DOL Fact Sheet: Final Overtime Rule

The Department of Labor (Department) is updating the earnings thresholds necessary to exempt executive, administrative or professional (EAP) employees from the Fair Labor Standards Act (FLSA) minimum wage and overtime pay requirements.

The Department is updating both the minimum weekly standard salary level and the total annual compensation requirement for “highly compensated employees” (HCEs) to reflect growth in wages and salaries. The new thresholds account for growth in employee earnings since the currently enforced thresholds were set in 2004. The Department believes that the update to the standard salary level will maintain the traditional purposes of the salary level test and will help employers more readily identify exempt employees.

The Department estimates that, as a result of the final rule, 1.3 million currently exempt employees will become nonexempt.

Links and Resources

The DOL has published the following resources to help employers prepare for and understand the final white collar overtime exemption rule. The DOL’s final rule is available here.

Highlights

Important Changes

  • The final rule increases the standard salary level for the EAP exemptions to $684 per week ($35,568 per year).
  • The final rule increases the HCE salary level to $107,432 per year.
  • The final rule permits using an employee’s  nondiscretionary bonuses toward 10 percent of his or her salary level.

Important Dates

  • Sep. 24, 2019: Final overtime rule is announced.
  • Jan. 1, 2020: Final overtime rule becomes effective.

Key Provisions of the Final Rule

The final rule updates the salary and compensation levels needed for workers to be exempt in the final rule:

  1. Raising the “standard salary level” from the currently enforced level of $455 to $684 per week (equivalent to $35,568 per year for a full-year worker);
  2. Raising the total annual compensation level for HCEs from the currently enforced level of $100,000 to $107,432 per year;
  3. Allowing employers to use nondiscretionary bonuses and incentive payments (including commissions) that are paid at least annually to satisfy up to 10 percent of the standard salary level, in recognition of evolving pay practices; and
  4. Revising the special salary levels for workers in U.S. territories and in the motion picture industry.

Additionally, the Department intends to update the standard salary and HCE total annual compensation levels more regularly in the future through notice-and-comment rulemaking.

Standard Salary Level

The Department is setting the standard salary level at $684 per week ($35,568 for a full-year worker). The salary amount accounts for wage growth since the 2004 rulemaking by using the most current data available at the time the Department drafted the final rule.

The Department is updating the standard salary level set in 2004 by applying to current data the same method and long-standing calculations used to set that level in 2004—i.e., by looking at the 20th percentile of earnings of full-time salaried workers in the lowest-wage census region (then and now the South), and/or in the retail sector nationwide.

HCE Total Annual Compensation Requirement

The Department is setting the total annual compensation requirement for HCEs at $107,432 per year. This compensation level equals the earnings of the 80th percentile of full-time salaried workers nationally. To be exempt as an HCE, an employee must also receive at least the new standard salary amount of $684 per week on a salary or fee basis (without regard to the payment of nondiscretionary bonuses and incentive payments).

Special Salary Levels for Employees in U.S. Territories and Special Base Rate for the Motion Picture Producing Industry

The Department is maintaining a special salary level of $380 per week for American Samoa because minimum wage rates there have remained lower than the federal minimum wage. Additionally, the Department is setting a special salary level of $455 per week for employees in Puerto Rico, the U.S. Virgin Islands, Guam, and the Commonwealth of the Northern Mariana Islands.

The Department also is maintaining a special “base rate” threshold for employees in the motion picture producing industry. Consistent with prior rulemakings, the Department is increasing the required base rate proportionally to the increase in the standard salary level test, resulting in a new base rate of $1,043 per week (or a proportionate amount based on the number of days worked).

Treatment of Nondiscretionary Bonuses and Incentive Payments

In the final rule, in recognition of evolving pay practices, the Department also permits employers to use nondiscretionary bonuses and incentive payments to satisfy up to 10 percent of the standard salary level. For employers to credit nondiscretionary bonuses and incentive payments toward a portion of the standard salary level test, they must make such payments on an annual or more frequent basis.

