State Farm ISA Training: Information Security and Privacy Exam Q&A, Exams of Insurance Economics

This Q&A covers State Farm's ISA training, focusing on data protection, privacy regulations, and security standards. It addresses handling personal, nonpublic, sensitive, and protected health information, along with email and vendor best practices. Emphasizing PCI DSS compliance, it highlights safeguarding customer data to prevent fraud and identity theft. It's useful for understanding State Farm's security protocols and compliance, providing a concise overview of essential security practices and data handling. A valuable resource for employees and agents to reinforce information security and privacy knowledge, it stresses protecting customer information and adhering to legal standards to prevent breaches.

Typology: Exams

2024/2025

Available from 06/26/2025

Nurseexpert
Nurseexpert 🇺🇸

4.5

(4)

8.6K documents

1 / 10

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
State Farm ISA Training Exam Questions
And Answers
Information Security and Privacy Policies -
correct answer Establish expectations and standards for
protecting information based on customer, business, market,
regulatory, and technology drivers
Privacy Policy -
correct answer Intended to support compliance with State Farm
privacy notices and to educate employees, management, Business
Area Privacy Representatives, and agents on the requirements of
privacy compliance
Notice of Privacy Policy -
correct answer Communicates how we protect, collect, use, and
share customer information
State Farm Privacy Principles -
correct answer - We do not sell customer information
- We do not allow those who are doing business on our behalf to
use our customer information for their own marketing purposes
- We contractually require any person or organization provided
products or services on our behalf to protect customer information
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download State Farm ISA Training: Information Security and Privacy Exam Q&A and more Exams Insurance Economics in PDF only on Docsity!

And Answers

Information Security and Privacy Policies - correct answer ✅Establish expectations and standards for protecting information based on customer, business, market, regulatory, and technology drivers Privacy Policy - correct answer ✅Intended to support compliance with State Farm privacy notices and to educate employees, management, Business Area Privacy Representatives, and agents on the requirements of privacy compliance Notice of Privacy Policy - correct answer ✅Communicates how we protect, collect, use, and share customer information State Farm Privacy Principles - correct answer ✅- We do not sell customer information

  • We do not allow those who are doing business on our behalf to use our customer information for their own marketing purposes
  • We contractually require any person or organization provided products or services on our behalf to protect customer information

And Answers

  • We do not share customer medial information within SF family of companies unless you authorize it, its permitted/required by law, or your insurance company policy with us permits us to do so
  • We may share customer information and permit others to use that info if you give us your consent, it is necessary to complete a transaction you request, or otherwise permitted by law
  • We handle info about former and prospective customers the same as existing If a customer selects Do Not Share - correct answer ✅- We will not share certain types of personal information such as marital status and occupation between affiliates.
  • DNS data fields will not pre-populate within applications and quotes. Never appropriate to change a customer's preference for convenience of completing applications PI (Personal Information) - correct answer ✅Info about an individual (36 year old female)
  • Tier 3 Info

And Answers

BPI (Business Protected Information) - correct answer ✅- Tier 2 info PCI (Payment Card Industry) - correct answer ✅- Tier 1 Info EBPI (Elevated Business Protected Information) - correct answer ✅- Tier 1 Info Terminating System Access - correct answer ✅When an agent team member is no longer employed by the agent, the team member ID need to be removed to prevent security vulnerabilities

  • Agents should submit a request to terminate system access using the Terminate Team Member System Access Form
  • Obtain any office keys from the team member or change office entry security codes PCI Data Security Standard - correct answer ✅Failure to comply may be considered violation of

And Answers

state law and also breach of contract that could result in card brands electing to revoke the ability of SF to accept credit/debit payments. All data must be treated in consistent manner with EISP policies PCI Security Standards - correct answer ✅- Never enter credit/debit card data in email, IM, or text

  • Never electronically copy and paste card data
  • Carefully inspect all paper copies prior to scanning to make sure card data has been masked or made unreadable
  • Card data should never be written down or saved for later use
  • Data should never be transferred to portable electronic storage media
  • Data should only be entered in designate fields within authorized applications and never entered into free-form text fields
  • Never store card data outside approved systems
  • When handling/finding card data, only display the last four digits if it must be referenced, do not mask using highlighter, do not type letters over the data as it does not cover
  • When handling data in paper format, use perm black marker to strike through all but the last four digits of the primary account

And Answers

in compliance with EISP 60.20 Protecting Information Based on the Information Security Classification

  • SPI must never be transferred/copied to State Farm-issued portable electronic storage media (CD, DVD, etc) unless there is an approved business case, then it must be removed when no longer needed
  • SPI should never be entered in fields such as remarks or comments, unless specifcally designed for SPI
  • Do not include SPI in text
  • To prevent customers from viewing information that is not their own, it is important to correctly enter and update name, address, DOB, SSN, etc across all systems Truncation - correct answer ✅Permanently remove segment of the data (SSN last four digits is 1234) Masking - correct answer ✅Keep the structure, but make only the last 4 viewable (SSN XXX-XX-1234)

And Answers

Encryption - correct answer ✅Use [Encrypt] in the subject line when the number and structure must remain intact Data Loss Protection (DLP) - correct answer ✅Controls in place to help identify SPI being sent outside of the company, when attempting to send SPI outside of SF, you may recieve a notification with required actions and info on how to protect company data Email Best Practices - correct answer ✅- Before clicking send, forward, or reply, verify that everyone in the To, Cc, and Bcc fields has a need to know information you are providing. Take extra caution if these fields include distribution lists

  • If you receive a pop-up indicating recipients are external associates or out of network, verify they have a business need to know
  • When appropriate mark messages as confidential or private
  • Do not use Reply All if everyone does not need the information. It should be used sparingly and in most cases a reply to only the sender is sufficient

And Answers

Never disclose the following: - correct answer ✅- SF internal use only, trade secret, or confidential information on any social media site

  • Specific insurance products or financial services
  • Pricing, coverage, underwriting, or claim details
  • Customer or prospect info