1. What types of information does RMS receive when you visit our website?
RMS may receive Personal Information or General Usage Information from you when you visit our website. By "Personal Information," we mean information such as your name, e-mail address, telephone number, login information, mailing address and other information which personally identifies you. RMS only receives Personal Information about you if you choose to provide it to us. For example, RMS receives Personal Information from you when you:
- Use the area of the website limited to registered users with a login ID
- Register for a RMS event, such as the Client Conference
- Register for a promotion or contest
- Apply for a job
- Ask us a question or send feedback using RMS contact information available on the website
RMS may also receive your Personal Information when our website directs you to a third party's website to complete one of the above transactions, such as a website that processes your registration and credit card information for an RMS event.
By "General Usage Information," we mean things like your browser information, your IP address, or other information regarding your use of the website.
2. How do we use the information we collect?
In general, we use your Personal Information to complete the transaction that you have requested from us. For example, we may use your Personal Information to:
- Establish or verify your identity when you use an area of the website limited to registered users
- Provide the products, services or user documentation which you have requested
- Process transactions and send notices to you about your transactions
- Respond to you about your job application
- Address the question or feedback which you have sent to us
We may also use your Personal Information to tell you about RMS news, events, products and services which we think may be of interest to you. In addition, we may use your Personal Information to seek feedback from you after you've purchased an RMS product or service, attended an event, taken a training course, or entered into some other transaction with us. If you do not wish to receive these types of communication from us, you can let us know in one of the ways described under "How can you contact RMS about your Personal Information," below.
With respect to General Usage Information, RMS may use this information to monitor, protect, maintain and improve its website.
3. With whom do we share the information we receive about you?
RMS does not sell your Personal Information or General Usage Information to anyone. Nor do we provide this information to non-RMS parties to market non-RMS products to you. RMS may share your Personal Information and General Usage Information with:
- RMS' employees, contractors and consultants (including employees, contractors and consultants of RMS' subsidiaries and affiliated companies), in the United States and elsewhere, who have a need to know your information to provide RMS products, services and information to you;
- Non-RMS parties who assist RMS with providing RMS products, services and information to you, such as vendors who help us with RMS event registration; and
- Non-RMS parties who assist RMS with its website who may have access to your information, such as web hosting providers
Whenever we provide your Personal Information to non-RMS parties, we enter into agreements with these parties that restrict use of your information only to the extent necessary for the non-RMS party to provide services to RMS.
4. How does RMS protect your Personal Information?
RMS protects your Personal Information by maintaining up-to-date physical, electronic and procedural safeguards. For example, we use computer safeguards such as firewalls and data encryption. In addition, we only allow employees to access Personal Information only when required to fulfill their job responsibilities.
RMS uses "cookies" to collect information about how our website is used. A cookie is a small data text file which a website stores on your computer's hard drive, if permitted by your web browser. A cookie can later be retrieved to identify you to us. For example, cookies can securely store a user's password, identify which parts of a site have been visited, and keep track of past selections.
Most browsers are initially set up to accept cookies. You can reset your browser to notify you when you have received a cookie, or alternatively, to refuse to accept cookies. However, you may not be able to use certain features on our website if you choose not to accept cookies.
6. How can you contact RMS about your Personal Information?
From time-to-time you may receive an e-mail or other communication from us regarding RMS products, services or information which we believe to be of interest to you. If you are not interested in receiving this information, you may follow the instructions on the communication explaining how you may be removed from our distribution list. Alternatively, or if there are no instructions on the communication, you may send an e-mail to firstname.lastname@example.org requesting removal from our distribution list. We will endeavor to take prompt action to process your request.
Please note that we may retain your information for archival purposes, as required by RMS' records retention policies, or as required by law.
You may send all other inquiries regarding your Personal Information, including requests to correct or update your Personal Information, to email@example.com.
1. RMS protects your data using enterprise-class security measures built on a security framework that implements best practices from ISO 27001, CSA STAR and the National Institute of Standards and Technology (NIST) standards.
