Cloud Provider Assessment Model (CPAM) is available via a free download from the Oceanwide website, the company said. It relies on a series of multiple-choice questions to gather data for comparative rating purposes, rather than typing answers into an RFI. The answers then are scored, enabling insurers not only to assess risk, but to compare providers and solutions side by side.
CPAM organizes questions into a set of standard security domains weighted to insurance industry needs, including regulatory compliance, risk management and information security, Oceanwide said. To design the security domains and questions, the Oceanwide team relied on SaaS solutions experience, and information gathered from requests for information and industry standards, such as PCI and ISO 27000 Series.