IT Professional

The SurSITE^® system is based on flexible .NET technology and has a strong object-oriented design. This allows the system to rapidly be extended with new calculation methods, customization of existing methods, and in general, extend and customize its Contract Management Server and technical accounting support to accommodate very specific business needs.

A table-driven approach manages reinsurance transaction types (e.g., Ceded Premium, Claim reserves, Loss Payment, etc.) and their associated definitions, both for premiums and claims workflow: thus, new transaction types required by a company do not require additional coding. Features initially not used can be activated to meet the client's changing business.

The Technical Accounting Management Server accepts transactions for processing in the form of standard XML file formats. This allows the Contract Management Server and Technical Accounting Management Server modules to quickly and easily integrate with environments supporting XML, i.e. most business environments today.

For example, if external or legacy policy management or claims systems data was to provide transaction information, it could readily be accommodated, as long as these were marked up in XML (using any predefined XML schema), and as long as the data can be electronically transferred into SurSITE^®, whether via message queue, web service, database files, or otherwise.

The same applies to the invoice generation functionality built into the Technical Accounting Management Server: the system can automatically generate XML statements and invoices for export to external systems used by the different participants of the various contracts. This allows technical accounting work to be sent to financial accounting systems of a client’s choice such as SAP and Microsoft Dynamics product suite, among others.

Call your SurSITE^® representative today to schedule a system demonstration based on your unique business scenarios and reinsurance program. You’ll be glad you did.

Technology

The SurSITE^® framework consists of Web-enabled multi-language, multi-currency functional business and processing servers. It offers extensive automation of the insurance and reinsurance workflow. The SurSITE^® modular design allows the system to be deployed in various configurations depending on the needs of the client. There are servers which provide common services such as security, document production, and reporting. There are various function-specific modules such as the Contract Management Server, Technical Accounting Management Server; Business Intelligent Server, Underwriting and Rating Server, etc. that provide functional support for various business specific activities.

All modules have been specifically designed for integration into the systems which already are working in the client’s own IT environment through the use of predefined interfaces such as XML, MSMQ, and Web Services. As an example, the Integration Server does not directly interact with the Technical Accounting Management Server module but rather through Microsoft Message Queues (MSMQ) using predefined XML transaction documents. This type of internal communication and integration allows the modules to be deployed separately thus enabling STI to establish software configurations unique to each client. This approach provides an unparalleled ability to integrate our modules with existing systems. The latest version of SurSITE^® servers are tightly integrated with Office 2007 for document management. For example, all contract and claim notification documents are pre-formatted and readily available for customization and direct download.

Architecture

The SurSITE^® suite of modules was designed and implemented using the latest version of Microsoft’s .NET tools with an SQL Server 2005 back-end and architecture in combination with decades of combined real world experience of our senior domain experts, software engineers and system architects. In order to preserve the greatest flexibility to accommodate customized implementations (such as client-specific work flows and "look and feel"), the system was designed using a clean separation between the application tiers, i.e. consumer interfaces, business logic, and data access. The user interface also uses a theme based approach for faster and flexible changes to the look and feel of the application. This architecture allows for multiple types of information consumers through different predefined interfaces while still maintaining the integrity and security of the business rules and data.

The SurSITE^® internal system design is based on robust object-oriented class library. This allows STI to rapidly add new calculation methods, customize existing methods, and in general, extend and customize modules to accommodate the specific business needs of different clients while still maintaining standard elements within core product modules.

A table-driven approach manages many core aspects of the different modules. For example, reinsurance transaction types (e.g., Ceded Premium, Loss Payment, etc.) and their associated definitions, both for premiums and claims workflow, are maintained in the database. Thus, modifications to transaction types, risk classifications, and other core data which drives the general reinsurance calculation process do not require additional coding or modification of the core modules

.NET Technology

The SurSITE^® Framework uses a number of different component technologies to facilitate external interactions and allow customized implementations without jeopardizing key functional modules and business rules. At the heart of the SurSITE^® implementation is the Microsoft .NET Framework; the programming model of Microsoft .NET-connected software and technologies for building, deploying, and running Web applications, smart client applications, and Extensible Markup Language (XML) Web services applications that expose their functionality programmatically over a network using standard protocols such as SOAP, XML, and HTTP. The .NET Framework provides:

The .NET Framework consists of two main parts: the common language runtime (CLR); and a unified set of class libraries, including Microsoft ASP.NET for Web applications and XML Web services, Microsoft Windows® Forms for smart client applications, and Microsoft ADO.NET for loosely coupled data access. All SurSITE^® servers are being updated in sync with the latest version and service packs of the .NET Framework.

