SOC 2 Compliance

SOC 2 Compliance

CoverTree uses subservice organizations to provide application maintenance and support services. Complementary subservice organization controls, that are suitably designed and operating effectively are necessary, along with controls at CoverTree, to achieve CoverTree‘s service commitments and system requirements based on the applicable trust services criteria. CoverTree’s controls, the applicable trust services criteria, and the types of complementary subservice organization controls are assumed in the design of CoverTree’s controls.

CoverTree confirms, to the best of its knowledge and belief, that:

CoverTree confirms, to the best of its knowledge and belief, that:

The controls are suitably designed to provide reasonable assurance that CoverTree’s service commitments and system requirements would be achieved based on the applicable trust services criteria if its controls operated effectively, and if the subservice organization and user entities applied the complementary controls assumed in the design of CoverTree’s controls.

The controls operated effectively to provide reasonable assurance that CoverTree’s service commitments and system requirements were achieved based on the applicable trust services criteria if complementary subservice organization controls and complementary user entity controls assumed in the design of CoverTree’s controls operated effectively.

CoverTree has been thoroughly examined and audited for the trust service criteria for security

CoverTree has been thoroughly examined and audited for the trust service criteria for security

Security commitments to user entities are documented and communicated in the privacy policy, terms of use, and other customer agreements, as well as in the description of the service offering provided online. Security commitments are standardized and include, but are not limited to, the following:

CoverTree policies ensure the Principle of Least Privilege. Security principles within the fundamental designs of the CoverTree applications are designed to permit system users to access the information they need based on their role in the system while restricting them from accessing information not needed for their role.

CoverTree policies classify the information into various kinds depending upon their level of confidentiality and sensitivity. Controls are well-defined per classification level for the acquisition, processing, storage, retention, and archival of the information, within CoverTree’s security policies.

Appropriate monitoring and observability are implemented within the CoverTree systems to identify and report any issues and incidents.

Regular vulnerability scanning is performed to ensure our systems are protected from any defects leading to potential security issues.

Use of encryption technologies to protect customer data both at rest and in transit.

CoverTree establishes operational requirements that support the achievement of security commitments, relevant laws and regulations, and other system requirements. Such requirements are communicated in CoverTree’s system policies and procedures, system design documentation, and contracts with customers. Information security policies define an organization-wide approach to how systems and data are protected. These include policies around how the service is designed and developed, how the system is operated, how the internal business systems and networks are managed, and how employees are hired and trained. In addition to these policies, standard operating procedures have been documented on how to carry out specific manual and automated processes required in the operation and development of CoverTree’s software systems.

For live monitoring of our security aspects, visit CoverTree’s Trust Monitor.

Request SOC 2 Report

Request SOC 2 Report

Get covered in minutes. Everything should be this easy.

Services
Company

CoverTree Inc. (CoverTree) is a Program Administrator for CoverTree’s Manufactured Home Program, underwritten by Markel American Insurance Company (Markel), located at 4521 Highwoods Parkway, Glen Allen, VA 23060. CoverTree is acting as the agent of Markel in selling insurance policies. CoverTree receives compensation based on the premiums for the insurance policies sold. Further information is available upon request. Subject to underwriting guidelines, review, and approval. Use of Covertree is subject to our Terms of Use, Privacy Policy, and Licenses.

CoverTree operates in the state of California (CA) as MHTree Insurance Services with CA license# 6009070.

Products and discounts not available to all persons in all states. All decisions regarding any insurance products, including approval for coverage, premium, commissions and fees, will be made solely by the insurer underwriting the insurance under the insurer’s then-current criteria. All insurance products are governed by the terms, conditions, limitations and exclusions set forth in the applicable insurance policy. Please see a copy of your policy for the full terms, conditions and exclusions. Any information on the Site does not in any way alter, supplement, or amend the terms, conditions, limitations, or exclusions of the applicable insurance policy and is intended only as a brief summary of such insurance products. Policy obligations are the sole responsibility of the issuing insurance carrier.

Rating as of March 1, 2022. AM Best ratings are under continuous review and subject to change. Please refer to Markel’s website for the most current information. The rating represents the overall financial status of Markel American Insurance Company, and is not a recommendation of the specific policy provisions, rates or practices of the issuing insurance company.

Copyright © 2022 CoverTree Inc. All rights reserved

×
powered by google