Request for Information

Ask Us Anything

We believe access to information is critical during the software selection process. We’ve done everything we can to make sure you have easy, online access to our products, pricing, and company information straight from our website. Below is a list of frequently asked questions we receive from carriers. Feel free to browse through this generic product and company information or contact us directly with additional RFIs or RFPs at

Company Overview

  1. What is the name of your company?
  2. Provide a general background of your company.
  3. When was your company founded?
  4. Where is your company located?
  5. From what location(s) is your solution supported?
  6. List the person(s) to be contacted for RFIs and RFPs.

Solution Overview

  1. What is the name of your company's solution?
  2. When was your solution first released?
  3. When was your solution was last re-architected?
  4. Provide a general overview of your solution.
  5. What components are included with your system.
  6. How much does your company spend on R&D for the solution?
  7. How many companies are currently using your product?
  8. How many companies are using the latest release of your product?
  9. How often do you release updates to your product?
  10. How many employees are currently supporting your product?

Strategic Questions

  1. What differentiates your solution from other solutions?
  2. What differentiates your company from other companies?
  3. What do your clients rave about when discussing your company or your solution to others?
  4. What major trends are you tracking in the insurance and technology industry?
  5. How do you see these trends affect your products and services?
  6. Who are your strategic partners?
  7. Who provides direction for your company and your products?
  8. Do you host any user group meetings for your users?
  9. What competitive enhancements have been made to your system this year?
  10. Please describe other value-added services your company offers.

States and Lines

  1. List the states in which you currently write business.
  2. List the Lines of Business your solution currently supports.
  3. List the Lines of Business your company plans to support.

Technical Architecture

  1. Describe BriteCore's technical architecture.
  2. Describe BriteCore's development process.
  3. Describe the current operating system.
  4. Describe the supported database environment.
  5. What open source products or vendors are included in your offerings?
  6. List the technology used to host your system and the advantages of using that technology.
  7. Provide a list of your system's requirements.
  8. Does the system support mobile technologies (tablets, smartphones, etc.)?
  9. Describe your programming language model.
  10. How is the UI of the base system modified/maintained?
  11. Can the UI be customized to create a unique experience for Agents?
  12. Describe the browsers and associated versions you support.

System Administration and Maintenance

  1. What tools are available for modifying or configuring both current and new lines of business?
  2. What tools are available for configuring the system in order to support specific business rules.
  3. Describe the skill levels required to use Britecore. What should business users be expected to do?
  4. What design features does the solution incorporate to support ease of use and maintenance?


  1. Describe your implementation approach and/or process.
  2. Describe the installation process.
  3. What major skill sets are needed from the carrier’s side to encourage successful implementation?
  4. What variables determine the timeframe of the implementation?
  5. Do you implement carriers directly or do you utilize a third-party vendor?
  6. What assistance do you provide in identifying business requirements?
  7. Describe your issue resolution and escalation process during implementation.
  8. Based on your experience, what are the biggest barriers to a successful implementation?
  9. What advice would you give to carriers who are entering the discovery and implementation phase?


  1. Provide an overview of Policy Administration.
  2. Provide an overview of Claims Management.
  3. Provide an overview of Rules and Rating.
  4. Provide an overview of Reports and Extracts.
  5. Provide an overview of Contact Management.
  6. Provide an overview of Billing.
  7. Provide an overview of Imaging and Printing.
  8. Provide an overview of Settings.
  9. Provide an overview of Agent Quoting and Inquiry.

Risk Assessment

  1. Do you currently have a risk assessment plan in place?
  2. Do you have security policies in place to help protect client data?
  3. Have those policies been reviewed within the last 12 months?
  4. Is there an information security officer responsible for security initiatives within the organization?
  5. Is there an asset management policy or program in place?
  6. Are information assets classified?
  7. Is there insurance coverage for business interruptions or general services interruption?
  8. Are there assigned security roles and responsibilities for BriteCore and IWS?
  9. Are new hires required to sign any agreements upon hire?
  10. Is there a security awareness training program or documentation?
  11. Is a Business Impact Analysis conducted at least annually?
  12. Is there an internal audit, risk management or compliance department?
  13. Is there a dedicated person (or group) responsible for privacy compliance?
  14. Is there a formally documented privacy policy (or policies)? If yes, describe.
  15. Are there regular privacy risk assessments? If yes, provide frequency and scope.
  16. Is there formal privacy awareness training for employees, contractors, volunteers (and other parties, as appropriate)?

