as appropriate. Travelers has a robust software patch management process that includes risk assessment and risk-based update schedules.

Training

Travelers provides its employees with data security awareness, education and training. Travelers has a team of information security personnel engaged in data risk management education and ongoing training to employees with access to Travelers information assets. Our annual security awareness training covers a broad range of security topics from password protection and social engineering to privacy and compliance. We provide ongoing training via computer-based training, targeted training, security materials and presentations, company intranet articles, email publications and various simulation exercises.

Compliance

Travelers expects all employees to act in accordance with the highest standards of personal and professional integrity in all aspects of their employment and to comply with all applicable laws and Travelers policies.

Our information security framework includes regular compliance assessments with Travelers policies and standards and applicable state and federal statutes and regulations. Compliance with our internal data security controls is validated through the use of internal and external security monitoring utilities and through rigorous internal and external audits. In addition, we proactively perform self-assessments against regulatory frameworks such as the NIST Cyber Security Framework.

Additional information regarding privacy and security, including Travelers Privacy Statements, is available at: Online Privacy Statement