If an employee does not earn enough in nondiscretionary bonus or incentive payments in a given year (52-week period) to retain his or her exempt status, the Department permits the employer to make a “catch-up” payment within one pay period of the end of the 52-week period. This payment may be up to 10 percent of the total standard salary level for the preceding 52-week period. Any such catch-up payment will count only toward the prior year’s salary amount and not toward the salary amount in the year in which it is paid.

Updating

Experience has shown that fixed earning thresholds become substantially less effective over time. Additionally, lengthy delays between updates necessitate disruptively large increases when overdue updates finally occur. Accordingly, in the final rule the Department reaffirms its intent to update the earnings thresholds more regularly in the future through notice-and-comment rulemaking.

Source: U.S. Department of Labor


How to Take your 2020 Benefit Change Rollout to the Next Level

Employers are faced with the challenge of how to engage employees each year during open enrollment. Instead of printouts and email campaigns, try a new communication method this year. Read this blog post for easy tips to try this open enrollment season.


With open enrollment right around the corner, employers are faced with the annual question: how are we going to get employees engaged, while helping them make the smartest benefit decisions for their individual situations?

This year, instead of plain old printouts and email, try a new method. Whether you are changing providers, introducing new features, or simply showcasing existing options, switching up your enrollment process can be easier and more enjoyable than you’d think. Give these quick and easy tips a try for a better time come January 1.

Have a Lunch & Learn

Who doesn’t love a lunch & learn? Free food and a little break from the status quo is a much-welcomed way to get on board with the changes 2020 will bring. Whether you are opting for an informative webinar or an in-person presentation, providing a free lunch is a great way to encourage employee participation while boosting team morale.

If you are hosting an in-person benefits presentation, be sure to have your information nicely (and concisely!) summarized. Having a paper takeaway or a digital follow-up is key, as sometimes open enrollment can be overwhelming. Many people prefer to have something they can reference at a later date to help make their decision, so be sure those materials are available.

Teamwork Makes the Dream Work

If it’s possible, why not get the whole team involved in asking questions and brainstorming? Benefit changes can be complex and confusing, and sometimes people feel too shy to ask questions during a formal presentation. Try breaking up into smaller groups and challenging each mini-team to answer ten questions related to open enrollment and benefits. The group that gets the most right answers wins a prize!

Design Your Rollout Mobile & Digital First

Mobile. It might seem like a no-brainer, but employees are going to be quicker to respond to changes if there’s an easy process that meets them where they are: their mobile devices. Reminding employees of a mobile registration option is a great way to capture high engagement rates. The key to a user-friendly registration is making it as turnkey as possible. If employees have to fish around for URLs, passwords, group numbers, et cetera, they are going to be less likely to complete these items in a timely fashion. Provide all the information you can upfront.

Add Social to Your Strategy. If you are not taking advantage of a social strategy such as Facebook, Slack, LinkedIn, Twitter, and more, the time is now! Digital quizzes, surveys, and chat channels can work wonders for engaging your employees during the open enrollment process while facilitating knowledge sharing. Why not create an internal Facebook group or Slack channel where your team can ask questions and exchange information? The outcome of benefits decisions usually lasts all year, so it’s important for people to have their questions answered in a casual, user-friendly environment. A big benefit for your HR team is that a digital-first strategy will cut down on “random question” drop-ins and interruptions at your office. Send everyone to one place in the digital space!

SOURCE: Olson, B. (15 October 2019) "How to Take your 2020 Benefit Change Rollout to the Next Level" (Web Blog Post). Retrieved fromhttp://blog.ubabenefits.com/how-to-take-your-2020-benefit-change-rollout-to-the-next-level


DOL Issues Updated Medicaid / CHIP Model Notice

An updated Premium Assistance Under Medicaid and the Children’s Health Insurance Program (CHIP) Model Notice was recently issued by the Department of Labor (DOL). Read this post from UBA to learn more.


The Department of Labor (DOL) issued an updated Premium Assistance Under Medicaid and the Children’s Health Insurance Program (CHIP) Model Notice. Employers should distribute the updated model notice before the start of the plan year if they have any employees in a state listed in the notice.

