Updated May 15, 2026 · 10 platforms evaluated

Top 10 Physical Security Software for Insurance Carriers in 2026: A Buyer-First NAIC + NYDFS + GLBA Ranking

Honest 2026 ranking of the 10 best physical security software platforms for insurance carriers covering HQ, data centre, claims offices, and executive protection.

By RiskWatch Editorial · Insurance Carrier Physical Security and NAIC + NYDFS Software Research

Verdict

TL;DR

If you run physical security for a US or global insurance carrier, reinsurer, broker, or insurance holding company covering the corporate HQ, primary and DR data centres, a distributed network of state claims offices and health-plan service centres, executive-protection and principal-protection programs for the C-suite and named executive officers after the December 2024 UnitedHealthcare CEO incident, NAIC IT examinations on physical safeguards under the NAIC Insurance Data Security Model Law (Model #668) Section 4, NYDFS 23 NYCRR Part 500 §500.03(g), GLBA Safeguards Rule 16 CFR Part 314.4(c)(1) physical controls, NAIC ORSA Section 3 operational resilience and business continuity, HIPAA Security Rule physical safeguards 45 CFR 164.310 for health-insurance subsidiaries, SOX 404 ICFR physical-access for public-holding carriers, and PCI DSS v4.0.1 Requirement 9 for premium-payment card environments, RiskWatch ranks first on our weighted score because it ships NAIC Insurance Data Security Model Law + NYDFS Part 500 + GLBA Safeguards + HIPAA Security physical + SOX 404 PE + PCI DSS v4 §9 + NAIC ORSA business-continuity + ASIS Facility Physical Security Control Standards + NIST 800-53 PE as pre-built libraries in one tenant with four crime-data feeds, offline mobile site walks at HQ floors and distributed claims offices, and customer-owned single-tenant data residency. AlertEnterprise Guardian is the strongest pick when PIAM convergence across Workday, Active Directory, and PACS (Lenel S2 OnGuard, Genetec Synergis, AMAG Symmetry) is the primary surface for claims-adjuster onboarding and termination governance at scale; Genetec Security Center is the default unified VMS plus access control for HQ towers and primary data centres; Verkada is the right shape for a 200-500 claims-office network where cloud-managed cameras and access scale without a per-site server stack; Resolver is the strongest fit when the program is owned by the Global Security Operations Centre and the executive-protection workspace tied to Kroll global intelligence sits on top of investigations rather than a TVRA library. Pick by what your state DOI IT examiner, NYDFS DFS-1 reviewer, and NAIC ORSA reviewer are going to read at the next cycle, not by vendor demo polish: eight of the ten platforms here will not publish a list price.

Pick by use case

Where each platform fits

NAIC + NYDFS + GLBA + ORSA + HIPAA multi-framework physical-security GRC coverage for insurance carriers: RiskWatch: NAIC Insurance Data Security Model Law Section 4 + NYDFS Part 500 §500.03(g) + GLBA Safeguards Rule 16 CFR Part 314.4(c)(1) + NAIC ORSA business-continuity + HIPAA Security Rule physical 45 CFR 164.310 + SOX 404 PE + PCI DSS v4 §9 + ASIS Facility Physical Security Control Standards + NIST 800-53 PE pre-mapped in one tenant; four crime-data feeds; offline mobile site walks at HQ floors and distributed claims offices; used by US insurance holding companies.
PIAM across Workday, Active Directory, and PACS for claims-adjuster onboarding and termination governance: AlertEnterprise Guardian: G2 Spring 2026 Grid Leader for Physical Security (announced March 22 2026); deepest Lenel S2 + Genetec + Software House CCURE + AMAG Symmetry PACS integration; ties Workday + Oracle HCM + UKG termination status to badge revocation and Active Directory deprovisioning for the distributed claims-adjuster workforce; SailPoint + Saviynt identity-governance convergence; GenAI identity reconciliation across IT + PACS directories for contractor-adjuster sprawl after major catastrophes.
Unified VMS + access control for HQ towers, primary data centres, and DR sites at carrier scale: Genetec Security Center: Industry standard for unified video, Synergis high-assurance access control, AutoVu ALPR for executive-parking and visitor governance, and intrusion at insurance HQ tower scale; Security Center SaaS pricing published per channel and per door; large US property-and-casualty and life-insurance install base; founder-led Montreal independence is a stability advantage versus PE-owned competitors in carrier procurement.
Enterprise PACS at HQ and data-centre cages under SOX 404 ICFR for public insurance holding companies: Lenel S2 OnGuard: Honeywell-owned (Carrier divestiture completed 2024); deep PACS install base at top-30 US insurance holding companies for HQ towers and primary data centres; OnGuard 8.2 supports SOX 404 ICFR physical-access logging at scale for general-ledger and reserve-system physical-access; integrates with AlertEnterprise Guardian for SOX 404 quarterly access certification.
Cloud-native unified physical security for 200-500 state claims offices and health-plan service centres: Verkada: Cloud-native unified suite spanning cameras + access + alarms + intercom + sensors + guest in one console; $5.8B CapitalG round Dec 2025; $1B+ ARR across 30,000+ customers; 4.5/5 G2 across 1,800+ reviews; right shape for distributed claims-office and service-centre networks where a per-site server stack is uneconomic.
Cloud access at claims-office and CAT-response-trailer site-add velocity with published per-door pricing: Brivo: Cloud access from $13.50/door/month published price (per Acre Security); fastest multi-site rollout for claims-office network site-adds and temporary catastrophe-response trailer deployments after hurricanes, wildfires, and severe convective storms; SOC 2 Type II + ISO/IEC 27001:2022 + GDPR; Eagle Eye Networks video pairing for claims-office evidence retention.
Cloud-native VMS + access at data-centre cages and DR sites with AI analytics and Motorola dispatch: Avigilon Alta: Motorola Solutions cloud-native suite combining former Openpath access and Ava Security video on a serverless architecture; AI analytics including unattended-bag and tailgating for data-centre cages; Motorola APX P25 dispatch radio integration for SOC-to-guard-force comms at carrier HQ; ISC West 2026 GenAI roadmap including Avigilon Intercom Touch.
Financial-services-heritage PACS with banking and insurance reference base and CONNECT identity portal: AMAG Symmetry: G4S subsidiary under Allied Universal since April 2021; second of the two PACS estates carriers and bank holding companies commonly run alongside Lenel S2 OnGuard; Symmetry CONNECT identity-management portal for claims contractor and visitor governance; deep audit-trail customisation for SOX 404 and NAIC IT examiner review.
Investigations + executive-protection workspace for the C-suite and named executive officers: Resolver: Kroll subsidiary since March 2022; deepest insider-threat investigations and case-management workflow of the ten platforms here; executive-protection / principal-protection module aligned to ASIS Executive Protection Standard published September 2025; G2 Best Software Awards 2025 GRC honoree; Kroll global investigations and intelligence feed integration for travel-risk and residence-protection at carrier scale.
Open VMS for heterogeneous camera fleets across HQ, data centres, and 200-500 claims offices: Milestone XProtect: Canon-owned since 2014; open-platform VMS supporting 8,000+ supported devices, which preserves carrier capex on Axis + Bosch + Hanwha + Pelco + Sony camera fleets assembled over many years of HQ + claims-office procurement; XProtect 2026 R1 long-term cloud video storage + scheduled reporting + WebSocket PTZ API; free Essential+ tier for small admin offices and CAT-response trailer pilots.

Physical security software for insurance carriers is a label that masks five different buying jobs. Carrier security directors come to this category looking for one of five things: a multi-framework physical-security assessment platform that survives a state DOI IT examination on the NAIC Insurance Data Security Model Law (Model #668) Section 4 physical safeguards, an NYDFS 23 NYCRR Part 500 §500.03(g) reviewer, a GLBA Safeguards Rule 16 CFR Part 314.4(c)(1) FTC examiner for non-bank affiliates, a NAIC ORSA reviewer on operational resilience and business continuity, and a PCAOB lead on SOX 404 ICFR for public-holding carriers; a Physical Identity and Access Management system that ties Workday, Active Directory, and the PACS together for claims-adjuster onboarding and termination governance across 30-500 distributed offices; a unified Video Management System and access control platform for the corporate HQ tower, the primary data centre, and the DR site; a cloud-native VMS plus access platform for the distributed claims-office and health-plan service-centre footprint; or an insider-threat investigations and executive-protection workflow tied to the carrier's Global Security Operations Centre expanded after the December 2024 UnitedHealthcare CEO incident. The ten platforms in this ranking serve at least one of those briefs well, and none of them serves all five equally.

We considered 24 platforms across the G2 Spring 2026 Grid for Physical Security, the ASIS Foundation vendor directory, the RIMS (Risk and Insurance Management Society) vendor list, the NAIC Insurance Data Security Working Group adopting-state guidance, and conversations with insurance security directors at RIMS Riskworld and the ASIS Global Security Exchange. We cut to ten by removing pure-play body-worn cameras and patrol-management tools, excluding cyber-only insider-threat detection vendors (Exabeam, Securonix, Proofpoint Insider Threat are user-and-entity-behaviour-analytics platforms that ingest from physical PACS but are not physical-security platforms themselves), excluding pure managed-service plays without a first-party SaaS product (Kastle Systems, Securitas integrator practices), excluding Honeywell Pro-Watch in favour of Milestone XProtect because insurance carriers typically run heterogeneous camera fleets at distributed claims offices that benefit from XProtect 8,000+ device coverage more than from Honeywell HVAC convergence at a single HQ, excluding Convergint as an integrator rather than a software product, and including the two PACS estates US insurance holding companies most commonly run (Lenel S2 OnGuard and AMAG Symmetry). The result is ten platforms a real insurance carrier, reinsurer, broker, or insurance holding company security director might shortlist in 2026.

