Compliance Solved.
Audit Ready.
Senate Bill 134 enforcement is active. All licensees must maintain a Written Information Security Program (WISP) and conduct annual risk assessments. We make it easy.
What is Required?
The law isn't just about having a firewall. It requires documented governance. If you are an independent agent or agency owner, you are personally responsible.
Statutory Obligations
Chapter 39, SLA 24
-
Annual Risk Assessment
You must identify and assess risks to Nonpublic Information (NPI) annually.
-
Incident Response
Strict 72-hour timeline for notifying the Division of Insurance in event of a breach.
-
Vendor Oversight
You must exercise due diligence in selecting third-party service providers.
SB 134 Fast-Track
The "Agent Kit"
A fixed-fee package designed for independent agents and small brokerages.
- Custom WISP Generation
- Annual Risk Assessment Report
- Incident Response Template
- 1-Hour Consultant Review
Agency Virtual CISO
For larger agencies needing ongoing support and third-party vendor management.
- Quarterly Security Review
- Staff Phishing Training
- Vendor Contract Reviews
- Board Reporting
Common Questions
Yes. Unless you meet specific exemption criteria (very low revenue or employee count), you must comply. Even exempt licensees must still report incidents.
You can, but it's risky. Your WISP must accurately reflect *your* specific technical controls. A generic template stating you use "complex passwords" when you don't will fail an audit.
Compliance Library
Building Your WISP
Step-by-step guide to the Written Information Security Program required by SB 134.
Top 10 Mistakes
Common pitfalls agencies make when self-assessing risk.
Certification Checklist
What documents to have ready before you sign the annual statement.
Secure Your 2026 Renewal
Get compliant today. Simple, flat-rate, and Alaska-specific.