Independent agencies, MGAs, and brokerages trust IT Center to keep AMS360, Applied Epic, and Hawksoft running securely — while maintaining full GLBA Safeguards Rule 2023 compliance, a documented WISP, and airtight protection for every producer's policyholder PII. One flat rate. Zero surprises.
The Real Risks
Insurance agencies sit at the intersection of high-value personal data and complex multi-party transactions — making them prime ransomware and BEC targets. These are the four threats we eliminate for agencies across Southern California.
When a producer leaves your agency — or gets phished — their access to AMS360 or Applied Epic client records doesn't always disappear. Without role-based access controls, automated offboarding, and session monitoring, ex-producers can walk out with your entire book of business. We lock down every endpoint and revoke credentials within minutes of a departure notification.
High RiskRansomware groups specifically target AMS platforms because policy data — including SSNs, DOBs, property addresses, vehicle VINs, and financial information — commands high prices on dark web markets. A single encryption event can shut your agency down for days, destroy carrier relationships, and trigger a mandatory CA DOI breach notification. Our immutable backup architecture and AI-driven behavioral detection stop attacks before encryption begins.
CriticalBusiness Email Compromise attacks impersonating carriers or wholesalers redirect premium remittances and binding deposits to fraudulent accounts. With agency transactions routinely exceeding $50,000 per wire, a single successful BEC can be financially devastating. We deploy DMARC/DKIM/SPF enforcement, AI-powered email anomaly detection, and mandatory dual-authorization workflows for all outbound wire transfers.
High RiskErrors & Omissions carriers increasingly scrutinize cyber hygiene during renewal. Agencies without a documented WISP, current penetration test results, or verified MFA on carrier portals are seeing premiums spike or coverage denied entirely. An unaddressed GLBA Safeguards gap creates a paper trail of negligence that can follow an agency through regulatory investigations, civil litigation, and E&O disputes. We close those gaps before they become liabilities.
Compliance RiskWhat We Do
Every service in our $300/computer user flat rate is designed around the operational realities of independent agencies, MGAs, and brokerages — not one-size-fits-all MSP packages built for general offices.
Unlimited support for all agency staff — producers, CSRs, accounting, and management — via phone, chat, and remote session. We cover workstations, laptops, printers, and agency-issued mobile devices with no per-ticket billing. Average response under 4 minutes for P1 issues affecting AMS or carrier portal access.
The 2023 GLBA Safeguards Rule requires insurance agencies that qualify as financial institutions to implement a comprehensive Written Information Security Program. IT Center creates, maintains, and tests your WISP, conducts annual risk assessments, and documents all the controls the FTC and CA DOI expect to find during an examination.
Your remote producers are your highest-risk endpoints — working from home offices, coffee shops, and client locations with access to the same policyholder data as in-office staff. We deploy enterprise EDR (Endpoint Detection and Response), DNS filtering, VPN enforcement, and device compliance policies that keep remote producers secure without limiting their productivity.
Business Email Compromise is the leading cause of financial loss for insurance agencies. We implement multi-layered email security that stops impersonation attacks, flags wire transfer requests, and gives your staff real-time warnings when an email fails authentication checks or originates from a suspicious location.
If your AMS360 or Applied Epic instance goes down — whether from ransomware, hardware failure, or a corrupted update — your agency cannot quote, bind, or service clients. We implement immutable, air-gapped backups with tested recovery playbooks that restore your AMS environment to a defined recovery time objective (RTO) of four hours or less.
Managing MFA across 40+ carrier portals, rating platforms, and wholesale broker extranets is one of the most operationally painful aspects of running an agency. IT Center deploys Single Sign-On (SSO) solutions that centralize carrier portal access, enforce MFA consistently, and eliminate the password sprawl that leaves agencies vulnerable to credential stuffing attacks.
Role-based access is the cornerstone of both GLBA compliance and protecting your book of business. We implement least-privilege access models so personal lines producers cannot access commercial accounts, new hires cannot see premium financials, and departing employees lose all system access in minutes — not days after IT finds out.
Our AI-powered Security Operations Center monitors your agency environment 24/7 for threats that standard antivirus cannot detect — lateral movement, credential harvesting, anomalous AMS queries, and unauthorized data exports. When an incident is confirmed, our IR team engages in under 15 minutes and provides a full written report suitable for CA DOI, E&O carriers, and cyber insurers.
Compliance
Insurance agencies are regulated as financial institutions under the Gramm-Leach-Bliley Act. The FTC's 2023 Safeguards Rule updates significantly expanded the technical and administrative controls required. Here is what the law demands and how IT Center delivers it.
Platform Support
IT Center engineers have hands-on experience with every major insurance AMS platform, rating engine, and carrier integration tool used by independent agencies in Southern California. We understand the infrastructure requirements, backup considerations, and security configurations specific to each platform.
AMS360 is the most widely deployed AMS in the independent agency channel. IT Center supports AMS360 hosted and on-premise deployments, SQL Server backend maintenance, integration with Vertafore's Real Time and Download services, and IVANS connectivity. We ensure AMS360 meets GLBA Safeguards encryption and access control requirements.
Applied Epic's browser-based architecture introduces specific security considerations around session management, API integrations, and the Applied Pay payment processing module. IT Center configures conditional access policies for Applied Epic, manages the Azure AD integrations Applied Systems recommends, and supports Epic's carrier connectivity and download configurations.