Pricing transparency is poor in this category. Eight of the ten platforms here gate pricing behind a demo or a deployment scope. Genetec publishes Security Center SaaS pricing per channel and per door. Brivo publishes door-month pricing. Verkada publishes per-camera SaaS bands. The other seven, including RiskWatch (partial), are quote-only at the enterprise tier. We triangulated the opaque vendors from public third-party teardowns and dated each estimate. The methodology block at the bottom of this page spells out the weights and the sources.

At-a-glance

Comparison table

The 10 platforms scored on the methodology weights at the bottom of this page. Pricing-transparency pill is the buyer-honesty signal.

Rank	Product	Best for	Pricing transparency	G2	Verdict
1	RiskWatch RiskWatch International	US insurance carriers, reinsurers, brokers, and insurance holding companies running NAIC Model #668 + NYDFS Part 500 + GLBA + NAIC ORSA + HIPAA + SOX 404 across HQ towers, data centres, distributed claims offices, health-plan service centres, and CAT-response trailers in one tenant.	Partial	4.5/5 60+ reviews	NAIC Insurance Data Security Model Law (Model #668) Section 4 + NYDFS Part 500...
2	AlertEnterprise Guardian AlertEnterprise, Inc.	Top-30 US insurance carriers, reinsurers, and insurance holding companies where PIAM convergence across Workday + Active Directory + PACS is the primary risk surface for claims-adjuster onboarding and termination governance at scale.	Opaque	4.4/5 90+ reviews	G2 Spring 2026 Grid Leader for Physical Security category (announced March 22 2026)
3	Genetec Security Center Genetec Inc.	US and global insurance carriers, reinsurers, brokers, and insurance holding companies running unified VMS + access at HQ towers, primary data centres, and DR sites; the default VMS + access pick when AlertEnterprise sits above it for PIAM and RiskWatch sits above for assessment.	Partial	4.5/5 220+ reviews	Industry-standard unified VMS + access + ALPR + intrusion platform with a large US...
4	Lenel S2 OnGuard Honeywell International (NYSE: HON)	Top-30 US insurance holding companies and public-holding carriers standardizing PACS across HQ towers and primary data centres under SOX 404 ICFR physical-access logging requirements; carriers running an all-Honeywell HQ-stack.	Opaque	4.2/5 90+ reviews	Deep PACS install base at top-30 US insurance holding companies for HQ towers and...
5	Verkada Verkada Inc.	Regional carriers, insurance brokers, distributed claims-office networks, and health-plan service centres where cloud-native architecture, unified suite, and per-camera SaaS pricing lower IT cost across 30-500 sites.	Opaque	4.5/5 1800+ reviews	Cloud-native multi-site deployment with no on-prem server stack required; right shape...
6	Brivo Brivo Systems, LLC	Regional insurance carriers, insurance brokers, and claims-office networks needing fast multi-site cloud access at published per-door pricing; temporary CAT-response-trailer access governance after major catastrophes.	Public	4.4/5 240+ reviews	Published $13.50/door/month per Acre Security partner pricing; the most transparent...
7	Avigilon Alta Motorola Solutions (NYSE: MSI)	US insurance carriers with distributed data-centre footprints, DR sites, and corporate-real-estate offices who want cloud-native VMS + access with AI analytics and Motorola APX dispatch radio adjacency for GSOC and executive-protection coordination.	Opaque	4.3/5 150+ reviews	Cloud-native serverless architecture with no on-prem server stack; AI analytics for...
8	AMAG Symmetry AMAG Technology (G4S subsidiary, Allied Universal)	Top-30 US insurance holding companies already running AMAG Symmetry as the corporate PACS standard; carriers consolidating guard-force and PACS under a single Allied Universal parent contract at HQ scale.	Opaque	4.1/5 70+ reviews	Financial-services-heritage PACS with deep top-30 US insurance carrier install base...
9	Resolver Resolver, a Kroll Business	Insurance carriers with a Global Security Operations Centre and an expanded executive-protection program looking for a single investigations and protective-intelligence workspace tied to Kroll intelligence feeds and aligned to the ASIS Executive Protection Standard.	Opaque	4.3/5 250+ reviews	Deepest insider-threat investigations and case-management workflow of the ten...
10	Milestone XProtect Milestone Systems (Canon Inc. subsidiary)	US insurance carriers with heterogeneous multi-decade camera fleets across HQ, data centres, and 200-500 claims offices that want an open VMS preserving capex rather than a unified-suite forklift; the right pick when the access control system is already in place under Lenel S2 or AMAG Symmetry.	Partial	4.3/5 220+ reviews	Open VMS supporting 8,000+ device models preserves carrier capex on heterogeneous Axis...

Calculator

Estimate the licence cost

Drag the slider to your headcount. Estimates use each vendor's published or triangulated tiers. Opaque vendors show Contact sales.

Employees500

11.3k2.5k3.8k5k

RiskWatch

Professional (≤ 1,000 employees)

$36,000/yr

AlertEnterprise Guardian

Guardian Express (est.) (quote-only tier)

Contact sales

Genetec Security Center

Security Center SaaS (per channel) (quote-only tier)

Contact sales

Lenel S2 OnGuard

NetBox mid-market (est.) (quote-only tier)

Contact sales

Verkada

Enterprise (est.) (quote-only tier)

Contact sales

Brivo

Brivo Enterprise (est.) (quote-only tier)

Contact sales

Avigilon Alta

Enterprise multi-site (est.) (quote-only tier)

Contact sales

AMAG Symmetry

Symmetry mid-enterprise (est.) (quote-only tier)

Contact sales

Resolver

Mid-market (est.) (quote-only tier)

Contact sales

Milestone XProtect

Corporate (est.) (quote-only tier)

Contact sales

Estimates only. Opaque-pricing vendors do not publish list prices; bands are triangulated from public third-party sources dated 2026-05-15. Implementation services, module add-ons, and renewal escalators are extra.

Pick your own weights

Decision matrix

Default weights match the methodology at the bottom of this page. Drag the sliders to match your priorities and re-rank in real time.

Ease of use20%

How quickly a non-technical control owner reaches first value

Feature breadth20%

Module coverage across ERM, IT, audit, TPRM, BC

Value20%

Price to value ratio at mid-market

Customer support15%

Quality and responsiveness of vendor support

Scalability15%

Handling 5,000+ employees, multiple entities, regions

Integrations10%

Breadth of native connectors and APIs

Weights sum: 100%

1
RiskWatch
Editorial rank #1
8.82
2
Genetec Security Center
Editorial rank #3
8.65
3
AlertEnterprise Guardian
Editorial rank #2
8.46
4
Milestone XProtect
Editorial rank #10
8.34
5
Resolver
Editorial rank #9
8.13
6
Brivo
Editorial rank #6
8.10
7
Avigilon Alta
Editorial rank #7
7.96
8
Lenel S2 OnGuard
Editorial rank #4
7.95
9
Verkada
Editorial rank #5
7.88
10
AMAG Symmetry
Editorial rank #8
7.74

Switching cost

Migration matrix

Read row-to-column. Row = today's platform, column = tomorrow's. Colour reflects realistic switching effort, not vendor sales pitches.

From / To	RiskWatch	AlertEnterprise Guardian	Genetec Security Center	Lenel S2 OnGuard	Verkada	Brivo	Avigilon Alta	AMAG Symmetry	Resolver	Milestone XProtect
RiskWatch	.	M	E	H	E	E	E	H	M	M
AlertEnterprise Guardian	E	.	E	M	E	E	E	M	E	E
Genetec Security Center	E	E	.	M	E	E	E	M	E	E
Lenel S2 OnGuard	E	E	E	.	E	E	E	E	E	E
Verkada	H	H	H	H	.	E	E	H	M	M
Brivo	H	H	H	H	E	.	E	H	H	M
Avigilon Alta	H	H	M	H	E	E	.	H	M	M
AMAG Symmetry	M	M	E	E	E	E	E	.	E	E
Resolver	E	E	E	M	E	E	E	M	.	E
Milestone XProtect	M	M	E	M	E	E	E	M	E	.

Easy (E)Moderate (M)Hard (H)Source: per-vendor migration field with radar-profile fallback. Treat as a directional guide, not a quote.

Methodology

How we scored and why you should trust it

The methodology is the only thing keeping this page honest. Read it carefully and apply your own weights in the decision matrix above.

RiskWatch published this ranking. We scored each of the ten platforms on six axes weighted for the insurance carrier physical security buyer using the default playbook weights: Ease of Use including offline mobile site walks at distributed claims offices and CAT-response trailers (20%), Feature Breadth covering NAIC Model #668 Section 4 + NYDFS Part 500 §500.03(g) + GLBA Safeguards Rule 16 CFR Part 314.4(c)(1) + NAIC ORSA Section 3 business-continuity + HIPAA Security Rule physical 45 CFR 164.310 + SOX 404 PE + PCI DSS v4.0.1 §9 + ASIS Facility Physical Security Control Standards alignment (20%), Value including pricing transparency and renewal-escalator behaviour (20%), Customer Support (15%), Scalability across multi-claims-office and multi-data-centre rollups for top-30 US carriers (15%), and Integrations with VMS, PACS, identity-governance, HRIS, and crime data feeds (10%). Scores are 0-10 and calibrated within this category. Ratings reference G2 and Capterra figures pulled 2026-05-15. Pricing reflects the most-recent published or triangulated figures, also pulled 2026-05-15; where pricing is opaque we report a range based on two or more public third-party sources. We re-verify this page quarterly.

