RLI Security Policy

At RLI, protecting your data is our first priority. We have a number of frameworks and controls to ensure that data risk is effectively mitigated:

• We align our processes and technology to both the ISO 27002:2013 and NIST Cybersecurity frameworks. This provides systematic identification, protection, detection, and response and recovery techniques.
• We are Payment Card Industry (PCI) compliant.
• Our websites are SSL (TLS) encrypted, providing the top tier of website security.
• We perform regular scanning of both our external websites and internal applications.
• All employees are subject to annual security awareness training.
• Our Information Technology controls are governed by Sarbanes-Oxley (Sox), and we undergo annual IT Sox compliance audits.
• All our internal laptops and desktops utilize full-disk encryption.

We have a dedicated RLI Security Team that is diligent in protecting your information, and providing a quick and effective response to any new cybersecurity threats.