2. You are in control of the data that you have entrusted to RMS; we will not compromise the trust you have placed in us. RMS has no access to your confidential data without your express consent, other than the exceptions mentioned below. When we do receive your consent, we will use your data only as you have permitted us to do so.
3. Ensuring your privacy as an RMS user is of utmost importance to us. Metadata generated when you use RMS is tightly regulated to ensure that it is only utilized for legitimate purposes, such as for operating and supporting RMS services that enhance your user experience and for security.
You own and control any data you upload, transfer, and generate with Hosting Plus and RMS(one). We call this data “Client Data.” Client Data includes your exposures, contract data, modeling assumptions, and the settings and model results you generate.
RMS implements and maintains strict organizational, procedural, and security controls to ensure we will not access your Client Data unless we receive your express consent. Once consent is granted, we will only use that Client Data for the specific purpose you permitted. The only exceptions to the restrictions on our access to and use of your Client Data, other than exceptions authorized by your express consent, will be if RMS must interdict a virus or malicious code embedded within your Client Data; take emergency measures to address system-wide threats; perform normal database operations as required by the database administrators on the RMS support team to ensure all service-level agreements are met; or comply with the requirements of law, such as a court order.
We may, from time to time, offer services pertaining to your Client Data that you may choose to engage us to perform. However, we will not perform any services involving your Client Data unless you opt-in for those services by signing a written agreement with RMS. Finally, we will never sell, publish, or distribute your Client Data to any third party.
When a user logs in to a hosted instance of RMS software or logs in to RMS(one), the system captures metadata about how the user accesses and uses the system and stores that metadata in auditable log files. We call this data “System Data.” System Data may include date/time stamps, clickstream data, information about what actions were requested by the user, and what user-requested jobs were performed.
RMS uses System Data to maintain the security of our systems, to operate them, and to provide you with support. For example, RMS will use System Data to enhance the user experience; optimize resource planning and system performance; determine usage fees (if applicable); report on utilization; respond to audit requests; determine compliance with performance commitments; monitor and identify any security breaches; and respond to technical support questions.
RMS may share System Data with certain third parties after the data has been aggregated and anonymized; no client will be identifiable when System Data is shared. The aggregated and anonymized System Data may be used by such third parties to enhance the RMS user experience, to better understand how you are using certain features and capabilities of the data or applications running on RMS, and for marketing purposes.
Contract Information for Concerns or Questions
RMS® Security Policy for RMS Hosting Plus™ and RMS(one)®
Maintaining the privacy of your data and your clients’ data is paramount to your business operations. RMS understands your data privacy concerns: You must ensure the privacy of your data to uphold the trust of your clients and business partners and you need to comply with legal directives and regulations. RMS addresses these concerns and requirements by integrating multiple layers of security — physical security, electronic security, and operational security — to ensure the privacy and protection of your data. Each layer of security is integral to the RMS infrastructure and its operation.
To ensure protection from unauthorized access; to thwart malware and other malicious activity; and to maintain the integrity of and high-availability access to your data, models, analyses, analytics, and applications, RMS implements the following security and data-privacy measures.
Strong Network Security
RMS network security combines advanced and hardened firewalls, intrusion detection and prevention systems, and ongoing log monitoring and analysis for threat prevention. To ensure that RMS network security defends against evolving threats, frequent vulnerability scanning is performed, supplemented by independent, third-party threat, vulnerability, and penetration assessments.
RMS uses best practices to encrypt all data in transit to and from RMS data centers and while stored “at rest.” In addition, data transferred between end users and RMS is also encrypted.
To minimize security risks, RMS employs the practice of system hardening and minimization (also referred to as “operating system hardening”). This means that operating systems are reduced to the minimum necessary capabilities: All nonessential software, services, protocols, modules, programs, utilities, accounts, and usernames are removed. Only essential network ports are opened, and they are protected by the network security measures. Antivirus and anti-malware scanning is also used to safeguard the foundational software from unwanted malicious software and security vulnerabilities.