Security

STI takes the security of its products and client configurations very seriously; the SurSITE^® system does not base its security assumptions on being inside an already secure network.

The security model for the various SurSITE^® servers is based on a number of key elements. Access to the system is normally restricted to 128-bit encrypted sessions using authorized protocols filtered through a hardware-based firewall. Strong authentication and authorization is provided using Microsoft’s Active Directory. Active Directory provides a powerful base for managing, authenticating, and authorizing users and their profiles. The model supports role- based security and application-level authorization via a common profile repository, thus allowing the system to be integrated into existing enterprise domain implementations with a only few application extensions.

Active Directory is a Lightweight Directory Access Protocol (LDAP) compliant directory service. In the Windows 2003 operating system, all access to Active Directory objects occurs through LDAP. LDAP defines what operations can be performed in order to query and modify information in a directory and how information in a directory can be securely accessed. Active Directory allows the SurSITE^® system to manage users, assign users to groups, and collectively manage enterprise access to the system and various resources which the system provides.

The system employs a user-based security context for all application threads initiated by the user thus restricting the user’s access to system resources such as program routines, interfaces, web pages, physical server directories, etc., based on permissions. This means that when a process is executed, it is done so using the credentials of the user which requested the process. This restricts the user’s ability to access critical areas of the system regardless of the interface used and thereby provides protection against unauthorized access to sensitive data and areas of the system … even if a user has valid access to other parts of the system.

In addition to access control and secure authentication and authorization measures, SurSITE^® employs additional safeguards internally. The data repository has been isolated through another layer of separate application level security mechanisms to protect sensitive business data. All data access is restricted internally to predefined database stored procedures which can employ additional access controls established through Microsoft SQL Server 2005. This allows STI to open selected parts of the database for integration with separate access control, without opening the entire database.

Security for a web enabled application on the internet is also largely dependent on following proper programming techniques to avoid certain security vulnerabilities. STI has firmly established programming guidelines with respect to security to avoid some of the most common security vulnerabilities such as URL modification, buffer over run attacks, and many others.

Although STI has taken many steps to ensure that the applications and configurations which it employs are provided maximum security, good system security also requires monitoring and vigilance on the part of a client’s System Administrators. To ensure that systems maintain the greatest level of security and operation, it is critical that servers are hardened and locked down, physical access is restricted, other security devices such as firewalls are in place and configured properly, and that the appropriate software security patches and anti-virus software are up to date.

Integration Server

The SurSITE^® Framework was designed specifically for integration. SurSITE^® Integration Server represents a core component and strategy for integration of disparate and heterogeneous systems. They are small and system-specific component programming classes or services used to provide an intermediate layer of integration between modules and external systems. Their role is to obtain or receive the data from other modules or systems and transform the data (system codes, data collation, and presentation structure) to facilitate communication and submission with the existing SurSITE^® modules. They can be developed for custom integration using XML, Web Services, ODBC, programming APIs, or other implementation options suitable for the systems they will integrate with, without modifying those external modules or source systems which they are integrating with SurSITE^®. This allows them to be designed and implemented using either active polling or subscriber models to obtain the required information.

Data Migration

SurSITE^® was designed from ground up to be modularized, which not only makes it possible to deploy each module separately but also provide multiple alternatives for importing data into the system as well as exporting data to other systems, which in turn provides a flexible option for the SurSITE^® suite of servers to seamlessly integrate into existing IT environments. These options provide the ability to upload data from external system through the Web UI, API or a Pre-defined XML Schema or to download it into other systems.

Data exported from other systems as XML can be uploaded through a Web interface or be placed in a folder monitored periodically for new files. On a more restricted client environment the users have an option to use electronic forms based on InfoPath (part of Office 2007) to post transactions directly into the system. Uploading data through XML files also provides the ability to edit the XML File online through the Web UI. Additionally, a tool is provided to convert data stored in Excel and Text Files to an XML File.

All internal communications between different modules within the SurSITE^® Enterprise software are handled by XML making it possible to easily extend and customize one module without affecting others.