Weights used in the editorial ranking

Ease of use: 20%
Feature breadth: 20%
Value: 20%
Customer support: 15%
Scalability: 15%
Integrations: 10%

RiskWatch

RiskWatch International · Founded 1993 · Annapolis, MD, USA

NAIC + NYDFS + GLBA + ORSA + HIPAA + SOX 404 physical security assessment software with offline mobile site walks across HQ, data centre, and distributed claims offices.

Partial pricingG2 4.5 · Capterra 4.6 · 60+ reviews

Summary

RiskWatch ships a physical security risk assessment platform built around pre-mapped libraries for the NAIC Insurance Data Security Model Law (Model #668) Section 4 administrative, technical, and physical safeguards adopted in 25+ US states by 2026, NYDFS 23 NYCRR Part 500 §500.03(g) physical security and environmental controls, the GLBA Safeguards Rule 16 CFR Part 314.4(c)(1) for non-bank financial institution affiliates inside insurance groups, the NAIC Risk Management and Own Risk and Solvency Assessment Model Act (#505) Section 3 operational resilience and business continuity, the HIPAA Security Rule physical safeguards 45 CFR 164.310 for health-insurance subsidiaries, SOX 404 ICFR physical-access evidence aligned to PCAOB AS 2201 for public-holding carriers, PCI DSS v4.0.1 Requirement 9 physical access controls for premium-payment cardholder data environments, ASIS Facility Physical Security Control Standards, NIST 800-53 PE, FEMA 426 and 452, and the ASIS Executive Protection Standard published September 2025. Likelihood pulls from four crime-data feeds for HQ tower, primary and DR data-centre, and distributed claims-office siting. Customers include US insurance holding companies, regional carriers, and the multi-state claims-office networks of property-and-casualty insurers running the NAIC IT examination cycle. The product has been in the field since 1993 and is the platform in this ranking that pre-maps every requirement a US insurance carrier owes a state DOI IT examiner, an NYDFS DFS-1 reviewer, a NAIC ORSA reviewer, and a PCAOB SOX 404 lead in one tenant.

Strengths

NAIC Insurance Data Security Model Law (Model #668) Section 4 + NYDFS Part 500 §500.03(g) + GLBA Safeguards Rule 16 CFR Part 314.4(c)(1) + NAIC ORSA business-continuity + HIPAA Security Rule physical 45 CFR 164.310 + SOX 404 PE + PCI DSS v4.0.1 §9 + ASIS Facility Physical Security Control Standards + NIST 800-53 PE pre-mapped on day one in one tenant
Crime-data overlay from four independent feeds (Cap Index CRIMECAST, Security Gauge, GlobalIncidentMap, World Aware) so likelihood traces back to source and last-updated date for the state DOI IT examiner and the NYDFS DFS-1 reviewer
Browser-based mobile TVRA that works offline at HQ floors, primary and DR data-centre cages, and distributed state claims offices and CAT-response trailers, and syncs when connectivity returns; no findings lost during catastrophe-response deployments
Site Risk Cycle with ISO 31000 and NIST 800-30 semi-quantitative scoring; findings convert to tracked remediation tasks with owners and proof-of-close defensible to state DOI, NYDFS, NAIC ORSA reviewer, and PCAOB
Single-tenant deployment with customer-owned data residency for insurance holding companies with SOX 404 ICFR scope and NYDFS §500.17(h) 72-hour notice obligations
30-day free trial with no credit card and full platform access; the only TVRA-first vendor on this list offering it
Multi-site rollup dashboards at HQ floor, region, data centre, claims office, and enterprise level with year-over-year trends covering state DOI IT examination cycles, NYDFS annual certifications, NAIC ORSA filings, and PCAOB SOX 404 testing windows

Weaknesses

Not a VMS, access control system, or PIAM platform; integrates with Genetec, Lenel S2 OnGuard, AMAG Symmetry, Verkada, Avigilon Alta, Brivo, Milestone XProtect, and AlertEnterprise Guardian via APIs and bulk imports rather than deep native connectors
Brand awareness on G2 and Capterra in insurance-carrier physical security specifically is lower than Genetec or AlertEnterprise; total review volume in the insurance physical security cohort sits below 100
Public pricing is partial, quote-based and scaled by framework count and site count for the Enterprise tier; the Starter and Professional bands are published below
No native UEBA-physical detection at the Exabeam, Securonix, or Proofpoint depth; insider-threat behavioural signals ingest from third-party SIEM and UEBA rather than first-party detection
UI shows operational heritage in some assessment-builder screens; newer cloud-first entrants like Verkada and Avigilon Alta have a more polished first-run experience for non-specialist control owners

Best for

US insurance carriers, reinsurers, brokers, and insurance holding companies running NAIC Model #668 + NYDFS Part 500 + GLBA + NAIC ORSA + HIPAA + SOX 404 across HQ towers, data centres, distributed claims offices, health-plan service centres, and CAT-response trailers in one tenant.

Worst for

Single-office insurance agencies with no NAIC IT examination cycle, no NYDFS footprint, no public-holding parent, and no PCI DSS card-payment scope; Verkada or Brivo is the better fit there.

Key features

Pre-built libraries for NAIC Insurance Data Security Model Law (Model #668) Section 4, NYDFS 23 NYCRR Part 500 §500.03(g), GLBA Safeguards Rule 16 CFR Part 314.4(c)(1), NAIC ORSA Section 3 business continuity, HIPAA Security Rule physical 45 CFR 164.310, SOX 404 ICFR PE, PCI DSS v4.0.1 Requirement 9, ASIS Facility Physical Security Control Standards, NIST 800-53 PE, FEMA 426 + 452, ASIS Executive Protection Standard (Sep 2025)
Crime-data overlay from Cap Index CRIMECAST, Security Gauge, GlobalIncidentMap, World Aware for HQ, data-centre, claims-office, and CAT-response-site likelihood scoring
Browser-based mobile site walks that work offline at HQ floors, data-centre cages, claims offices, and CAT-response trailers, and sync on reconnect
Site Risk Cycle with per-HQ-floor, per-data-centre, and per-claims-office cadence, recommendation register, and proof-of-close
Multi-site rollup dashboards at HQ floor, region, data centre, claims office, and enterprise level with year-over-year trends
Examiner-ready report templates for state DOI IT examination, NYDFS DFS-1, NAIC ORSA, PCAOB SOX 404, and FTC GLBA Safeguards review
Single-tenant deployment with customer-owned data residency option for insurance holding companies
30-day free trial, no credit card, full platform access

Integrations

25+ native. Notable: Microsoft Entra ID (SAML SSO), Okta, Microsoft 365 / SharePoint, Cap Index CRIMECAST, Genetec, Lenel S2, AMAG Symmetry, Verkada, Brivo, Avigilon Alta, Milestone XProtect (API + bulk import), AlertEnterprise Guardian, Jira.

Target size

200 to 2,50,000 employees · US · Canada · UK · EU

Radar score

Pricing

Starter$99/month
Up to 250 employees
- · Up to 3 standards libraries (e.g. NAIC Model #668 + NYDFS Part 500 + ASIS)
- · Up to 10 sites (HQ floors, data centres, claims offices)
- · Mobile offline site-walk app
- · Crime data overlay (one feed)
- · Email + named CSM support
Professional$36,000/year
Up to 1,000 employees
- · All 40+ libraries incl NAIC Model #668 + NYDFS Part 500 + GLBA + ORSA + HIPAA + SOX 404 + PCI DSS v4
- · Unlimited claims offices, data centres, and HQ floors
- · All four crime data feeds
- · SSO + SAML
- · API access + custom reports
- · Phone + dedicated CSM
EnterpriseContact sales
- · Single-tenant deployment with carrier-grade data residency
- · Customer-owned data residency
- · 24/7 support
- · Solutions architect on retainer
- · State DOI + NYDFS + NAIC ORSA + SOX 404 examiner-export workflow

Watch for

· Implementation services billed separately (typical 1-time fee 15-25% of first-year licence)
· Custom framework additions outside the 40+ library scoped per request
· Cap Index CRIMECAST feed pass-through fees for large claims-office counts

Public list-price pages are coming. For now we publish typical contract bands above; the Enterprise tier is quote-only because deployment topology and carrier-grade data residency varies materially.

AlertEnterprise Guardian

AlertEnterprise, Inc. · Founded 2007 · Fremont, CA, USA

PIAM platform with deep insurance carrier PACS and HR integration for distributed claims-adjuster governance.

Opaque pricingG2 4.4 · Capterra 4.5 · 90+ reviews

Summary

AlertEnterprise Guardian is the category leader in Physical Identity and Access Management (PIAM) for insurance carriers running 30-500 distributed claims offices and health-plan service centres. The platform was named a Leader in the G2 Spring 2026 Grid Report for Physical Security (March 22 2026 announcement). Guardian sits between HR systems (Workday, Oracle HCM, UKG, SuccessFactors), identity governance platforms (SailPoint, Saviynt, Okta), and Physical Access Control Systems (Lenel S2 OnGuard, Genetec Synergis, AMAG Symmetry, Software House CCURE) enforcing access policies and tying termination status to badge revocation and Active Directory deprovisioning for the contractor-adjuster workforce that surges after major catastrophes. The platform supports SOX 404 ICFR quarterly access certification for public-holding carriers and adjusts to the NAIC IT examination cycle physical-access expectations. Strength is identity-driven physical access governance at carrier scale; weakness is that the centre of gravity is access governance and not facility-level NAIC Model #668 TVRA.

