• Skip to main content
  • Skip to primary sidebar

Information Security Management ResourceKit

A Public Service of SecureTheVillage

  • Home
  • Return to SecureTheVillage

Insurance Considerations in Hiring an IT Organization

Certificate of Insurance

Ask the organization to provide a certificate of insurance naming the above entities as Additional Insureds on behalf of the above entities per written contract. A blanket additional insured endorsement is acceptable with language such as: “only where this form is specifically requested by an executed contract” and must be accompanied by an approved contract. Otherwise, please provide endorsement(s) evidencing additional insured status with the certificate for products and completed operations and ongoing operations (CG 2010, CG 20 37, CG 20 33 or equivalent). All names must be listed on the endorsement as additional insureds. Insurance companies must be an A Rated VIII Carrier or better.

Required minimum limits of no less than

General Liability         $1,000,000     Per Occurrence incl. Products and Completed operations

$2,000,000     Per Aggregate

Auto Liability              $1,000,000     Combined Single Limit

Umbrella Liability       $1,000,000     Per Occurrence

$1,000,000     Per Aggregate

Policy endorsement naming the entities listed above as primary and non-contributory and waiver of subrogation is recommended.

Cross liability exclusion will be amended for claims brought by the above entities as additional insured if needed.

Workers Compensation

Certificate of insurance evidencing proof of workers compensation with limits not less than:

Workers Compensation                      $1,000,000      Per Accident\Disease\Aggregate

Endorsement providing waiver of subrogation is on workers compensation may be considered.

Professional Liability

Professional Liability covering the full scope of services and activities performed by the IT company.

Technology Errors & Omissions    $1,000,000     Per Occurrence

$2,000,000     Aggregate

Other Requirements

Coverage considerations including but not limited to the following should be required:

  1. Acts, errors, or omissions arising out of professional services or products.
  2. Network Security Liability.
  3. Privacy Liability.
  4. Third party notifications costs.
  5. Media Liability as required.

 

Contributed by 
Howard A. Miller, CRM, CIC
Vice President, LBW Insurance | Financial Services
SecureTheVillage Board of Directors
SecureTheVillage Leadership Council

© Copyright 2017. Howard Miller, CRM, CIC. All Rights Reserved.

Filed Under: Managing Cyber-Risk and Insurance

Primary Sidebar

Resources Areas

  • Cyber Threats
    • Ransomware
    • Online Bank Fraud
  • Information Security Management / Leadership
  • Information Security Policies and Standards
  • Information Security Risk Assessment
  • Information Classification and Control
  • Securing the Human
  • Third-Party Security Management
  • Managing Security of the IT Infrastructure
  • Legal & Related
    • Basic Cyber Laws
    • Payment Card Industry Data Security Standard (PCI DSS)
    • General Data Protection Regulation (GDPR)
    • California Consumer Privacy Act (CCPA)
    • Cybersecurity Maturity Model Certification (CMMC)
  • Getting Cyber-Prepared: Incident Response & Business Continuity
  • Managing Cyber-Risk and Insurance
  • Personal Cybersecurity
  • Cyber Freedom

Copyright © 2023 · SecureTheVillage