Entity Level Controls
& IT Controls
Evaluate Business Intelligence and Performance
HISTORICAL REPORTS
In support to our Corporate Governance, we have established effective and efficient entity level controls which are aligned to our Risk Management Policy. As part of these controls, periodic
meetings are conducted by the Board of Directors and Executive Management to assess and discuss compliance efforts, market risks, and client requirements.
These controls are directly aligned with the COSO framework which includes the following entity controls areas:
- Control environment
- Risk assessment
- Information and communication
- Control activities
- Monitoring
Insight is proactive in its approach to risk management, balances the cost of managing risk with anticipated benefits, and undertakes contingency planning in the event that critical risks are realized.
IT Controls
Our ITGCs apply to all systems components, processes, and data within our information technology (IT) environment. These ITGCs are set in place to guide the effective development and implementation of systems, applications, and infrastructure as well as ensuring the integrity of programs, data files, and computer operations.
Insight’s ITGCs are grouped in the following categories:
- Access to Programs and Data (Logical access controls over infrastructure, applications, and data)
- Physical Security Controls (Access to Facilities and Data Center)
- Acquisition & System Development Lifecycle
- Program & Infrastructure Change Management
- System and Data Backup/Recovery controls (Information Systems Resiliency)
- Computer Operations
We are in compliance with the HIPAA Security & Privacy rules and are currently PCI DSS Certified and SOC2