Disaster Planning

  1. Is there a disciplinarily process for non-compliance with information security policies and is it clearly communicated to affected personnel?
  2. Is there a constituent termination or change of status process?
  3. Is there an Incident Management program?
  4. Is there a documented policy for business continuity and disaster recovery?
  5. Is there a Pandemic Plan?
  6. Is there a process for responding to a privacy incident?
  7. Is there a document retention program that isolates protected subsets of sensitive or confidential information for special handling?
  8. Are system backups of Scoped Systems and Data performed?

Data Access

  1. Do external parties have access to Scoped Systems and Data?
  2. Is a background screening performed prior to allowing constituent access to Scoped Systems and Data?
  3. Do third party vendors have access to Scoped Systems and Data?
  4. Are there external network connections (Internet, intranet, extranet, etc.)?
  5. Is wireless networking technology used?
  6. Is Scoped Data sent or received electronically or via physical media?
  7. Are Web services provided?
  8. Are electronic systems used to transmit, process or store Scoped Systems and Data?
  9. Are unique user IDs used for access?
  10. Are passwords required to access systems transmitting, processing or storing Scoped Systems and Data?
  11. Is remote access permitted?
  12. Are business information systems used to transmit, process or store Scoped Systems and Data?
  13. Is personal information about individuals transmitted to or received from non-US countries?

Privacy Policies

  1. Is personal information collected directly from individuals as a service to the client?
  2. If the service provider hosts and/or maintains (as a service to the client) data about an individual, does the organization provide appropriate controls to ensure the privacy of that data?
  3. Is personal information - provided by the client - shared with other third parties within the US only?
  4. Is personal information - provided by the client - shared with other third parties outside of the US?
  5. Are there appropriate contractual controls to ensure that personal information shared with other third parties is appropriately protected by the third party?
  6. Are there documented controls and procedures to appropriately safeguard personal information about individuals?
  7. Does the information security program address the protection of personal information separately from other information (such as proprietary business information)?
  8. Does the information security function regularly communicate and collaborate with the privacy function (if the two functions are separate)?
  9. Is there a process for ensuring the accuracy and currency of personal information at the direction of the client?
  10. Is there a process to ensure that the personal information provided by an individual is limited for the purposes described in the organization's privacy notice?
  11. Are employees, contractors, volunteers (and other parties, as appropriate) regularly monitored for privacy compliance?
  12. Are third-party service providers regularly monitored for privacy compliance?
  13. Are appropriate sanctions applied to employees, contractors, volunteers (and other parties, as appropriate) who violate privacy policies?
  14. Is there a process for employees, contractors, volunteers (and other parties, as appropriate) to notify privacy compliance personnel of an actual or suspected privacy breach?

Physical Security

  1. Is there a physical security program?
  2. Are reasonable physical security and environmental controls present in the building/data center that contains Scoped Systems and Data?
  3. Are visitors permitted in the facility?
  4. Are Management approved operating procedures utilized?
  5. Is there a removable media policy or program in place for CDs, DVDs, tapes, disk drives?

Application Security

  1. Is application development performed?
  2. Is there an operational change management / change control policy or program that has been approved?
  3. Is there an anti-virus / malware policy or program in place?
  4. Is there a formal Software Development Life Cycle (SDLC) process?
  5. Are systems and applications patched?
  6. Is a web site supported, hosted or maintained that has access to Scoped Systems and Data?
  7. Are vulnerability tests (internal/external) performed on all applications at least annually?
  8. Are encryption tools managed and maintained for Scoped Data?
  9. Is there an annual schedule of required tests?
  10. Are BC/DR tests conducted at least annually?


  1. What is the cost for implementation?
  2. What is the cost for support?
  3. What is the cost for hosting?
  4. What is the cost for third party vendor integrations?