SOURCE: Hsu, K. (10 October 2019) "DOL Issues Updated Medicaid / CHIP Model Notice" (Web Blog Post). Retrieved from http://blog.ubabenefits.com/dol-issues-updated-medicaid-/-chip-model-notice


Compliance Recap - September 2019

September was a busy month in the employee benefits world.

The U.S. Senate confirmed Eugene Scalia as the new Secretary of the Department of Labor (DOL).

The Internal Revenue Service (IRS) published proposed rules regarding affordability safe harbors and Section 105(h) nondiscrimination rules as applied to individual coverage health reimbursement arrangements (ICHRAs). The IRS also announced that the health insurance providers fee will resume for 2020. The IRS released an information letter regarding transition relief and whether employer shared responsibility penalties may be waived under the Patient Protection and Affordable Care Act.

The DOL, Department of Health and Human Services (HHS), and Treasury (collectively, the “Departments”) released final FAQs on mental health parity.

The DOL issued an opinion letter regarding delaying Family and Medical Leave Act (FMLA) leave. The DOL also issued an opinion letter regarding whether employer contributions to health savings accounts (HSAs) are earnings subject to wage garnishment under the Consumer Credit Protection Act (CCPA).

UBA Updates

UBA released one new advisor: FAQs, Model Disclosure, Fact Sheet on Mental Health Substance Abuse Disorder Parity

UBA updated or revised existing guidance:

IRS Publishes Proposed Rules on Affordability Safe Harbors and Nondiscrimination for ICHRAs

The Internal Revenue Service (IRS) published proposed rules clarifying how the employer shared responsibility provisions and Section 105(h) nondiscrimination rules apply to health reimbursement arrangements (HRAs) and other account-based group health plans that are integrated with individual health insurance coverage or Medicare.

Public comments on the IRS’ proposed rules are due by December 30, 2019. Because employers may want to offer individual coverage HRAs beginning on January 1, 2020, before the IRS publishes its final regulations, the IRS provides a time period within which employers may rely on the proposed regulations.

Read more about the proposed rules.

IRS Announces Health Insurance Providers Fee to Resume in 2020

As background, the Patient Protection and Affordable Care Act (ACA) imposes a fee on each covered entity (for example, health insurers or a non-fully insured MEWA) engaged in the business of providing health insurance for United States health risks. There was a moratorium on the fee for 2017 and there is a suspension on the fee for 2019. Under IRS Notice 2019-50, absent legislative action, the fee will resume for 2020. According to an estimate by the American Academy of Actuaries, the fee will increase premiums by one to three percent in 2020.

Read more about the health insurance providers fee.

IRS Releases Information Letter on Employer Shared Responsibility Penalties under the ACA

The Internal Revenue Services (IRS) released an information letter responding to an inquiry of whether employer shared responsibility penalties (ESRPs) may be waived or reduced based on hardship or other factors and whether the IRS will extend the transition relief for employers with fewer than 100 employees.

The letter notes that the law does not provide for waiver of ESRPs. While the IRS provided several forms of transition relief in 2015 and 2016, no transition relief is available for 2017 and future years. Although the January 20, 2017, executive order Minimizing the Economic Burden of the ACA Pending Repeal directs federal agencies to exercise authority and discretion to waive, defer, and grant exemptions from the ACA provisions, the ACA’s legislative provisions are still in force until Congress changes them.

DOL, HHS, and Treasury Releases Final FAQs on Mental Health / Substance Use Disorder Parity

The U.S. Departments of Labor (DOL), Health and Human Services (HHS), and the Treasury (collectively, the “Departments”) released final FAQs About Mental Health and Substance Use Disorder Parity Implementation and the 21st Century Cures Act Part 39. The Departments respond to FAQs as part of implementing the Paul Wellstone and Pete Domenici Mental Health Parity and Addiction Equity Act of 2008 (MHPAEA), as amended by the Patient Protection and Affordable Care Act (ACA) and the 21st Century Cures Act (Cures Act). The FAQs contain a model disclosure form that employees can use to request information from their group health plan or individual market plan regarding treatment limitations that may affect access to mental health or substance use disorder (MH/SUD) benefits.

The DOL also released an enforcement fact sheet summarizing the DOL’s closed investigations and public inquiries regarding mental health and substance use disorder during the 2018 fiscal year.