Strengths

G2 Spring 2026 Grid Leader for Physical Security category (announced March 22 2026)
Deepest PIAM integration with insurance carrier PACS estates (Lenel S2 OnGuard, AMAG Symmetry, Genetec Synergis, Software House CCURE) of any platform in this ranking
Ties Workday + Oracle HCM + UKG + SuccessFactors termination status to PACS badge revocation and Active Directory deprovisioning for the distributed claims-adjuster workforce that surges after hurricanes, wildfires, and severe-weather catastrophes
SOX 404 ICFR quarterly access-certification workflow with attestation queues for public insurance holding companies; SailPoint and Saviynt identity-governance convergence
GenAI-powered identity reconciliation across IT and PACS directories for the contractor-adjuster sprawl typical of post-catastrophe response when a carrier may onboard several thousand temporary adjusters in 7-21 days
Personal Risk Assessment workflow surfaces insider-threat behavioural signals tied to badge events for SIU (Special Investigations Unit) referrals

Weaknesses

Centre of gravity is identity and access governance, not facility-level NAIC Model #668 Section 4 TVRA; NAIC IT examination + NYDFS + NAIC ORSA site-level assessments require integration with RiskWatch or Resolver for the assessment library
Pricing is enterprise-tier and opaque; no published list, typical deals are six-figure annual contracts for top-30 US carrier customers
Implementation is consultant-heavy; expect 90-180 day deployment with PACS integration scope across HQ floors, data centres, and the claims-office network
Less crime-data-overlay capability than RiskWatch for claims-office and CAT-response-trailer likelihood scoring
Smaller G2 review volume than the larger GRC platforms; reference-customer pool is narrower outside the top US carrier segment

Best for

Top-30 US insurance carriers, reinsurers, and insurance holding companies where PIAM convergence across Workday + Active Directory + PACS is the primary risk surface for claims-adjuster onboarding and termination governance at scale.

Worst for

Mid-market regional carriers running fewer than 20 claims offices with no SOX 404 ICFR scope and no PACS estate to govern.

Key features

Physical Identity and Access Management (PIAM) for carrier PACS estates
Workday + Oracle HCM + UKG + SuccessFactors termination-status workflow tied to PACS revocation
SailPoint + Saviynt + Okta identity-governance convergence
Personal Risk Assessment with UEBA-physical badge-event anomaly signals
Claims-office visitor and contractor logbook workflow
SOX 404 ICFR access certification with quarterly attestation
GenAI identity reconciliation across IT + PACS directories
Audit-ready exports for state DOI, NYDFS, NAIC ORSA, and PCAOB

Integrations

200+ native. Notable: Lenel S2 OnGuard, AMAG Symmetry, Genetec Synergis, Software House CCURE, SailPoint, Saviynt, Workday, Oracle HCM.

Target size

1,000 to 2,50,000 employees · US · Canada · UK · EU · AU · APAC

Genetec Security Center

Genetec Inc. · Founded 1997 · Montreal, Quebec, Canada

Unified VMS + access + ALPR for insurance carrier HQ towers, data centres, and DR sites.

Partial pricingG2 4.5 · Capterra 4.4 · 220+ reviews

Summary

Genetec Security Center is the industry-standard unified platform combining the Omnicast Video Management System, Synergis access control, AutoVu Automatic Licence Plate Recognition, and intrusion in one operator workflow. The product is the default choice for HQ towers, primary data centres, and DR sites at large US property-and-casualty and life-insurance carriers. Genetec publishes Security Center SaaS pricing per channel and per door, the most transparent pricing of the VMS + access vendors in this ranking. The company remains founder-led and privately held in Montreal, which carrier procurement teams cite as a stability advantage versus PE-owned competitors.

Strengths

Industry-standard unified VMS + access + ALPR + intrusion platform with a large US property-and-casualty and life-insurance install base of the VMS players in this ranking
Published Security Center SaaS pricing per channel and per door; the most transparent pricing of the VMS + access vendors here
Synergis high-assurance access control supports SOX 404 ICFR audit-trail expectations for public-holding carriers
Founder-led independence (Montreal HQ) is a stability advantage versus PE-owned competitors in carrier procurement
Mature integration ecosystem with Lenel S2, AMAG Symmetry, AlertEnterprise Guardian, and RiskWatch for the rest of the carrier physical security stack
Federated multi-site architecture handles carriers with 200-500 claims offices and multiple data centres from one console

Weaknesses

Not a TVRA platform; NAIC Model #668 + NYDFS Part 500 + SOX 404 assessment workflows require integration with RiskWatch or Resolver for the framework library and examiner-export
Not a PIAM platform; SailPoint and Saviynt identity-governance convergence requires AlertEnterprise Guardian as the PIAM layer
Implementation is integrator-led; expect 60-120 day deployment per major site with channel-partner support
On-prem deployment still dominates at top-carrier HQ scale; cloud-native SaaS pricing is published but carrier-CIO approval for cloud video at HQ is mixed
UI carries operational heritage; newer cloud-first entrants like Verkada and Avigilon Alta feel more modern on first run for non-specialist claims-office staff

Best for

US and global insurance carriers, reinsurers, brokers, and insurance holding companies running unified VMS + access at HQ towers, primary data centres, and DR sites; the default VMS + access pick when AlertEnterprise sits above it for PIAM and RiskWatch sits above for assessment.

Worst for

Mid-market regional carriers with five or fewer claims offices that want a single cloud console without an integrator engagement; Verkada or Brivo is the better fit there.

Key features

Omnicast Video Management System
Synergis high-assurance access control
AutoVu Automatic Licence Plate Recognition for executive-parking and visitor governance
Intrusion management
KiwiVision retail and visitor analytics
Federated multi-site architecture
Mobile operator and supervisor apps for distributed claims-office operations
Open API for SIEM, ITSM, and PIAM integration

Integrations

200+ native. Notable: Lenel S2 OnGuard, AMAG Symmetry, AlertEnterprise Guardian, Microsoft Entra ID, Splunk, ServiceNow, Axis cameras, Bosch cameras.

Target size

500 to 2,50,000 employees · Global

Lenel S2 OnGuard

Honeywell International (NYSE: HON) · Founded 1991 · Pittsford, NY, USA

Enterprise PACS at insurance HQ towers and data centres under SOX 404 ICFR.

Opaque pricingG2 4.2 · Capterra 4.3 · 90+ reviews

Summary

Lenel S2 ships the OnGuard and NetBox Physical Access Control Systems used at the headquarters towers and primary data centres of large US insurance holding companies. OnGuard is the enterprise-tier PACS with deep integration into HR, Active Directory, SailPoint, Saviynt, and AlertEnterprise Guardian. NetBox covers regional carrier sites and claims-office estates at a lower price point. The platform was divested by Carrier and consolidated under Honeywell in 2024, putting Lenel S2 inside the same parent as Honeywell HVAC and fire alarm. OnGuard 8.2 supports SOX 404 ICFR physical-access logging at scale for general-ledger and reserve-system access.

Strengths

Deep PACS install base at top-30 US insurance holding companies for HQ towers and primary data centres
SOX 404 ICFR physical-access logging at scale; mature SOX 404 access-certification workflow when paired with AlertEnterprise Guardian for general-ledger and reserve-system physical-access scope at public-holding carriers
NetBox covers regional carrier sites and claims-office estates at lower price point than OnGuard
Honeywell parent ownership (post-2024 divestiture from Carrier) consolidates Lenel S2 + HVAC + fire alarm under one vendor for carriers running an all-Honeywell stack at HQ
Established integration ecosystem with Genetec, Milestone, AlertEnterprise Guardian, and AMAG Symmetry covering the rest of the carrier physical security stack
On-prem deployment supports carrier-grade SOX 404 ICFR logging and customer-owned data residency at HQ data centres

Weaknesses

Not a TVRA platform; NAIC Model #668 + NYDFS Part 500 + SOX 404 assessment workflows require integration with RiskWatch or Resolver
Implementation is integrator-led and consultant-heavy; expect 90-180 day deployment per HQ tower or data-centre cluster
Pricing is quote-only and integrator-led; no public list price
Carrier-to-Honeywell ownership transition in 2024 created some procurement uncertainty during the contract-novation period; roadmap clarity continued to emerge through 2025-2026
OnGuard UI carries operational heritage; competing cloud-native PACS (Brivo, Avigilon Alta) feel more modern on first run for distributed claims-office staff

Best for

Top-30 US insurance holding companies and public-holding carriers standardizing PACS across HQ towers and primary data centres under SOX 404 ICFR physical-access logging requirements; carriers running an all-Honeywell HQ-stack.

Worst for

Cloud-first regional carriers, insurance startups, and broker networks running fewer than 20 sites who want a cloud-native PACS without an integrator engagement; Brivo or Verkada is the better fit there.

Key features

OnGuard enterprise PACS for top-carrier HQ scale
NetBox mid-market PACS for regional carrier and claims-office estates
SOX 404 ICFR physical-access logging
Access certification (with AlertEnterprise Guardian)
Visitor management module for claims-office visitor governance
Mobile credential support
Integration with Genetec, AMAG Symmetry, AlertEnterprise Guardian
On-prem deployment for carrier-grade data residency

Integrations

100+ native. Notable: AlertEnterprise Guardian, Genetec Security Center, AMAG Symmetry, Milestone XProtect, Microsoft Entra ID, SailPoint.

Target size

500 to 2,50,000 employees · Global

Verkada

Verkada Inc. · Founded 2016 · San Mateo, CA, USA

Cloud-native unified physical security for distributed insurance claims-office and service-centre networks.

