Data Security and Governance

---

Your role in data security and governance is integral to the protection of your information within the Guidewire Cloud. Under the shared responsibility model, while Guidewire secures the underlying cloud platform, you are directly responsible for the security of your data, configurations, and access.

This section outlines our recommended controls and best practices to help you uphold this responsibility.

Principle 1: Data Classification is Your Foundation

All security decisions begin with a clear understanding of your data. You cannot protect what you have not identified.

• Control Objective: You should create and maintain a data classification inventory for all sensitive data within your system, including Personally Identifiable Information (PII) and financial data, before go-live.
• Control Objective: You should maintain a corresponding inventory of all third-party integrations and their associated data flows.
• Control Objective: You should not use production PII in lower-level environments (for example, Dev, Test) unless it's explicitly authorized and appropriately masked.
  • Example: A testing team copying production data into a development environment should first mask or anonymize all PII to meet its privacy obligations.
• Control Objective: You should configure all application and workflow services to ensure logs do not capture PII. This is a critical control to prevent data leakage.

Principle 2: Protect Data with Layered Controls

A multi-faceted approach to data protection is required, combining proactive masking of data in non-production environments and proper use of platform encryption services.

• Control Objective: Mask Data in Non-Production Environments: You should use data masking on all PII in non-production environments that contain copies of production data. This is a critical control to prevent data leakage during development, testing, and support activities. To fulfill this responsibility, you can use your own external data masking tools by leveraging the Snapshot Export service to export and re-import sanitized data.
  • Example: Mask more fields for developers than for underwriters, and verify that no PII is accessible in Explore samples sent to external AI-based systems.
• Control Objective: Secure All Secrets: All sensitive information, such as API keys and credentials, should be managed through the designated Guidewire Cloud service for secrets management. You should never store secrets in plaintext within configuration files, source code, or runtime properties.
• Control Objective: Use Platform-Managed Encryption You should not implement or use any custom or unapproved encryption schemes. You should use the built-in, FIPS-validated platform encryption controls for data at rest and in transit.

Principle 3: Enforce Strict Access and Configuration Hygiene

How data is accessed and modified is as important as how it is stored.

• Control Objective: Direct database modification via SQL is strictly prohibited. All data manipulation should be performed through the provided application APIs.
• Control Objective: Ad-hoc queries and reporting should be performed against read-only replicas, not the primary production database, to ensure performance and stability.
• Control Objective: You should leverage Guidewire's granular access control infrastructure to enforce the principle of least privilege. This includes the proper configuration of security zones, security types, claim access profiles, and producer code security.
• Control Objective: Permission models for API integrations should be configured separately from UI permissions and grant only the minimum necessary rights for the specific function.
  • Example: Reusing the same service account for multiple APIs creates unnecessary exposure. Assign unique scoped tokens and permission sets per integration.

Principle 4: Maintain Verifiable Audit and Integrity

You should have the ability to monitor and audit data access and changes to meet operational and regulatory requirements.

• Control Objective: You should configure Datadog access and retain all security and audit logs in accordance with your organization's legal and compliance requirements.
  • Example: A Personal Data Protection (PDP)-triggered purge event from ClaimCenter should be reflected in all downstream reporting and analytics platforms. Your data governance process should ensure that data is fully purged or obfuscated across the entire data ecosystem, not just the source application.
• Control Objective: You should validate the security metadata (roles, permissions) of any database snapshot before importing it into an environment to prevent permission disruption.
  • Example: If you import administrative data, such as activity patterns, ensure that all related security roles are included in the snapshot; otherwise, permissions may be disrupted in the destination system.
• Control Objective: All data import/export operations should use secure, encrypted channels (for example, SFTP, TLS-enabled endpoints).

Resources

Guidewire Cloud Standards:

• IS-IMP-1017: Logging

Guidewire Documentation:

• Configuring personal data destruction
• Data Masking
• Data model configuration for data destruction
• Personal data destruction
• Marking personally identifiable information (PII)
• Secrets
• Security administration

---