Skip to main content

Do I have to certify my information security program?

If you are an insurer who is domiciled in Michigan, then you must submit a written statement to the Department of Insurance and Financial Services certifying that your information security program is in compliance with the requirements of MCL 500.555 utilizing FIS 2360: Information Security Program Annual Certification. You are exempt from certifying your information security program if you meet any of the following conditions:

(A) You have fewer than twenty-five employees; independent contractors are included in this count.

(B) You are subject to and in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191.