Life at Cover-More is caring, committed and packed with opportunity.

Cover-More People

Digital trust

Each year, millions of travellers trust us to protect their journeys at home and abroad.

Their information is also protected thanks to our rigorous processes, and our compliance with global security requirements. We are certified to ISO 27001:2022, the international standard for information security.

OUR COMMITMENT TO YOU

At Cover-More Group, we are committed to maintaining a secure digital environment our customers can trust to protect and secure their personal data.

 

Our commitment to safeguarding this sensitive information is supported by internationally-recognised accreditations:

  • ISO/IEC 27001:2022. We have a group-wide ISO certification, an international standard which helps organisations minimise the risk of data breaches and data security threats through robust processes.
  • PCI DSS. We meet the Payment Card Industry Data Security Standard, a global security framework designed to protect payment card data and reduce fraud.
  • SOC 2 Type II. This is an audit report that shows how well we protect data. It provides assurance that our systems and processes meet specific Trust Services Criteria (TSC) including security, confidentiality and privacy.

Information security at Cover-More Group

At Cover-More Group, protecting the confidentiality, integrity, and availability of information entrusted to us by our travellers, employees, and partners is a top priority. Our information security framework is built upon internationally recognised standards, including ISO/IEC 27001:2022, and our controls are continuously refined to address evolving cyber threats.

Our approach to information security is centred on:

  • Integrating people, processes, technology and data to create a robust and resilient security posture
  • Assessing both internal and external risks, considering historical, current, and emerging threats.
  • Human-centered – building awareness and vigilance across our employees and partners is a key priority.
Our information security framework

At Cover-More Group, we follow a series of protocols designed to maintain a secure digital environment that safeguards our customers’ information.

Data classification and ownership

We treat personal data with the utmost confidentiality, adhering to global data privacy standards.

Access control

We adhere to the principle of least privilege – a critical concept in information security – by giving users the minimum levels of access needed to perform their role.

We employ advanced identity and access management systems to ensure secure and unique user access. Administrative access undergoes stringent approval processes and regular reviews, with enhanced security measures in place. Remote access is restricted to authorised users and secured through multi-factor authentication and zero trust principles.

People and physical security

All our employees and third-party suppliers undergo thorough screening during the recruitment process. Mandatory training in data security, privacy, and our code of conduct is provided, with regular updates and specialised training for specific roles. Our offices are secured with access control systems, and sensitive areas, such as data centres, have additional physical and technical access controls. Compliance with security policies is mandatory, and violations may lead to disciplinary action. We maintain an inventory of physical IT assets to ensure proper management and protection.

Security operations

Our Security Operations team conducts regular scanning and auditing of our network and systems to ensure any malicious or unauthorised activity is detected and managed appropriately. We have a structured process for managing, responding to, and reporting cyber incidents 24x7x365 leveraging best of breed technologies and security partnerships. Our change management process ensures that technical changes are handled efficiently to avoid incidents and improve service quality. All changes are governed and audited by a change approval board to maintain operational excellence.

System and software development lifecycle management

We adhere to a rigorous development methodology for system changes and developments. All changes are first developed and tested in non-production environments before being moved to production through a controlled process, ensuring segregation of duties. We prioritise security practices in the software development lifecycle, with testing for vulnerabilities, including code reviews and penetration testing.