2021 Wisconsin Act 73 created new requirements related to insurance data security that applies to all insurers, intermediaries, and persons required to be licensed, authorized, or registered under Wis. Stats. chs. 600 to 655. This email contains the information your entity will need to comply with this requirement. Additional information regarding these requirements is available on OCI’s website at https://oci.wi.gov/Pages/Cybersecurity.aspx.

Wis. Stat § 601.952(8) requires that licensees provide an annual certification to OCI that the licensee is in compliance with the information security program requirements of Wis. Stat. § 601.952. Licensees must maintain records that support the certification for at least five years and shall produce the records when requested by OCI. The certification requirement only applies to licensees who are domiciled in the state of Wisconsin.  Annual certifications are required to be provided to OCI not later than March 1 every year beginning in 2023. 

• The certification form will be included in insurers' annual financial packets.
  

• Intermediary firms and other business entities licensed by Agent Licensing must submit a certification form. Certify compliance with the information security program requirements here .

• Individual producers are not required to submit a certification form; the exemption for licensees that have fewer than 50 employees would apply.

Note: Completion and submission of the annual certification form is required even if the licensee maintains that it is exempt.

Step-by-step tips for completing the Cybersecurity Certification Form:

1.     The certification forms will be submitted electronically at https://public.oci.wi.gov/finform/public/cybersecurity on or after January 1, 2023.

2.     We recommend that you use the Chrome browser.

3.     Enter the licensee’s NPN: After you enter the first 3 digits of your NPN, you will see a list of licensees. Clicking on your entity’s name will bring up the certification form. The form will be prepopulated with the licensee’s name, license type and NPN.

4.     Choose the Filing Year from the drop down: The certification attests that the licensee complied with the cybersecurity requirements during the prior calendar year. For example, the certification submitted by March 1, 2023 attests that the licensee was in compliance during the calendar year 2022. You should only choose the prior calendar year unless you receive a request from OCI.

5.     Exemption: If the licensee is claiming an exemption, check all boxes that apply. You may also add information in the text box.

6.     Attestation: Be sure to check the attestation box

7.     Enter the name of the contact person and his/her email address

8.     Submit: The Submit button is on top right of the form. If you get an error message, review the form to verify that all required information is entered.

9.     Download the pdf: Be sure to save or print the completed form for your records. Licensees are required to maintain records supporting the certification for at least five years.

Questions regarding the Cybersecurity Annual Certification form should be emailed to: OCICyberReport@Wisconsin.gov with the subject line: Annual Certification Form.  IIAW Members are also encouraged to contact the Matt Banaszynski, CEO of the IIAW with any questions pertaining to compliance. He can be reached at Matt@iiaw.com or by calling 608-256-4429.