Opaque pricingG2 4.5 · Capterra 4.5 · 1800+ reviews

Summary

Verkada was founded in 2016 in San Mateo by former Cisco Meraki engineers and built a cloud-native platform spanning cameras, access control, alarms, environmental sensors, intercom, and guest management. The product crossed $1B annualized bookings across 30,000+ customers and reached a $5.8B valuation in December 2025 with CapitalG leading. Verkada carries a 4.5/5 G2 rating across 1,800+ reviews. The product is the right pick for distributed insurance claims-office networks, health-plan service centres, regional broker offices, and admin offices where the trade-off of cloud architecture against on-prem SOX 404 ICFR scrutiny falls toward cloud. The product is the wrong pick for top-carrier HQ towers and primary data centres where carrier-CIO approval for cloud video remains mixed.

Strengths

Cloud-native multi-site deployment with no on-prem server stack required; right shape for distributed claims-office networks, health-plan service centres, and admin offices
4.5/5 G2 rating across 1,800+ reviews; one of the largest review volumes in this category
Strong AI-powered video analytics, tailgating detection, and people-counting features for claims-office visitor and traffic monitoring
Unified suite across cameras, access, alarms, intercom, environmental sensors, and guest in one console
24/7 customer support praised in reviews
Continued growth signals: $5.8B Dec 2025 CapitalG round; $1B+ annualized bookings across 30,000+ customers

Weaknesses

Cloud-native serverless architecture creates SOX 404 ICFR and NAIC IT examination scrutiny at top-carrier HQ scale; not yet the default at HQ towers or primary data-centre cages
Licence costs and ongoing subscription fees flagged as expensive by multiple G2 reviewers; not the lowest-cost option for carriers at scale across 500 claims offices
Software-update access issues and lack of IP filtering for mobile access cited in 2026 reviews
Memory of the 2021 Verkada breach still cited by some carrier procurement teams during vendor-risk assessment; pre-breach and post-breach Verkada are not always given equal credit by vendor-risk teams
Not a TVRA platform; no pre-built NAIC Model #668, NYDFS Part 500, GLBA Safeguards, NAIC ORSA, HIPAA Security, SOX 404, or PCI DSS v4 assessment libraries

Best for

Regional carriers, insurance brokers, distributed claims-office networks, and health-plan service centres where cloud-native architecture, unified suite, and per-camera SaaS pricing lower IT cost across 30-500 sites.

Worst for

Top-30 US insurance carriers' HQ towers and primary data-centre cages where SOX 404 ICFR and NAIC IT examination scrutiny requires on-prem video and access control.

Key features

Cloud-native unified VMS
Access control with badge, mobile, and Bluetooth credentials
Alarms and environmental sensors
Intercom and guest management for claims-office visitor governance
AI-powered video analytics including tailgating and people-counting
Multi-site federated dashboards for 200-500 claims-office rollups
Mobile operator app
Open API for SIEM and ITSM integration

Integrations

30+ native. Notable: Microsoft Entra ID, Okta, Google Workspace, Splunk, ServiceNow, Slack.

Target size

50 to 50,000 employees · US · Canada · UK · EU · AU

Brivo

Brivo Systems, LLC · Founded 1999 · Bethesda, MD, USA

Cloud access control with published per-door pricing for claims-office networks and CAT-response trailer deployments.

Public pricingG2 4.4 · Capterra 4.4 · 240+ reviews

Summary

Brivo was founded in 1999 and shipped the first cloud-managed access control platform in 2002; the company went public via SPAC merger in 2022. Brivo publishes $13.50/door/month pricing through partner channels including Acre Security, which makes it the most price-transparent access-control vendor in this ranking. The platform fits claims-office network site-adds at velocity, temporary catastrophe-response trailer deployments after hurricanes, wildfires, and severe convective storms, and multi-site rollups for regional carriers. Brivo holds SOC 2 Type II, ISO/IEC 27001:2022, and GDPR certifications and pairs with Eagle Eye Networks for claims-office video retention. Strength is cloud access at price-transparent door-month rates; weakness is that Brivo is not a VMS, not a PIAM, and not a TVRA platform.

Strengths

Published $13.50/door/month per Acre Security partner pricing; the most transparent access-control pricing in this ranking
Fastest multi-site rollout in this category for claims-office network site-adds and CAT-response-trailer deployments after major catastrophes (hurricanes, wildfires, severe convective storms)
SOC 2 Type II + ISO/IEC 27001:2022 + GDPR certifications support state DOI vendor-due-diligence review
Eagle Eye Networks video pair covers claims-office evidence retention without an integrator engagement
Cloud-first architecture eliminates per-site server stack at regional carrier and claims-office scale
Brivo Onair management console scales to 50,000+ doors across 100+ countries per vendor reference

Weaknesses

Not a VMS; claims-office video requires Eagle Eye Networks or third-party integration
Not a PIAM platform; no Workday or Oracle HCM termination-status integration depth at AlertEnterprise Guardian level
Not a TVRA platform; no NAIC Model #668, NYDFS Part 500, GLBA, NAIC ORSA, HIPAA Security, SOX 404, or PCI DSS v4 assessment libraries
SPAC-merger origin and subsequent take-private speculation through 2025 add some procurement uncertainty for carrier vendor-risk teams
Less brand recognition in top-30 US insurance carrier physical security than Lenel S2 OnGuard or AMAG Symmetry; reference base skews to commercial real estate and regional carriers

Best for

Regional insurance carriers, insurance brokers, and claims-office networks needing fast multi-site cloud access at published per-door pricing; temporary CAT-response-trailer access governance after major catastrophes.

Worst for

Top-30 US insurance carrier HQ towers and primary data-centre cages where SOX 404 ICFR and NAIC IT examinations require on-prem access control with deep PIAM convergence.

Key features

Cloud-native access control (Brivo Onair)
Published $13.50/door/month pricing through Acre Security
Mobile credentials including iOS and Android
Eagle Eye Networks video pair
Multi-site federated management for claims-office network rollups
SOC 2 Type II + ISO/IEC 27001:2022 + GDPR certified
Open API for SIEM and ITSM
Visitor management module

Integrations

50+ native. Notable: Eagle Eye Networks, Microsoft Entra ID, Okta, Google Workspace, Slack, Acre Security.

Target size

20 to 25,000 employees · Global

Avigilon Alta

Motorola Solutions (NYSE: MSI) · Founded 2004 · Vancouver, British Columbia, Canada

Cloud-native VMS + access at data-centre cages and DR sites with AI analytics and Motorola APX dispatch integration.

Opaque pricingG2 4.3 · Capterra 4.4 · 150+ reviews

Summary

Avigilon Alta is the Motorola Solutions cloud-native suite combining the former Openpath access control acquired July 2021 and Ava Security video acquired May 2022 onto a serverless architecture under the Alta brand consolidated in 2023. The platform handles cloud-native VMS + access at data-centre cages and DR sites with AI analytics including unattended-bag and tailgating detection. Motorola APX P25 dispatch radio integration ties Alta to the carrier's Global Security Operations Centre comms layer for HQ and executive-protection coordination. ISC West 2026 launched the Avigilon Intercom Touch and a GenAI roadmap. Strength is cloud-native architecture plus Motorola adjacency; weakness is brand-consolidation churn from three acquisitions over five years that buyers still report.

Strengths

Cloud-native serverless architecture with no on-prem server stack; AI analytics for data-centre cage tailgating + unattended-bag detection
Motorola Solutions parent (NYSE: MSI) provides APX P25 dispatch radio integration for carrier GSOC + guard-force comms and executive-protection coordination
ISC West 2026 GenAI roadmap including the Avigilon Intercom Touch and new AI search across cameras and access events
Mature integration with Splunk, ServiceNow, and AlertEnterprise Guardian for the wider carrier physical security stack
Multi-site federated management without per-site server cost suits insurance holding companies with distributed data-centre footprints and DR sites
End-to-end encryption and audit-trail rigor align to NAIC IT examination expectations

Weaknesses

Brand-consolidation churn from Avigilon + Openpath + Ava into Alta over 2022-2023 still cited by some carrier procurement teams; product roadmap clarification ongoing in 2026
Less top-carrier HQ-tower reference base than Genetec or Lenel S2; sweet spot remains data centres, DR sites, and corporate-real-estate sites
Not a TVRA platform; NAIC Model #668 + NYDFS Part 500 + SOX 404 assessment workflows require RiskWatch or Resolver
Not a PIAM platform; SailPoint and Saviynt convergence requires AlertEnterprise Guardian
Cloud-native architecture creates SOX 404 ICFR scrutiny at top-carrier HQ scale; carrier-CIO approval for cloud video at HQ remains mixed

Best for

US insurance carriers with distributed data-centre footprints, DR sites, and corporate-real-estate offices who want cloud-native VMS + access with AI analytics and Motorola APX dispatch radio adjacency for GSOC and executive-protection coordination.

Worst for

Top-30 US insurance carrier HQ towers with on-prem video and access requirements; insurance holding companies that already standardized on Genetec or Lenel S2 OnGuard at HQ.

Key features

Cloud-native serverless VMS (Ava Aware heritage)
Openpath cloud access control with mobile credentials
AI-powered video analytics (Ava Security heritage)
End-to-end encryption
Multi-site management from one browser console
Avigilon Intercom Touch (ISC West 2026)
Open API for SIEM and ITSM integration
Motorola Solutions ecosystem integration (APX P25 + CommandCentral CAD) for GSOC and executive-protection coordination

Integrations

40+ native. Notable: Microsoft Entra ID, Okta, Google Workspace, Splunk, ServiceNow, Motorola Solutions APX radios, AlertEnterprise Guardian.