Integrated Business Continuity
Ensuring data integrity and data availability is an integral aspect of how RMS keeps your data secure. Frequent backups and an RMS data center dedicated to maintaining your business continuity and disaster recovery (DR) are among the measures RMS has implemented so that your data is available when you need it.
The RMS infrastructure includes a data center in Iceland dedicated to business continuity and DR. The Iceland data center is geographically separate from the primary production data centers it supports and constantly receives critical data so that any RMS production data center can recover from a failure and resume production operation. Your data may be mirrored to the DR data center using encrypted transfers from any RMS production data center should you choose this option. Should a production data center experience a significant and extended outage, the DR data center is designed to include failover capability as a stand-in that provides business continuity. RMS regularly validates its DR data center and corresponding processes.
Physically Secure Hardened Data Centers
The RMS infrastructure is housed in multiple, strategically located, geographically separate, Tier III standards compliant data-center buildings that are designed to mitigate risks from natural and human-made disasters. Data centers are located in Iceland, Canada, and England. The Iceland data center is dedicated to business continuity and DR. Data centers in Canada and England are primary production data centers.
All data-center buildings are constructed and operated to restrict access only to authorized personnel. Multiple physical security measures restrict entry and access to the RMS infrastructure equipment to specifically authorized people. All RMS infrastructure equipment resides in private, locked cages within each data center. A limited number of authorized personnel with clearance vetted by third-party background checks and stringent security training can physically access RMS equipment.
Only the RMS cloud operations team has the access privileges and authority to perform scheduled maintenance and upgrades. All data-center access and system administrative activities are logged, monitored, and audited to be consistent with industry best practices.
Stringent Change Management and Restricted Access
High-level security is achieved from the inside out and holistically through a combination of technology and best practice–based policies and processes. RMS follows the change-management processes prescribed by the Information Technology Infrastructure Library (ITIL). RMS also follows the ITIL processes for incident management, release management, and problem resolution.
Comprehensive Monitoring, Logging, and Auditing
The RMS security operations team manages and monitors security and the integrity of all data stored and processed 24 hours a day, every day. With the aid of security information and event management (SIEM) tools, the security operations team can identify and proactively remedy potential security concerns through frequent review and analysis of RMS activity logs. The security operations team investigates all threats and anomalous activity so that any such activity and suspicious access vectors can be blocked.
Dedicated platform and infrastructure support teams also provide 24/7 monitoring and operational support to ensure your environment runs flawlessly. Database administrators who are part of these support teams have access to Client Data, but this access is solely to ensure all service-level and operational-level agreements are met for your systems. All access to systems is logged and is always auditable.
When your designated end users log in to RMS, specific information related to that end-user session is captured and logged onto auditable log files. The logged information includes how each end user accessed and used the features, capabilities, and functions of RMS, such as which end user logged in and what actions were requested and performed on their behalf. This information is only used to maintain security and to efficiently and effectively operate and administer RMS systems.
Clients may request logs of their specific activity and environment to review and audit by contacting our information security officer at:
Risk Management Solutions, Inc.
Attn: Senior Director of Information Security and Compliance
RMS has a commitment to maintaining your data privacy and integrity that is reinforced by highly experienced personnel following best practices overseen by a compliance director and reviewed by an executive-level governance council. RMS includes a suite of security and data-protection measures to ensure data privacy, data integrity, data availability, and high availability of services. Because RMS has implemented a multi-layered approach, application security, data privacy, and data-security requirements are part of the design, implementation, and quality assurance of our solutions. RMS has taken the necessary steps to put the people, policies, and technologies in place to provide the most secure and reliable platform for the insurance industry to quantify and manage risk.