Read more about the FAQs, model disclosure form, and the enforcement fact sheet.

DOL Issues Opinion Letter on Delaying FMLA Leave

The Department of Labor (DOL) issued an opinion letter in response to an inquiry of whether an employer may delay designating paid leave as Family and Medical Leave Act (FMLA) leave if the delay complies with a collective bargaining agreement (CBA). The employer is a government public agency subject to CBAs that allow or require employees to delay taking unpaid leave until after the CBA-protected accrued paid leave is exhausted. The CBA-protected leave is treated as continuous employment and does not affect an employee’s seniority status under state civil service rules.

The Department of Labor (DOL) concluded that, under the FMLA, once an employer has enough information to determine that an employee’s leave request qualifies as FMLA leave, the employer must designate the leave as FMLA. The employer may not delay designating paid leave as FMLA leave when leave is requested for an FMLA qualifying reason. The FMLA leave would run concurrently with the CBA-protected leave. Because an employee’s entitlement to benefits (not including health benefits) during a period of FMLA leave is determined by the employer’s policy for providing benefits during other forms of leave, the employee must accrue seniority the same as the employee would if the employee only took CBA-protected leave.

DOL Issues Opinion Letter on CCPA Wage Garnishment Regarding HSAs

The Department of Labor (DOL) issued an opinion letter responding to an inquiry of whether employer contributions to employee health savings accounts (HSAs) constitute earnings for wage garnishment purposes under the Consumer Credit Protection Act (CCPA).

The DOL concluded that employer contributions to HSAs are not earnings under the CCPA for wage garnishment purposes because the contributions do not compensate an employee directly for the amount or value of an employee’s services, are not included in an employee’s take-home pay, and can only be used to reimburse qualified medical expenses without being subject to taxes and penalties.

Question of the Month

Q: We recently received a medical loss ratio (MLR) rebate. How should the money be distributed?

A: If the plan document states how a rebate should be used, then the plan administrator should follow the plan document’s terms.

If the plan document is silent on how the rebate should be distributed, then the following general principles apply.

How should the rebate be divided?

Assuming both the employer and employees contribute to the cost of coverage, the rebate should be divided between the employer and the employees, based on the employer’s and employees’ relative share. Employers may divide the rebate in any reasonable manner – for example, the rebate could be divided evenly among the employees who receive it, or it may be divided based on the employee’s contribution for the level of coverage elected.

Employers are not required to precisely determine each employee’s share of the rebate, and so do not need to perform special calculations for employees who only participated for part of the year, moved between tiers, etc.

Using the example that the rebates are based on premiums paid to the carrier for calendar year 2018, the employer may pay the rebate only to employees who participated in the plan in 2018 and are still participating, only to current participants (even though the rebate relates to 2018), or to those who participated in 2018, regardless whether they are currently participating.

Insurers must send a notice to all employees who participated in the plan in 2018 stating that a rebate has been issued to the employer, so employers who choose to limit rebate payments to those who are currently participating should be prepared to explain why the rebate is only being paid to current participants. This might include the fact that since the rebate would be taxable income, the amount involved does not justify the administrative cost to locate former participants and issue a check.

Are former plan participants entitled to a share of the rebate?

Whether former participants should be included in any rebate allocations depends on the type of plan involved. For ERISA plans, there is no requirement that former participants be included or excluded. However, the Department of Labor’s (DOL) Technical Release, in discussing fiduciary decisions regarding distribution of rebates, states that if a fiduciary determines that the cost of including former participants in a rebate distribution approximates the amount of the rebate, the fiduciary may properly decide to allocate the rebate only to current participants. This means that plan fiduciaries should consider whether to include former participants and should make a prudent decision based on all of the facts and circumstances.

For non-federal governmental plans, the interim final regulations specifically require any portion of a rebate that is based on former participants’ contributions to be aggregated and used for the benefit of current participants.