Target size

100 to 1,00,000 employees · US · Canada · UK · EU · AU

AMAG Symmetry

AMAG Technology (G4S subsidiary, Allied Universal) · Founded 1969 · Torrance, CA, USA

Financial-services-heritage PACS with insurance carrier reference base and CONNECT identity portal.

Opaque pricingG2 4.1 · Capterra 4.2 · 70+ reviews

Summary

AMAG Symmetry is the second of the two PACS estates US insurance holding companies most commonly run alongside Lenel S2 OnGuard. The platform is the access-control core for a meaningful share of top-30 US carriers and is common at several global insurance groups. Symmetry CONNECT adds an identity-management portal for claims contractor and visitor governance; the CompleteView VMS integration covers carrier video estates. AMAG sits inside G4S, which Allied Universal acquired in April 2021; the parent ownership provides carrier-grade managed-service options for guard-force convergence. Strength is financial-services heritage and SOX 404 audit-trail customisation; weakness is roadmap velocity versus Genetec and AlertEnterprise.

Strengths

Financial-services-heritage PACS with deep top-30 US insurance carrier install base alongside Lenel S2 OnGuard
Symmetry CONNECT identity-management portal for claims contractor and visitor governance with deep audit-trail customisation for SOX 404 ICFR and NAIC IT examiner review
G4S + Allied Universal parent ownership provides carrier-grade managed-service options for guard-force convergence (AlliedUniversal NXT) at HQ towers
Symmetry Business Intelligence module for executive dashboards and state DOI examiner-ready reporting
Mature integration ecosystem with Genetec, Milestone, AlertEnterprise Guardian, and RiskWatch
On-prem deployment supports carrier-grade SOX 404 ICFR logging and customer-owned data residency at HQ data centres

Weaknesses

Roadmap velocity has trailed Genetec, Verkada, and AlertEnterprise Guardian in recent G2 reviewer commentary
Pricing is quote-only and integrator-led; no public list price
Less first-party VMS strength than Genetec; CompleteView integration covers video but Symmetry buyers commonly pair with Genetec or Milestone instead
UI carries deeper operational heritage than Symmetry's PACS competitors; younger carrier security teams report a steeper learning curve
G4S + Allied Universal parent ownership concentrates the relationship across PACS + guard-force; not every carrier wants single-vendor risk concentration
Smaller G2 review volume than Genetec, Verkada, Brivo; reference-customer pool skews to legacy carrier install base

Best for

Top-30 US insurance holding companies already running AMAG Symmetry as the corporate PACS standard; carriers consolidating guard-force and PACS under a single Allied Universal parent contract at HQ scale.

Worst for

Cloud-first regional carriers, insurance startups, and broker networks running fewer than 20 sites who want a cloud-native PACS; Brivo or Verkada is the better fit there.

Key features

Symmetry enterprise PACS
Symmetry CONNECT identity-management portal
Symmetry Business Intelligence dashboards
Visitor management module
Mobile credential support
CompleteView VMS integration
Integration with Genetec, Milestone, AlertEnterprise Guardian
On-prem deployment for carrier-grade data residency

Integrations

80+ native. Notable: AlertEnterprise Guardian, Genetec Security Center, Milestone XProtect, Lenel S2 OnGuard (co-existence), Microsoft Entra ID, SailPoint.

Target size

500 to 2,50,000 employees · Global

Resolver

Resolver, a Kroll Business · Founded 2000 · Toronto, Ontario, Canada

Investigations + executive-protection workspace for carrier Global Security Operations Centres after the December 2024 UnitedHealthcare CEO incident.

Opaque pricingG2 4.3 · Capterra 4.3 · 250+ reviews

Summary

Resolver was founded in 2000 in Toronto and was acquired by Kroll in March 2022. The platform sits at the intersection of operational risk, physical security, incident management, and investigations, which makes it the natural pick when a carrier's physical security program is owned by the Global Security Operations Centre and the executive-protection workspace tied to Kroll global intelligence sits on top of investigations rather than a TVRA library. Resolver was a 2025 G2 Best Software Awards honoree in the GRC category. After the December 2024 UnitedHealthcare CEO incident the executive-protection module saw expanded adoption at S&P 500 insurance carriers; the ASIS Executive Protection Standard published September 2025 formalised the workflow Resolver supports. Strengths are insider-threat investigations workflow, executive-protection / principal-protection case management for the C-suite, and Kroll global-intelligence-feed integration; the platform is the right pick when the carrier's primary brief is investigations and protective intelligence rather than NAIC IT examination TVRA.

Strengths

Deepest insider-threat investigations and case-management workflow of the ten platforms here; heritage from corporate-security customers across insurance, financial services, and life sciences
Executive-protection / principal-protection module aligned to the ASIS Executive Protection Standard published September 2025 with travel-risk, residence, and vehicle controls for C-suite and named executive officers expanded after the December 2024 UnitedHealthcare CEO incident
Kroll subsidiary (March 2022 acquisition) unlocks Kroll global-intelligence feeds and investigations support that standalone vendors cannot match
G2 Best Software Awards 2025 GRC honoree; 4.3/5 across 250+ third-party reviews
Mature compliance and audit modules that map well to ISO 31000 ERM for carrier Operational Risk Committees and NAIC ORSA Section 3 business continuity
Strong threat-assessment workflow supporting SIU (Special Investigations Unit) referrals tied to claims fraud and insider threat

Weaknesses

Pricing is opaque; SelectHub reviewers report enterprise-tier deals; no public mid-market entry tier
Setup and configuration is heavy; G2 reviews flag implementation effort as the most-cited downside
UX has not had a generational rewrite; cloud-first competitors with newer interfaces feel more modern out of the box
Not a VMS, PACS, or PIAM platform; sits above those layers as the investigations and case-management workspace
Less framework-library breadth than RiskWatch for NAIC Model #668, NYDFS Part 500, GLBA, NAIC ORSA, HIPAA, SOX 404, and PCI DSS v4 pre-mapped controls; Resolver is investigations-shaped, not TVRA-shaped

Best for

Insurance carriers with a Global Security Operations Centre and an expanded executive-protection program looking for a single investigations and protective-intelligence workspace tied to Kroll intelligence feeds and aligned to the ASIS Executive Protection Standard.

Worst for

Carriers whose primary need is state DOI IT examination + NAIC ORSA + SOX 404 ICFR TVRA library coverage rather than investigations; RiskWatch is the better fit for that brief.

Key features

Insider-threat investigations and case management
Executive-protection / principal-protection workflow aligned to the ASIS Executive Protection Standard (Sep 2025) with travel + residence + vehicle controls
Investigations workflow with chain-of-custody
Operational risk register and KRIs
Internal audit planning and fieldwork
Compliance management aligned to ISO 31000 and COSO ERM for NAIC ORSA Section 3
Kroll global-intelligence and threat-feed integration
Configurable dashboards and reporting

Integrations

40+ native. Notable: Microsoft Entra ID, Okta, ServiceNow, Splunk, Jira, Salesforce, Kroll intelligence feeds.

Target size

1,000 to 2,50,000 employees · US · Canada · UK · EU · AU

#10

Milestone XProtect

Milestone Systems (Canon Inc. subsidiary) · Founded 1998 · Brøndby, Denmark

Open VMS for heterogeneous insurance carrier camera fleets across HQ, data centres, and 200-500 claims offices.

Partial pricingG2 4.3 · Capterra 4.4 · 220+ reviews

Summary

Milestone XProtect is the open-platform Video Management System acquired by Canon in 2014. The product supports 8,000+ camera and device models, which preserves carrier capex on heterogeneous Axis + Bosch + Hanwha + Pelco + Sony camera fleets assembled over many years of HQ and claims-office procurement. XProtect 2026 R1 added long-term cloud video storage, scheduled reporting, and a WebSocket PTZ API. A free Essential+ tier covers small admin offices and CAT-response-trailer pilots up to 8 cameras. The product is the right pick when the carrier needs an open VMS that survives a multi-decade claims-office camera fleet and pairs with a separate access control system rather than a unified suite.

Strengths

Open VMS supporting 8,000+ device models preserves carrier capex on heterogeneous Axis + Bosch + Hanwha + Pelco + Sony camera fleets across HQ + claims offices accumulated over many years of procurement
XProtect 2026 R1 added long-term cloud video storage, scheduled reporting, and WebSocket PTZ API which align to NAIC IT examination evidence-retention expectations
Free Essential+ tier covers small admin offices and CAT-response-trailer pilots up to 8 cameras without licence cost
Canon Inc. parent ownership (NYSE: CAJ ADR) provides public-company stability for carrier vendor-risk review versus PE-owned competitors
Mature integration ecosystem with Lenel S2 OnGuard, AMAG Symmetry, AlertEnterprise Guardian, and AxxonSoft for the wider carrier physical security stack
Federated multi-site architecture handles carriers with 200-500 claims offices and multiple data centres from one console

Weaknesses

Not a unified suite; access control, alarms, and intercom require pairing with Lenel S2 / AMAG / Brivo / Verkada and an additional VMS-PACS integration project
Not a TVRA platform; NAIC Model #668, NYDFS Part 500, GLBA, NAIC ORSA, HIPAA Security, SOX 404, and PCI DSS v4 require RiskWatch or Resolver
Not a PIAM platform; identity governance requires AlertEnterprise Guardian
Open-platform architecture means integrator-led deployment; expect 60-120 day deployment per major site with channel-partner support
Brand awareness in US insurance carrier physical security specifically is lower than Genetec or Verkada; reference base skews to European industrial and city-surveillance

Best for

US insurance carriers with heterogeneous multi-decade camera fleets across HQ, data centres, and 200-500 claims offices that want an open VMS preserving capex rather than a unified-suite forklift; the right pick when the access control system is already in place under Lenel S2 or AMAG Symmetry.

