Skip to content

Open GI


Business-focussed data security testing provides rock-solid privacy assurance

The security of Open GI’s software platform is critical to its entire business; that’s why the organisation engaged our team of data privacy and security experts to continually test its products and infrastructure.


Key successes

  • refresh

    Provided ongoing penetration testing of software and infrastructure, based on industry best-practice

  • list

    Identified potential vulnerabilities, characterised in terms of business risk

A highly targeted approach

Open GI’s software solutions are trusted across the insurance industry, handling huge volumes of highly sensitive customer data, meaning that any breach in security would have potentially disastrous consequences for all parties. Since 2010, our experienced data security team has conducted a rolling programme of penetration testing looking for potential weaknesses that could be exploited by increasingly sophisticated cyber criminals.

Certified by CREST (Council of Registered Ethical Security Testers) and NCSC (National Cyber Security Centre), our penetration testing process itself is highly targeted, scoped around particular subsets of systems or types of data, as the client requests. Rather than simply trying to break in and disrupt, our bespoke methodology – tuned for Open GI in line with security industry best practice – is designed to give a fuller picture of the security posture of an application or piece of critical infrastructure.

This creative, ingenious approach – combined with a deep understanding of Open GI’s business – gives our team a strong focus on real-world risk. Where a more commoditised penetration testing provider might simply return a ‘laundry list’ of the issues it uncovers, we are able to contextualise every potential weakness, in terms of the data being exposed and the type of misconfiguration.

For example, if a web application is not being delivered over a secure connection, the real-world risk – and therefore priority for remediation – is very different, depending on whether it can be accessed over the open internet, or perhaps only via a wired connection on-site.

The confidence to do business

With security weaknesses identified and remediated through rigorous testing, Open GI’s hosted solutions have never suffered a real-world data breach, earning it a rock-solid reputation as a trusted partner to the insurance industry. Penetration testing is about continual improvement and, accordingly, an increasing focus on 'security by design' has seen the number of identified critical flaws decrease year-on-year.

Supported by our ongoing, methodical, best-practice testing regime, Open GI is also in the process of applying for PCI DSS accreditation (the Payment Card Industry Data Security Standard), which will further bolster trust among customers new and existing.

The main reason we use PA for our penetration testing is that they’re able to blend best-practice methodologies with technical expertise and, most importantly, a deep understanding of our business.

Gary Webb,
Data Protection Officer at Open GI

Enjoyed? Share this story

With a strong focus on real-world risk, our diverse team of penetration testing experts has worked with @Open_GI since 2010 to ensure the #privacy of highly sensitive customer data. Read the story here >> #PowerOfIngenuity

Contact us

Elliot Rose

PA cyber and data privacy expert