For nongovernmental, non-ERISA plans, the interim final regulations provide that if the rebate is paid to the policyholder (which is only permissible if the policyholder has given the insurer written assurance that meets the requirements of the regulations), the policyholder must allocate the rebate to current participants only, in the same way as a non-federal governmental plan. If the rebate is paid directly to participants by the insurer (because the policyholder has declined to provide a written assurance), the insurer must distribute the rebate equally among those who were participants during the MLR reporting year on which the rebate is based.

How may the employer use the rebate?

The employer may pay the rebate in cash, use it for a premium holiday, or use it for benefit enhancements. The rebate must be applied or distributed within 90 days after it is received.

A cash rebate is taxable income to the employee if it was paid with pre-tax dollars.

A premium holiday should be completed within 90 days after the rebate is received (or the rebate needs to be deposited into a trust).

Benefit enhancements include reduced copays or deductibles (which may not be practical due to the timing requirements) or wellness-type benefits that the employer would not have offered without the rebate, such as free flu shots, a health fair, a lunch and learn on nutrition or stress reduction, or a nurse line. 

How should the rebate be provided?

The employer should consider the practical aspects of providing a rebate in a particular form.

Generally, the larger the amount that would be due to an individual, the more effort the employer should make to directly benefit the person (either through a cash rebate or premium holiday). While benefit enhancements are permissible, a large rebate should be used to provide a direct benefit enhancement, such as a reduced co-pay, and not for a general benefit, such as flu shots.

The agencies have not provided any details as to what amount is so small that it does not need to be returned to the employee. (Insurers are not required to issue a rebate check to individuals if the amount is less than $5.00.) A cash rebate is taxable income if the premium was paid with pre-tax dollars, so issuing a check that is very small after taxes should not be necessary. If an employer knows it costs $2.00 to issue a check, issuing a rebate check for $1.00 should not be necessary. However, an employer cannot simply keep the rebate if it determines that cash refunds are not practical – it will need to use the employee share of the rebate to provide a benefit enhancement or premium reduction.

10/1/2019


Commercial Risk Advisor - October 2019

The Cost of Employee Turnover

High turnover rates can be incredibly costly to an organization, making employee retention vital to success. While established employees can offer valuable insights based on their experiences in the organization, when they leave the organization they take all of that experience with them, forcing resources to be used on finding and training a replacement.

The cost of turnover can be divided into two types: direct and indirect.

  • Direct costs include those tied to replacement costs such as advertising the open position, and interviewing and testing candidates; and the costs of training new hires.
  • Indirect costs include factors that cannot be measured directly but are costly nonetheless, such as lost productivity and knowledge, and lower morale as a result of turnovers.

While the exact cost of each turnover varies, estimates suggest that replacing an employee could cost as high as 200% of the annual salary of that departing employee.

Keeping Turnover Low

Employee turnover is often caused by insufficient employee engagement. While compensation is typically a factor in turnovers, the lack of opportunities to advance and a stressful or otherwise unsatisfactory work environment are also contributing factors. Focus on improving company culture, pay and benefits, and providing a clear path for career development. Offering the ability to submit suggestions and complaints anonymously can encourage otherwise intimidated employees to share their insights.

Additionally, conducting exit interviews with departing employees can offer valuable insight into the exact cause of turnovers and what can be improved to increase employee retention. Any recurring complaints indicate areas for close examination and improvement.

According to the U.S. Department of Labor - slips, trips and falls account for over 95 million lost work days every year.

10 Tips to Avoid Slips, Trips And Falls at Your Workplace

Slips, trips and falls account for a large percentage of workplace accidents. As an employer, it is your responsibility to make certain all of your employees are following proper safety procedures and guidelines set in place by your company to ensure their safety.

Thankfully, there are various actions you and your workers can take to help alleviate workplace injuries caused by slip, trip and fall hazards.

Tips to Avoid Slips, Trip and Fall Hazards

To make sure all of your employees are working in a safe environment—the following 10 tips can help you and your workers minimize slip, trip and fall hazards at your company:

1. Maintain good housekeeping practices. A clean facility is your first line of defense against slips, trips and falls.

2. Require employees to wear the appropriate footwear required for specific job duties (e.g. nonslip, closed toe or  water-resistant).

3. Encourage employees to stay alert while on the job by eliminating any distractions that could cause them to lose focus and overlook a potential hazard.