Worst for

Carriers that want one console covering cameras + access + alarms + intercom + sensors + guest; Verkada or Genetec is the better unified-suite fit there.

Key features

Open VMS supporting 8,000+ device models
Federated multi-site architecture for HQ + claims-office rollups
XProtect 2026 R1 long-term cloud video storage and scheduled reporting
WebSocket PTZ API
Active Directory integration
Free Essential+ tier for small offices and CAT-response-trailer pilots
Mobile operator and supervisor apps
Open API for SIEM, ITSM, PACS, and PIAM integration

Integrations

100+ native. Notable: Lenel S2 OnGuard, AMAG Symmetry, AlertEnterprise Guardian, Microsoft Entra ID, Axis cameras, Bosch cameras, Hanwha cameras.

Target size

50 to 2,50,000 employees · Global

Step by step

Buying guide

Walk these steps in order. The shortlist falls out of step 1, the negotiation moves come together in step 6, and step 8 closes the deal.

Name your primary use case in one sentence

Before you shortlist, write down the one job you must solve. Examples: pass a state DOI IT examination on the NAIC Insurance Data Security Model Law Section 4 physical safeguards across the HQ tower and 200 claims offices on the supervisory cycle; close the NYDFS 23 NYCRR Part 500 §500.03(g) gap before the next DFS-1 review; stand up a PCAOB-ready SOX 404 ICFR physical-access certification across the HQ tower and primary data centre; modernize PIAM across Workday + Active Directory + Lenel S2 at the insurance holding company; build the executive-protection program for the CEO and named executive officers after the December 2024 UnitedHealthcare CEO incident; assess HIPAA Security Rule physical safeguards at the health-insurance subsidiary's claims-adjudication centres. The shortlist falls out of the answer.

Match shortlist to site count and regulatory footprint

Filter the ten platforms here by site count and regulatory footprint. Under 5 claims offices with a $25K assessment budget and no SOX 404 ICFR scope rules out everything except RiskWatch Starter, Verkada per-camera, and Brivo per-door. Over 200 claims offices plus an HQ tower plus two data centres with NAIC + NYDFS + GLBA + ORSA + HIPAA + SOX 404 + PCI DSS v4 exposure and a $1M+ stack budget filters back in RiskWatch Enterprise, AlertEnterprise Guardian Enterprise, Genetec Security Center, Lenel S2 OnGuard, AMAG Symmetry, and Resolver Enterprise. Verkada, Brivo, and Avigilon Alta belong on the claims-office and data-centre cloud shortlist; not the top-carrier HQ shortlist on their own.

Verify pre-built NAIC + NYDFS + GLBA + ORSA + HIPAA + SOX 404 + PCI DSS v4 libraries before the demo

If your program runs against the NAIC Insurance Data Security Model Law Section 4, NYDFS 23 NYCRR Part 500 §500.03(g), the GLBA Safeguards Rule, the NAIC ORSA Section 3 operational resilience, the HIPAA Security Rule physical safeguards 45 CFR 164.310, SOX 404 ICFR, or PCI DSS v4.0.1 Requirement 9, ask each vendor to show you the library on screen during the demo. Pre-built means pre-mapped controls and pre-scored question banks. Vendors who promise to build it for you after signing are charging you for a configuration project that should already be done. RiskWatch is the platform in this ranking that ships all of these libraries on day one.

Pressure-test the examiner-export workflow

State DOI IT examinations, NYDFS DFS-1 reviews, NAIC ORSA filings, PCAOB SOX 404 testing, and FTC GLBA Safeguards reviews all require evidence packs the carrier can hand to the regulator. Ask each vendor: can your assessment and supporting evidence be exported to an examiner or auditor outside our tenant without exposing other site data? Can the examiner add findings into the tenant without becoming a licensed user? RiskWatch supports this workflow inside the Enterprise tier. AlertEnterprise Guardian and Resolver support audit-ready exports inside their respective workspaces.

Pressure-test the VMS, PACS, and PIAM integration depth

A SOX 404 ICFR finding or an NYDFS Part 500 examiner question is going to require evidence from your VMS (Genetec, Verkada, Avigilon Alta, Milestone), your PACS (Lenel S2 OnGuard, AMAG Symmetry, Brivo), and your PIAM (AlertEnterprise Guardian). Ask each assessment vendor for the integration depth with each. Bulk import is acceptable; deep API integration is better. The carrier that bakes integration depth into the procurement scope avoids a Year-2 evidence-collection workload that breaks the state DOI examiner timeline.

Insist on a working pilot at one HQ floor and one claims office plus one CAT-response scenario

Demos are choreographed. Working pilots are not. Ask each finalist for a 30-day pilot at one HQ floor and one claims office: one NAIC Model #668 Section 4 assessment cycle, one mobile site walk in offline mode at a remote claims office or a temporary CAT-response trailer, one SOX 404 ICFR access-certification round, one PACS evidence ingest. The platform that handles your real-site data without three weeks of professional services is the one that will scale across the state DOI supervisory cycle. RiskWatch publishes a 30-day no-card trial; other vendors require a structured POC.

Pressure-test data residency, vendor-risk diligence, and exit clause

Carrier physical security data includes HQ camera coverage maps, data-centre cage reader configurations, executive-protection itineraries, claims-office staffing patterns, and findings registers that are confidential and supervisory-sensitive. Ask each vendor: where does my data live, who can access it, what happens to it if I leave? RiskWatch supports single-tenant deployment with customer-owned data residency. Verkada and Avigilon Alta are cloud-only and require SOC 2 Type II + ISO 27001 + the carrier's vendor-due-diligence package per the NAIC Insurance Data Security Model Law Section 4(F) third-party service provider expectations. Get the exit clause in writing.

Run the decision matrix with your own weights

The default methodology weights on this page (20% Ease, 20% Features, 20% Value, 15% Support, 15% Scalability, 10% Integrations) reflect a generic mid-market carrier physical security buyer. Your weights may differ if you are leading with PIAM and claims-adjuster onboarding governance (AlertEnterprise wins on Features + Integrations), with claims-office cloud (Verkada wins on Ease and Brivo wins on Value), with HQ-tower PACS depth (Lenel S2 OnGuard wins on Scalability + Features), with heterogeneous-camera-fleet VMS (Milestone XProtect wins on Value + Integrations), or with investigations and executive protection (Resolver wins on Features). Use the decision-matrix slider on this page to re-rank with your weights before you book the demos. If a different platform wins your weighting honestly, that is the right pick for your program.

Frequently asked

Buyer questions, answered

The eight questions our pre-sales team hears the most often when buyers compare this category.

What is physical security software for insurance carriers and how is it different from generic physical security software?

Physical security software for insurance carriers is the subset of the category that maps to the NAIC Insurance Data Security Model Law (Model #668) Section 4 administrative, technical, and physical safeguards adopted in 25+ US states by 2026, NYDFS 23 NYCRR Part 500 §500.03(g) physical security and environmental controls applied to insurance covered entities, the GLBA Safeguards Rule 16 CFR Part 314.4(c)(1) physical-access controls for non-bank financial institutions inside insurance groups, the NAIC Risk Management and Own Risk and Solvency Assessment Model Act (#505) Section 3 operational resilience and business continuity, the HIPAA Security Rule physical safeguards 45 CFR 164.310 for health-insurance subsidiaries, SOX Section 404 ICFR physical-access controls for public insurance holding companies under PCAOB AS 2201, and PCI DSS v4.0.1 Requirement 9 for premium-payment cardholder data environments. Generic physical security software (Verkada, Genetec, Brivo) covers cameras, doors, and analytics but does not pre-map the NAIC, NYDFS, GLBA, NAIC ORSA, HIPAA, SOX 404, or PCI DSS v4 libraries; insurance-specific software (RiskWatch, AlertEnterprise Guardian, Resolver) starts from those libraries and integrates with the VMS and PACS as supporting evidence.

Which platforms cover the NAIC Insurance Data Security Model Law (Model #668) Section 4 physical safeguards?

RiskWatch ships the NAIC Insurance Data Security Model Law Section 4 physical safeguards as a pre-built library alongside NYDFS Part 500 §500.03(g), GLBA Safeguards Rule, NAIC ORSA Section 3, HIPAA Security Rule physical, SOX 404 ICFR PE, and PCI DSS v4.0.1 Requirement 9. Resolver handles incident, investigations, and audit workflows mapped to ISO 31000 and COSO ERM but does not ship a pre-built NAIC Model #668 library. AlertEnterprise Guardian covers the PIAM and access-governance layer with NAIC-aligned audit trails but is not a TVRA platform. Genetec, Lenel S2 OnGuard, AMAG Symmetry, Verkada, Brivo, Avigilon Alta, and Milestone XProtect are VMS or PACS products that produce the evidence the state DOI IT examiner reviews; they are not assessment platforms.

How does the executive-protection program change for insurance carriers after the December 2024 UnitedHealthcare CEO incident?

Executive-protection and principal-protection programs at US public insurance carriers expanded materially after the December 2024 UnitedHealthcare CEO incident, with S&P 500 insurance carriers adding residence, vehicle, and travel-risk controls for the CEO and named executive officers inside the SEC Item 402(a)(7)(ii) disclosure threshold; UnitedHealth Group disclosed $1.7M in executive security in its 2024 proxy filing months after the incident, well above prior-year levels. The ASIS International Executive Protection Standard published September 2025 formally recognises protective intelligence as part of the program. Resolver is the platform in this ranking with the deepest executive-protection / principal-protection case-management workflow aligned to that standard, with Kroll global-intelligence-feed integration. AlertEnterprise Guardian covers the PIAM and badge-event signal layer for the executive's office and residence-adjacent staff. RiskWatch ships an ASIS-aligned assessment library that pre-maps the residence, vehicle, and travel-risk control set.

