Royal Sun Alliance: Meeting the IT Compliance Challenge Head On

By Tara Hutton

October 3, 2008

RSA Insurance Ireland has announced that it will implement MetaCompliance, the leading Intelligent Policy Management solution from Baronscourt. This next stage of the company’s drive to automate IT Compliance processes will see RSA deploy the solution across its Irish operation, an action which will further strengthen the company’s already robust IT Security and Compliance framework. 

A Market Leader with a distinct IT Compliance Requirement:

RSA (formerly known as Royal & SunAlliance Insurance) is one of the leading non-life insurance companies in Ireland and part of the global RSA Insurance Group plc quoted on the London Stock Exchange. In Ireland RSA is the largest property insurer, a significant insurer of SME businesses and a leader in the development of bespoke commercial and personal lines insurance programmes for scale business partners.Therefore, it’s imperative that all RSA employees fully understand their responsibilities with regards to sensitive Customer and Business data.      

RSA Ireland have based their IT Security controls around the ISO27001 framework, enabling them to meet their obligations under the Financial Services Regulation, PCI DSS Directive and Data Protection Laws. In addition, Shane Fuller, the Information Security and Compliance manager for Ireland, wants to go further than simply maintaining the required level of IT Compliance, he is aiming to deliver a fully integrated approach to IT Risk Management.


“We were looking for a cost effective, efficient and secure method of affirming employee agreement with and understanding of our set of IT Security policies” said Fuller

A Market Leading IT Compliance Solution

Anna Kelpie, UK and Ireland Country manager for Baronscourt recognises the drive behind Fuller’s desire to surpass IT Compliance and achieve a higher level of security.  Her team worked closely with RSA Ireland to ascertain their requirements, and came up with a package that would directly meet the needs of one of the country’s leading insurers.  

“Ensuring that everyone in the organisation participates in establishing and maintaining the highest level of data confidentiality and integrity is a daunting task that can be most effectively achieved with the assistance of automation.  The MetaCompliance Suite of software greatly enhances RSA Ireland’s ability to meet their duty of care responsibilities.  This is achieved as a result of guaranteeing the repetition of key compliance processes and by having a centralised and auditable Policy Management system.”

Automating the IT Security Policy management process using MetaCompliance will result in several benefits for RSA Insurance Ireland:

• Inclusion of all user types within the IT Security Policy management programme, including 3rd party contractors and their associated employees;
• Integrated IT Policy management across multiple regulations;
• The ability to elicit and enforce a 100% response across all user types;
• The availability of both granular and high level reporting intelligence;
• The functionality to test and enforce user understanding of policies through continuous assessment;
• Increased staff awareness and accountability with regards to IT Security.

Fuller explains why RSA Ireland chose to deploy MetaCompliance:

“We chose the MetaCompliance solution from Baronscourt as it is the only product on the market capable of ensuring a guaranteed response from staff. There is also an obvious opportunity to use the solution in other areas of our Business to provide a fully integrated and consistent approach to policy distribution and management.”

In 2008 data security breaches have become part of our national consciousness, with major incidents announced on an almost weekly basis.  It is therefore encouraging to see a company, such as RSA Insurance Ireland, taking such a proactive approach to IT Security. 

More News