RMS® Compliance Policy for RMS Hosting Plus™ and RMS(one)®
ISO 27001: The Global Standard for Security and Data Privacy
The RMS cloud operations team is dedicated to ensuring the ongoing operation and security of the RMS Cloud by following information controls prescribed by the ISO 27001 globally recognized information security management standard and best practices. By adhering to this information security management framework, RMS ensures effective security for confidential and private data by identifying and mitigating information security risks and by adapting RMS information security controls to accommodate evolving best practices.
Governmental Regulations and Directives
RMS will comply with all applicable governmental regulations.
European Union Data Protection Directive (Directive 95/46/EC)
RMS has taken explicit steps to ensure that you can comply with governmental directives and regulations, including the European Union Data Protection Directive. To allow you to comply with the requirements of this directive, you are in control of your data; RMS will only process your data as you explicitly agree, using specific contract language. Production data center locations have been strategically chosen within the European Economic Area (England) and in Canada (Toronto), plus a disaster recovery data center in Iceland, to enable you to comply with the European Union Data Protection Directive.
Cross Border Data Flow Segregation
RMS Hosting Plus and RMS(one) utilize data centers strategically located around the world. Your designated end users can access Hosting Plus and RMS(one) and the data you store within them from any location, provided that your end users have valid access credentials.
ALM, RiskBrowser, RiskLink, RiskSearch, RiskOnline, the RMS logo, and RMS are registered trademarks of Risk Management Solutions, Inc.
ExposureRefine, ExposureSource, and RiskTools are trademarks of Risk Management Solutions, Inc.
IRAS is a trademark licensed exclusively to Risk Management Solutions, Inc. by Stanford University.
All other trademarks are the property of their respective owners.
2. Use of this Website
This website includes pages that are publicly available to all users ("General Website"), and a restricted area that is only available to users to whom RMS has specifically permitted access ("Registered User Site").
In general, you may only use the General Website for your personal, informational, and non-commercial use, without modification or alteration of this website in any way.
Your use of the Registered User Site is subject to (i) the terms and conditions of your (or your employer's) agreement with RMS regarding use of the Registered User Site, if applicable; and (ii) any terms and conditions, restrictions and license agreements set forth in the Registered User Site with respect to the Content. You should presume that all Content in the Registered User Site is confidential and proprietary to RMS, and that you may not reproduce, copy, sell, publish, distribute, modify or display such Content unless specifically permitted in writing by RMS.
You agree not to remove or modify any copyright or other proprietary notices contained in this website.
3. User Content
You agree not to submit to RMS or this website any User Content that you are not authorized to submit, and that User Content does not and will not infringe upon any other party's Intellectual Property Rights. RMS undertakes no obligation to verify your right to use User Content or submit it to this website.
4. Registration and Passwords
Your access to the Registered User Site may require a user name and password ("User Login"). Any details you provide to us to establish or use your User Login must be correct, current and complete. You are responsible for maintaining the confidentiality of your User Login, and are fully responsible for all activities that occur under your User Login. You agree to notify us immediately, at firstname.lastname@example.org, of any loss, theft or unauthorized use of your User Login. RMS reserves the right to modify, revoke or refuse a User Login to you or any other party. In addition, RMS reserves the right to make some, all, or none of its website a Registered User Site.
Any software that RMS makes available for download from this website is the copyrighted work of RMS or its licensors. Your use of downloadable software is subject to the terms and conditions of the End User License Agreement ("EULA") applicable to the software, or the applicable written agreement between you (or your employer) and RMS regarding the software. Any other use is expressly prohibited by RMS. By downloading software from RMS' website, you also agree that you will not download, use or transmit any software in violation of any export control laws and regulations, including but not limited to U.S. and European export control laws and regulations.
You agreed to give us prior written notice, to email@example.com, if you wish to link any other web page to this website. Only a direct link to the home page may be made, without framing. We reserve complete discretion to refuse anyone permission to link to our website.
