






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This Q&A covers State Farm's ISA training, focusing on data protection, privacy regulations, and security standards. It addresses handling personal, nonpublic, sensitive, and protected health information, along with email and vendor best practices. Emphasizing PCI DSS compliance, it highlights safeguarding customer data to prevent fraud and identity theft. It's useful for understanding State Farm's security protocols and compliance, providing a concise overview of essential security practices and data handling. A valuable resource for employees and agents to reinforce information security and privacy knowledge, it stresses protecting customer information and adhering to legal standards to prevent breaches.
Typology: Exams
1 / 10
This page cannot be seen from the preview
Don't miss anything!







Information Security and Privacy Policies - correct answer ✅Establish expectations and standards for protecting information based on customer, business, market, regulatory, and technology drivers Privacy Policy - correct answer ✅Intended to support compliance with State Farm privacy notices and to educate employees, management, Business Area Privacy Representatives, and agents on the requirements of privacy compliance Notice of Privacy Policy - correct answer ✅Communicates how we protect, collect, use, and share customer information State Farm Privacy Principles - correct answer ✅- We do not sell customer information
BPI (Business Protected Information) - correct answer ✅- Tier 2 info PCI (Payment Card Industry) - correct answer ✅- Tier 1 Info EBPI (Elevated Business Protected Information) - correct answer ✅- Tier 1 Info Terminating System Access - correct answer ✅When an agent team member is no longer employed by the agent, the team member ID need to be removed to prevent security vulnerabilities
state law and also breach of contract that could result in card brands electing to revoke the ability of SF to accept credit/debit payments. All data must be treated in consistent manner with EISP policies PCI Security Standards - correct answer ✅- Never enter credit/debit card data in email, IM, or text
in compliance with EISP 60.20 Protecting Information Based on the Information Security Classification
Encryption - correct answer ✅Use [Encrypt] in the subject line when the number and structure must remain intact Data Loss Protection (DLP) - correct answer ✅Controls in place to help identify SPI being sent outside of the company, when attempting to send SPI outside of SF, you may recieve a notification with required actions and info on how to protect company data Email Best Practices - correct answer ✅- Before clicking send, forward, or reply, verify that everyone in the To, Cc, and Bcc fields has a need to know information you are providing. Take extra caution if these fields include distribution lists
Never disclose the following: - correct answer ✅- SF internal use only, trade secret, or confidential information on any social media site