Enterprise Premium Audit Solutions

Premium Audit Network

ISOPAX® Network

A Nationwide Web-Based Network For
Outsourced Premium Audits

“Safe Harbor” Privacy Statement

ISO adheres to the "Safe Harbor" framework developed by the U.S. Department of Commerce with respect to personal information we receive from the European Union. This Statement outlines ISO’s policy and practices for implementing the "Safe Harbor Privacy Principles," including the type of information to which this Statement applies, how we use personal information, and the choices individuals have regarding our use of, and their ability to correct, that personal information. If there is any conflict between the policies in this statement and the "Safe Harbor" framework, ISO will follow the "Safe Harbor" framework.

This statement applies to all Personally Identifiable Information ("PII") we receive from an ISO subsidiary in the European Union that transfers PII to ISO in the United States.

Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to us, or as soon as practicable thereafter, and in any event before we use the information for a purpose other than that for which it was originally collected.

We may disclose personal information if required to do so by law or to protect and defend our rights or property. We obtain personal information only as permitted by the "Safe Harbor" framework. Before we allow an individual to obtain or use our products or services, we may require the individual to provide consent for personal information to be collected, used, and/or disclosed in certain ways.

We offer individuals the opportunity to choose whether their personal information is: (a) to be disclosed to a nonagent third party or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. We disclose your personal information only to an affiliated third party that receives PII from ISO within a binding legal relationship pursuant to our instructions or on our behalf.

We provide individuals with reasonable mechanisms to exercise their choices should requisite circumstances arise.

Data Integrity
We use personal information only in ways compatible with the purposes for which it was collected or subsequently authorized by the individual. We take reasonable steps to ensure that personal information is accurate, complete, current, and relevant to its intended use.

We process personal information in ways compatible with the purpose for which the personal information was collected, or as otherwise authorized by the individual. To the extent necessary for such purposes, we take reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.

Disclosures and Onward Transfers
We do not transfer onward or disclose personal information received from the EU to third parties except when one or more of the following conditions is true:

  • We have the individual's permission to make the disclosure.
  • The disclosure is reasonably related to the sale or other disposition of all or part of our business or assets.
  • The disclosure is permitted by law or required pursuant to subpoena.
  • The personal information to be disclosed is publicly available.

Data Security
ISO has institutionalized industry-standard security practices, including encryption, and is constantly implementing reasonable precautions to protect personal information in our possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction. We protect data in many ways. Physical security is designed to prevent unauthorized access to database equipment and hard copies of personal information. Electronic security measures continuously monitor access to our servers and provide protection from hacking or other unauthorized access from remote locations. This protection includes the use of firewalls, restricted access, and encryption technology. We limit access to personal information and data to those persons in our organization, or as our agents, that have a specific business purpose for maintaining and processing such personal information and data. We inform individuals who have been granted access to personal information and data of their responsibilities to protect the security, confidentiality, and integrity of that information, and we provide training and instruction on how to do so.

If an individual becomes aware that personal information we maintain about that individual is inaccurate, or if an individual would like to update or review his or her personal information, the individual may contact us using the contact information provided below. We will take reasonable steps to permit individuals to correct, amend, or delete information demonstrated to be inaccurate or incomplete.

Accountability and Enforcement
ISO has established a Data Protection Program to monitor our adherence to the "Safe Harbor" principles, and to address questions and concerns regarding our adherence. This program will include conducting compliance audits of our relevant privacy practices to verify compliance with this policy and the "Safe Harbor" principles. Additionally, we provide a statement, at least once a year, signed by our authorized representative, verifying our adherence to the "Safe Harbor" principles. We encourage interested persons to raise any concerns to us using the contact information below.

We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Statement. For any dispute that cannot be resolved through our internal processes, ISO will engage the services of an unaffiliated neutral party such as TrustE to act as the dispute-resolution mediator as permitted by the "Safe Harbor" framework. In the event that we or the dispute-resolution mediator determines that we did not comply with this policy, we will take appropriate steps to address any adverse effects and to promote future compliance.

Contact Information (Safe Harbor Only)
Insurance Services Office, Inc.
Attn: Chief Information Security Official
545 Washington Boulevard
Jersey City, New Jersey 07310


 Effective Date of Safe Harbor Statement: June 9, 2008


For more information . . .
. . . on the ISOPAX Network, send your inquiry to isopaxinfo@iso.com. If you’re interested in joining the ISOPAX Network, please contact ISO to get in touch with an ISOPAX representative, or call us at 1-210-204-8132.