Hawksoft is the preferred AMS for small-to-midsize independent agencies seeking a simpler, cost-effective platform. IT Center supports Hawksoft's Windows-based deployment model, manages the SQL Express or full SQL Server backend, and ensures Hawksoft backups are captured, tested, and retained in compliance with your WISP retention policy.
EZLynx serves as both a comparative rater and a lightweight AMS for agencies seeking a cloud-first approach. IT Center secures the endpoints used to access EZLynx, manages SSO integration, and ensures that EZLynx's carrier data transmissions are protected by enforced TLS and proper DNS filtering to prevent man-in-the-middle exposure.
QQCatalyst's cloud-hosted model places the AMS outside your perimeter, meaning endpoint security and identity management become the primary control surfaces. IT Center configures MFA enforcement for QQCatalyst, manages API key security for integrations, and ensures your agency's QQCatalyst access complies with GLBA access control requirements.
IVANS Transformation Station and carrier download configurations are a frequent source of data integrity and security issues for agencies. IT Center manages your IVANS connections, troubleshoots download failures, and ensures that the SFTP credentials and API tokens used for carrier data exchange are secured in a privileged credential vault with rotation schedules.
Microsoft 365 is the productivity backbone of virtually every insurance agency. IT Center manages your M365 tenant security, configures Defender for Business, implements Purview data loss prevention policies to flag outbound emails containing SSNs or policy numbers, and manages SharePoint / Teams governance to prevent unauthorized sharing of policyholder documents.
E-signature platforms transmit signed applications, binders, and policy documents containing policyholder PII. IT Center manages the identity verification configurations in DocuSign and similar platforms, ensures envelopes are routed only to verified recipient email addresses, and monitors for unauthorized envelope creation that could indicate a compromised account.
Why IT Center
Most MSPs treat insurance agencies like any other small business office. We treat you like the financial institution the GLBA says you are — with the security posture, documentation, and specialized knowledge your regulators and E&O carriers expect.
Our team understands the difference between a personal lines CSR workflow and a commercial lines producer workflow, how carrier downloads work in AMS360, why IVANS connectivity issues happen on Monday mornings, and what E&O carriers actually look for during renewal assessments. We do not need a tutorial on your business.
At $300 per computer user per month, you get everything — monitoring, help desk, backup, WISP maintenance, security training, and incident response. When a ransomware event or breach occurs, you are not receiving an emergency services invoice on top of the crisis. Our response is included.
You cannot enforce your office's firewall on a producer working from their kitchen table. We deploy zero-trust network access (ZTNA), per-device compliance enforcement, and behavioral monitoring that secures remote producers the same way we secure in-office staff — without limiting their ability to quote and bind in the field.
We have seen agencies produce a WISP template from the internet, sign it, and file it away. That is not compliance. IT Center writes your WISP from scratch based on your specific systems and data flows, then updates it at least annually and every time you add a carrier, integration, or producer. It is always current and always defensible.
Enforcing MFA across 40 carrier portals is operationally painful without the right identity infrastructure. We deploy a centralized SSO and MFA solution that gives your producers a single authenticated session for all their carrier portals — satisfying GLBA requirements without the help desk tickets and frustration of managing portals individually.
When your E&O carrier sends the annual renewal questionnaire asking about MFA, EDR, backup testing, and security training, we provide the written attestation and evidence documentation you need. We also prepare the technical exhibits required by cyber liability carriers underwriting your agency's cyber policy.
We serve agencies throughout the Inland Empire, Los Angeles, Orange County, and San Diego. We understand the local regulatory environment, can appear on-site at your Corona, Riverside, San Bernardino, or LA-area office for hands-on work, and are available during Pacific Time business hours without routing through an offshore help desk.
California's 72-hour breach notification requirement to the CA DOI is one of the shortest regulatory response windows in the country. When an incident occurs, our incident response team is already engaged, documenting scope, and preparing the CA DOI notification materials — so you meet the deadline with a defensible, factual response rather than a frantic guess.
| Capability | IT Center | Generic MSP |
|---|---|---|
| GLBA Safeguards WISP authoring | ✓ Included | ✕ Extra cost or not offered |
| AMS360 / Applied Epic / Hawksoft support | ✓ Deep knowledge | ~ Limited / pass-through to vendor |
| Remote producer endpoint management | ✓ Zero-trust ZTNA | ~ Basic VPN if available |
| Carrier portal SSO and MFA enforcement | ✓ Centralized SSO | ✕ Per-portal manual setup |
| BEC wire fraud prevention | ✓ AI + policy controls | ~ Standard spam filter only |
| Incident response included in flat rate | ✓ Always included | ✕ Emergency billing applies |
| CA DOI breach notification support | ✓ Included | ✕ Refer to attorney |
| E&O renewal attestation documentation | ✓ Written deliverable | ✕ Not provided |
| Annual risk assessment (written) | ✓ GLBA-compliant | ~ Vulnerability scan only |
| Pricing model | ✓ $300/computer user flat rate | ✕ Per-device + hourly overages |
Get Started
In 30 minutes, IT Center will evaluate your agency's current security posture against the GLBA Safeguards Rule 2023 requirements, identify the top three compliance gaps, and give you a clear, actionable roadmap — with no obligation and no sales pressure.
1159 Pomona Rd Suite B · Corona, CA 92882 · sales@itcosc.com
We respond within one business hour. No spam. No pressure.