7. Prohibited Content and Conduct
Furthermore, you agree that you will not engage in any conduct in connection with this website, (including the submission of User Content) that:
- is illegal, misappropriated, infringing or dilutive;
- is inaccurate or misleading;
- is defamatory, libelous or in violation of anyone's privacy rights;
- is threatening or harassing;
- is obscene, offensive or otherwise inappropriate; or
- you do not have a right to engage in, including but not limited to providing inside information; or providing information that you are prohibited from disclosing because of your obligations to a current or former employer, or your obligations under a non-disclosure agreement with another party.
8. Third Party Websites and Information
RMS has no obligation to monitor, control or restrict the use of this website, or any third party websites available via links to this website. RMS is not responsible for the content, accuracy, compliance with laws or any other aspects of non-RMS websites. The inclusion of a link on RMS' website does not imply any endorsement, evaluation or verification of the linked site by RMS. Furthermore, RMS does not have any obligation to verify any User Content submitted by a user or to provide you with any information regarding any Content, User Content, third party (including third party websites, links or content) or user.
THIS WEBSITE, INCLUDING ANY CONTENT, LINKS, AND SOFTWARE PROVIDED IN CONNECTION WITH THIS WEBSITE ("ASSOCIATED MATERIALS"), ARE PROVIDED ON AN "AS IS" BASIS. RMS DISCLAIMS ALL WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, WITH RESPECT TO THIS WEBSITE AND ASSOCIATED MATERIALS, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, RESULTS, ACCURACY, COMPLETENESS, ACCESSIBILITY, COMPATIBILITY, SECURITY AND FREEDOM FROM COMPUTER VIRUSES. IF APPLICABLE LAW DOES NOT ALLOW THE EXCLUSION OF ANY OF THE ABOVE WARRANTIES, THE REMAINING EXCLUSIONS WILL APPLY TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW.
10. Limitation of Liability and Indemnification
RMS SHALL HAVE NO LIABILITY TO YOU, UNDER ANY CONTRACT, TORT, STRICT LIABILITY OR OTHER LEGAL THEORY, FOR ANY DAMAGES OF ANY KIND RELATING TO YOUR USE OR INABILITY TO USE THIS WEBSITE, ITS CONTENT, LINKS AND SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO LOST PROFITS, LOSS OF DATA, LOSS OF USE, LOSS OF GOODWILL, INTERRUPTION OF WORK OR COMPUTER OR SYSTEM FAILURE), EVEN IF RMS HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.
YOU AGREE TO INDEMNIFY, DEFEND AND HOLD HARMLESS RMS, INCLUDING ITS PARENT, SUBSIDIARY AND AFFILIATED COMPANIES, DIRECTORS, EMPLOYEES AND AGENTS OF THE FOREGOING, FROM ANY AND ALL DEMANDS, CLAIMS, ACTIONS, DAMAGES, LIABILITIES, EXPENSES OR HARMS, INCLUDING ATTORNEYS FEES, ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF THIS WEBSITE.
11. Dispute Resolution, Choice of Law, Etc.
12. Modification or Termination
RMS may, in its complete discretion, modify, edit, translate, suspend, restrict access to or terminate this website, Content or any link at any time without liability or prior notice. RMS may also, in its complete discretion, terminate any party's right or access to this website.
13. Contacting RMS
Risk Management Solutions, Inc.
Attn: General Counsel
7575 Gateway Blvd.
Newark, CA 94560
This notice addresses AB370, amending the California Online Privacy Protection Act, which requires website operators that collect personal identifiable information about California residents to disclose:
- how they respond to "Do Not Track" ("DNT") signals; and
- whether third parties collect personally identifiable information about users who visit the website.
1. What is DNT and a DNT signal?
DNT is a mechanism allowing a user of a website to control the tracking of their use of that website. A DNT signal is a request to a web application to disable its tracking of a user of a website.
2. How does RMS respond to a DNT signal?
RMS does not track users of www.rms.com and to such an extent, RMS does not respond to DNT signals.
3. Do third parties collect personally identifiable information about users of www.rms.com?
RMS does not authorize the collection of personally identifiable information of a user for online behavioral advertising purposes while the user is logged onto www.rms.com.