How should a carrier handle physical security across 200-500 distributed claims offices and health-plan service centres?

Top-30 US carriers typically run a 4-or-5-vendor stack across distributed claims offices: (1) one assessment and multi-framework GRC platform (RiskWatch) covering NAIC Model #668 + NYDFS Part 500 + GLBA + NAIC ORSA + HIPAA + SOX 404 + PCI DSS v4 in one tenant with offline mobile site walks at each claims office, (2) one PIAM platform (AlertEnterprise Guardian) tying Workday + Oracle HCM termination status to PACS badge revocation and Active Directory deprovisioning for the claims-adjuster workforce that surges after catastrophes, (3) one cloud-native VMS + access platform (Verkada or Brivo + Eagle Eye Networks) for the claims-office network where per-site server stack is uneconomic, (4) one open VMS (Milestone XProtect) preserving heterogeneous camera-fleet capex at offices accumulated over decades, and (5) one investigations + executive-protection workspace (Resolver) tied to the Global Security Operations Centre. Mid-market regional carriers commonly run a 3-vendor stack of RiskWatch + Verkada or Brivo + Resolver.

How does NAIC ORSA business continuity affect what physical security software needs to cover?

The NAIC Risk Management and Own Risk and Solvency Assessment Model Act (#505) adopted by 49 US states + DC + Puerto Rico requires insurance carriers and groups above the ORSA threshold to file an annual ORSA Summary Report covering operational resilience, business continuity, and stress scenarios. Section 3 of the ORSA Guidance Manual specifically calls out operational-risk controls including physical safeguards. For physical security software this means the program now has to cover not just the HQ tower and the primary data centre but also the DR site, claims-office continuity during regional catastrophes, and the temporary CAT-response-trailer deployments that follow hurricanes, wildfires, and severe convective storms. RiskWatch pre-maps NAIC ORSA Section 3 alongside the NAIC Insurance Data Security Model Law and SOX 404 in one tenant; most other vendors in this ranking are not assessment platforms and rely on the carrier to track ORSA evidence in a separate GRC tool.

How does SOX Section 404 affect physical access controls at a public insurance holding company?

SOX Section 404 requires the management assertion and the external-auditor attestation on Internal Control over Financial Reporting. PCAOB AS 2201 requires the external auditor to test the controls that reasonably support the financial-reporting assertion, including physical-access controls to systems that produce, transmit, or store financial-reporting data. For a public insurance holding company this means HQ tower access, primary data-centre cage access, and DR-site access for general-ledger, reserve-system, and reinsurance-accounting systems are all in SOX 404 scope. Lenel S2 OnGuard and AMAG Symmetry are the two PACS estates most commonly tested under SOX 404 at top-30 US carriers. RiskWatch ships a SOX 404 PE library so the carrier can document, evidence, and roll up physical-access control effectiveness to PCAOB-ready outputs.

How much should I budget for insurance carrier physical security software in 2026?

Entry pricing ranges from $162/door/year ($13.50/door/month Brivo per Acre Security) and ~$600/channel/year (Verkada per-camera SaaS; Genetec Security Center SaaS) to six-figure annual contracts (AlertEnterprise Guardian Enterprise, Lenel S2 OnGuard at top-30 carrier scale, AMAG Symmetry at global insurance groups). For a mid-market regional carrier (20-80 claims offices, 3 frameworks like NAIC Model #668 + NYDFS Part 500 + SOX 404) expect $25K-$60K/yr on assessment licence (RiskWatch Professional) plus $40K-$120K/yr on cloud access (Brivo at 200-800 doors) plus $40K-$150K/yr on VMS (Verkada or Milestone XProtect at 400-1,500 cameras) plus integrator deployment. For top-30 US carrier programs (HQ tower + 200-500 claims offices + 2-3 data centres + NAIC + NYDFS + GLBA + ORSA + HIPAA + SOX 404 + PCI DSS v4 + executive protection) expect $1M-$3M/yr across the stack. Always model 3-year TCO and ask for the renewal-escalator cap in writing.

Does RiskWatch replace my Genetec, Lenel S2, AMAG Symmetry, or AlertEnterprise system?

No. RiskWatch is the assessment, scoring, reporting, and audit-trail layer that sits above the carrier's physical security operation. Genetec, Lenel S2 OnGuard, and AMAG Symmetry handle real-time video and access control; AlertEnterprise Guardian handles PIAM tying Workday + Oracle HCM + Active Directory to PACS; Resolver handles investigations and executive protection; RiskWatch tells the carrier which controls are present, which are weak, which have been remediated, and how the HQ + data-centre + DR-site + claims-office portfolio rolls up to the state DOI IT examiner, the NYDFS DFS-1 reviewer, the NAIC ORSA reviewer, the PCAOB SOX 404 lead, and the carrier's Operational Risk Committee year over year. RiskWatch integrates with VMS, PACS, and PIAM systems via API and bulk import for evidence ingestion.

Definitions

Glossary

Definitions for the acronyms and jargon used on this page. Useful for sharing with non-specialist stakeholders on the buying committee.

NAIC Insurance Data Security Model Law (Model #668): The NAIC model law adopted in 25+ US states by 2026 requiring insurance licensees to maintain an information security program with administrative, technical, and physical safeguards (Section 4). State DOI IT examinations routinely test the physical-safeguards portion alongside the technical and administrative controls.
NAIC ORSA (Model #505): Own Risk and Solvency Assessment under the NAIC Risk Management and Own Risk and Solvency Assessment Model Act, adopted by 49 US states + DC + Puerto Rico. Section 3 of the ORSA Guidance Manual covers operational resilience and business continuity including physical safeguards at HQ, data centres, and claims offices.
NYDFS 23 NYCRR Part 500 §500.03(g): New York Department of Financial Services Cybersecurity Regulation Part 500 applied to insurance covered entities. §500.03(g) requires covered entities to address physical security and environmental controls inside the cybersecurity program. The second amendment (effective progressively through 2024 and 2026) added §500.17(h) 72-hour notice and §500.19 covered-entity rebuttable presumption updates.
GLBA Safeguards Rule 16 CFR Part 314.4(c)(1): Federal Trade Commission Safeguards Rule under the Gramm-Leach-Bliley Act. 16 CFR Part 314.4(c)(1) requires physical-access controls to customer information at non-bank financial institutions under FTC jurisdiction, which includes premium-finance subsidiaries, mortgage-insurance affiliates, and certain broker-dealer affiliates inside insurance groups.
HIPAA Security Rule physical safeguards 45 CFR 164.310: Health Insurance Portability and Accountability Act Security Rule physical safeguards at 45 CFR §164.310 covering facility-access controls, workstation use, workstation security, and device and media controls for health-insurance carriers and the health-insurance subsidiaries of multiline groups handling protected health information.
PIAM: Physical Identity and Access Management. The category that governs who can badge into which carrier facility, integrating HR (Workday, Oracle HCM, UKG, SuccessFactors), Active Directory, identity-governance (SailPoint, Saviynt), and PACS (Lenel S2 OnGuard, AMAG Symmetry, Genetec Synergis). AlertEnterprise Guardian is the category leader in this ranking.
Executive Protection Standard (ASIS, September 2025): ASIS International Executive Protection Standard published September 2025 formalising the executive-protection workflow including protective intelligence, advance work, residence, vehicle, and travel-risk controls. Adoption accelerated at S&P 500 insurance carriers after the December 2024 UnitedHealthcare CEO incident.

Final word

So which one should you pick?

If you read this page top to bottom and one platform stood out, that is your answer. Most insurance carrier physical security programs in 2026 end up with a stack, not a single vendor: one assessment and multi-framework GRC platform (RiskWatch) covering NAIC Model #668 Section 4 + NYDFS Part 500 §500.03(g) + GLBA Safeguards + NAIC ORSA Section 3 + HIPAA Security physical + SOX 404 PE + PCI DSS v4 §9, one PIAM platform (AlertEnterprise Guardian) tying Workday and Active Directory to PACS for claims-adjuster onboarding and termination governance, one unified VMS and access console for HQ and primary data centre (Genetec or Lenel S2 OnGuard paired with Milestone XProtect at sites with heterogeneous camera fleets), one cloud layer for the claims-office network and CAT-response-trailer deployments (Verkada or Brivo), and one investigations and executive-protection workspace (Resolver) tied to the Global Security Operations Centre after the December 2024 UnitedHealthcare CEO incident. The methodology is on this page so you can disagree with our rank and arrive at a different first pick honestly.

The one thing every carrier buyer should do, regardless of which vendor wins your bake-off, is to insist on a 30-day working pilot at one HQ floor, one claims office, and one simulated CAT-response trailer, a renewal-escalator cap in writing, a documented exit clause covering carrier-grade data export and retention after termination, and an examiner-export path that survives a state DOI IT examiner, an NYDFS DFS-1 reviewer, a NAIC ORSA reviewer, and a PCAOB SOX 404 lead. The carriers we see lose three-year deals always lose them on those four terms, not on feature coverage.

If you would like the RiskWatch demo for the NAIC + NYDFS + GLBA + ORSA + HIPAA + SOX 404 + PCI DSS v4 coverage, sign up at riskwatch.com/request-a-demo. If you would like a no-strings second-opinion on one of the other nine, email sales@riskwatch.com with the vendor name in the subject line and we will share what we know.