4.  Place wet floor signs by all spills or wet surfaces to alert workers of a slipping hazard.

5.  Ensure spills are cleaned up immediately after they occur—try instating a cleanup procedure that explains the proper protocol for quickly and effectively cleaning a spill.

6.  Verify that all areas being utilized by employees are well-lit and that lightbulbs are being replaced regularly.

7.  Keep all high-traffic areas free of any objects, spills or debris in order to provide a safe walkway for all employees.

8.  Perform regular maintenance on all flooring, safety rails and stairs to avoid any instability that may lead to an injury.

9.  Assign workers cleanup responsibilities to help minimize various hazards that can accumulate throughout the day.

10.  Conduct regular inspections of your workplace to identify and resolve any slip, trip and fall hazards.

Discuss these tips with your employees to help reduce injuries caused by slips, trips and falls.

A turnover could cost as much as 200% of the annual salary of the departing employee.

Download the Newsletter

A monthly safety newsletter from


Trucking Risk Advisor - October 2019

Proposed Delay to Drug & Alcohol Clearinghouse Won’t Affect Motor Carriers

The Federal Motor Carrier Safety Administration (FMCSA) is asking for input regarding a possible delay for state licensing agencies (SLAs) and the Commercial Driver’s License Drug and Alcohol Clearinghouse (Clearinghouse).

The proposed rule would delay when SLAs would be required to begin requesting information from the Clearinghouse by 3 years. The current start date, along with other parts of the 2016 Clearinghouse final rule, is Jan. 6, 2020. The proposal would affect only SLAs and would push that date back to Jan. 6, 2023.

Why the Wait?

The proposed delay is intended to address concerns regarding the 2016 Clearinghouse final rule, which did not include details about how SLAs should use information that they obtain from the Clearinghouse.

The FMCSA says that pushing the deadline back to 2023 would provide more time for figuring out SLAs’ access to, and use of, driver-specific information from the database.

If approved, states would not be required to perform checks on drivers who are licensed or seeking to be licensed until Jan. 6, 2023. However, beginning on the original Jan. 6, 2020 date, states would be free to request information from the Clearinghouse at their own discretion.

The FMCSA also has future plans for another notice of proposed rulemaking that would address concerns raised by the American Association of Motor Vehicle Administrators about possible operational issues related to states’ roles in the Clearinghouse.

Unchanged for Others

While the proposal would push requirements back for SLAs, the Jan.6, 2020 compliance deadline would remain in effect for CDL holders, motor carriers and employers.

The 2016 Clearinghouse final rule created a national clearinghouse for drug and alcohol testing. In addition, it sets requirements for license holders in regard to reporting violations of drug and alcohol testing regulations. Motor carriers and employers are also required to perform checks with the Clearinghouse during the hiring process of any prospective employees and must also check the database for existing employees’ statuses at least once per year.

The FMCSA says that the new Clearinghouse rule will help make roads safer, and the agency estimates that it will eliminate approximately 900 crashes per year.

Input and opinions on the proposed delay for SLAs will be considered by the FMCSA before the agency releases a final rule. Comments regarding the proposal must be turned in by Oct. 7, 2019, and can be submitted online.

Newsletter Provided by: Hierl's Property & Casualty Experts

Download the Newsletter

Cyber Risks and Liabilities - Fourth Quarter 2019

3 Risks Associated With Removable Media Devices

Portable hard drives, USB flash drives, memory cards and other types of removable media are vital for the quick storage and transportation of data. For many businesses, removable media can be used as backup storage for critical digital files or even free up additional storage space for work computers.

While removable media is easy to use and has many business applications, it isn’t without its share of risks. The following are some considerations to keep in mind when using removable media at your organization:

  • Data security—Because removeable media devices are typically small and easy to transport, they can easily be lost or stolen. In fact, every time you allow an employee to use a USB flash drive or other small storage device, your organization’s critical or sensitive information could fall into the wrong hands. What’s more, even if you encrypt your removable storage devices, you will not be able to recover lost files once the USB flash drive or other device is lost.
  • Malware—Simply put, when employees use removable media devices, they can unknowingly spread malware between devices. This is because malicious software can easily be installed on USB flash drives and other storage devices. In addition, it just takes one infected device to infiltrate your company’s entire network.
  • Media failure—Despite its low cost and convenience, removable media is inherently risky. This is because many devices have short life spans and can fail without warning. As such, if a device fails and your organization doesn’t have the files backed up, you could lose key files and data.

