Press release

Guidewire Achieves Payment Card Industry Data Security Standard (PCI-DSS) Compliance and is Named a Visa Third-Party Agent

Sponsored by Businesswire

Guidewire Software, Inc. (NYSE: GWRE), provider of the industry platform
Property and Casualty (P&C) insurers rely upon, today announced it has,
for the third consecutive year, successfully completed a passing Payment
Card Industry Report of Compliance (PCI ROC), demonstrating its
compliance with the PCI DSS* (Data Security Standard) for Guidewire
InsurancePlatform™ products hosted via Guidewire Cloud™, the company’s
cloud environment. Additionally, the company announced that it is now a
globally compliant Third-Party Agent** with VISA, demonstrating an extra
level of commitment to protecting the financial data of its customers
and their policyholders.

“Data security remains a top area of concern for insurers when moving
their mission-critical systems to the cloud,” said Karen Furtado,
Partner, Strategy Meets Action. “Guidewire is taking significant steps
to ensure that its customers and their policyholder data is protected in
its cloud environment which will help allay these concerns.”

“We are doing the hard work needed to assure our customers that their
policyholder credit card transactions are secure as they move to
Guidewire Cloud,” said Kirk Sanford, chief information security officer
(CISO), Guidewire. “We believe we are the only insurance industry
platform provider to have secured this level of compliance accreditation
which should help give our customers confidence in our Guidewire Cloud
environment running on Amazon Web Services (AWS).”

“Completing a PCI ROC and obtaining a PCI AOC (Attestation of
Compliance) demonstrates the commitment Guidewire is making towards
ensuring that the financial data we manage on behalf of our customers in
Guidewire Cloud, remains secure,” said Oleg Ganopolskiy, group vice
president, Cloud Operations and Support, Guidewire. “Our VISA TPA
registration is an added layer of security for our customers.”

* PCI DSS, PCI ROC –The Payment Card Industry Security Standards Council
), comprised of the five major credit card networks, created the
PCI Data Security Standard (PCI
) to improve the security of cardholder information and to
facilitate global consistency in data security standards. The PCI DSS is
a set of security standards designed to ensure that all companies that
accept, process, store, or transmit credit card information maintain a
secure environment. It consists of 12 categories of requirements and
testing procedures to ensure that these requirements are met. In terms
of validating that a cloud service is compliant with the PCI DSS,
service vendors can complete a PCI Self-Assessment Questionnaire (SAQ)
or, to provide independent validation, they can hire a third-party
Qualified Security Assessor (QSA) to produce a Report of Compliance (ROC).
Guidewire has done the latter.

** Registered VISA
Third Party Agent
– All service providers who have access to
cardholder data must comply with the required data security requirements
prior to beginning services and must be registered in the VISA Agent
Registration Program for inclusion on the Visa Global Registry of
Service Providers. PCI DSS compliance validation is required every 12
months for all Level 1 and Level 2 service providers.

Guidewire has previously
its successful completion of independent SOC
and SOC
Type 2 compliance audits for Guidewire InsurancePlatform™ products
hosted via Guidewire Cloud™, the company’s cloud environment. Additional
Guidewire viewpoint on the data security topic can be accessed here.

About Guidewire Software

Guidewire delivers the industry platform that Property and Casualty
(P&C) insurers rely upon to adapt and succeed in a time of accelerating
change. We provide the software, services, and partner ecosystem to
enable our customers to run, differentiate, and grow their business. We
are privileged to serve more than 350 companies in 32 countries. For
more information, please visit
and follow us on twitter: @Guidewire_PandC.

NOTE: All products mentioned in this announcement are Guidewire
products. For information about Guidewire’s trademarks, visit