Thankfully, there are ways to mitigate risks associated with removable media. To use these devices effectively while maintaining data security, consider doing the following:

  • Develop a policy for related to removable media use.
  • Install anti-virus software that scans removable media devices.
  • Ensure all removable media devices are encrypted. Passwords to these devices should never be shared.
  • Instruct employees to never use unapproved removable media in a computer.
  • Have employees keep personal and business data separate.
  • Establish a process for wiping all portable media devices when they are no longer needed.

Cloud Computing 101

There are many benefits to adopting cloud computing at your organization, such as reduced IT costs and increased scalability. However, it’s important to note that there are different cloud service and deployment models, each with their own benefits and risks. There is no single type of cloud computing that will work best for everyone, so it’s important to conduct research to determine the right fit for your organization.

Types of Cloud Computing Service Models

There are three distinct cloud computing service models: Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).

The SaaS distribution model provides you with an application that is managed by the service provider and accessible through the internet. As such, SaaS applications need not be installed or updated on individual computers.

The PaaS model allows organizations to safely develop, test and deploy applications without needing to manage the underlying infrastructure. This provides flexibility that allows deployments to scale quickly.

The IaaS model provides organizations with a specified amount of cloud storage space to do with whatever they want. This allows the greatest amount of flexibility, as the organization is responsible for accessing, monitoring and managing their data that is stored in the cloud. In this case, the service provider typically only manages hardware, storage and networking, though other services may be provided at additional costs.

Types of Cloud Deployment Models

Just like with service models, there are various different ways that a cloud can be deployed. This includes a public cloud, which is cost-effective and efficient but means that your data may be stored on the same server as others’. A private cloud, however, allows your organization greater control over infrastructure and computational resources by having them located on private networks.

Lastly, a hybrid cloud combines on-site infrastructure with a cloud environment. This allows organizations to utilize different types of service providers based on what is ideal for each business requirement.

Best Practices for Contracting With Managed Service Providers (MSPs)

While working with a managed service provider (MSP) can be efficient and cost-effective, it’s important to carefully consider the organization that you plan on working with and get a holistic view of its operations and security. Because an MSP has direct access to sensitive systems and information, working with one is not to be taken lightly. While doing so puts your IT infrastructure in the hands of experts, it also comes with its own risks. For example, MSPs may be a target for cyber criminals, as compromising one MSP potentially compromises every organization that it works with.

To help keep your organization’s digital information and resources secure, there are a number of best practices and security considerations to keep in mind when contracting with managed service providers:

  • Perform a detailed risk assessment and enforce associated mitigations before working with a managed service provider. Some considerations include:
    • How a cloud service (if used) is implemented and managed
    • Who has access to data and how it is secured
    • The intended purpose of engaging with the managed service provider
    • Potential challenges that may arise during incident detection and response, such as the managed service provider’s availability during off hours

  • Keep operating systems and software up to date.
  • Ensure that an MSP follows organizational security, privacy and legislative requirements.
  • Find out how closely the MSP adheres to an IT security management framework.
  • Use secure computers with multifactor authentication, strong passwords, few access privileges and encrypted network traffic to administer the cloud service.
  • Do not provide the MSP with account credentials or access to systems outside of their responsibility.
  • Use cryptographic controls to protect data in transit to and from the MSP.
  • Consider full data encryption for critical information while at rest and while maintaining control of encryption keys.
  • Employ full hard-drive encryption to ensure data at rest on storage media is not recoverable should the MSP replace or upgrade physical hard drives.

For more risk management strategies related to cyber exposures, contact Hierl Insurance Inc. today.

Portable hard drives, USB flash drives, memory cards and other types of removable media are vital for the quick storage and transportation of data.

Download the Newsletter

A monthly safety newsletter from