Data in Socotra

One of Socotra's core value propositions is to ensure that your organization has the power to create, manage, retrieve, and update both customer information as well as organizational information safely. It does this in the following ways:

Soctora has two levels of data that it manages on behalf of its customers: Socotra configurations and Socotra data. 

Socotra configurations specify the data model, ratings engine, document templates, business logic, report setup, and other aspects of how the system should operate and is closely related to the insurance products sold, business processes in place, and the operations of the organizations. Just like end-customer data, this information can change over time and managing it in a structured way adds tremendous value while reducing the maintenance costs as the business evolves.

Socotra data is the end-customer information including details about policyholders, policies, endorsements, claims, invoices and payments. This information contains personally identifiable information on end-customers as well as other sensitive information. This information not only needs to be easy to manage and is the lifeblood of the business, but also needs to be strongly protected.

Ease of Access

Socotra's open APIs make it easy to access data and are fully documented at  These API's provide access to core Soctora objects including policyholders, policies, invoices, payments, and event streams. Using these API's, Socotra makes it simple to migrate data into Socotra, generate reports, and integrate with third party/ancilary system such as CRM, general ledgers, payment gateways or consumer-facing applications.

Dynamic Data Management

Socotra recognizes that today's world is changing faster than before.  Insurance is no different and as new information becomes available, an organization may want to update pricing, release new products, or allow new mid term adjustments to cater to customer needs and react appropriately to risk changes. Socotra's dynamic data model and automated version architecture allows organizations to make changes and let Socotra worry about the housekeeping and data management.    

Enterprise Encryption

Customer data in Socotra is fully encrypted at rest and when traveling over the network. Socotra uses the latest security protocols including 256 bit encryption, generating strong private keys for each customer, automated secrets management, and network monitoring for unusual system behavior.  


Each production customer has an environment with its own configuration and data that's completely independent.   Ownership is clearly defined in Socotra's terms and conditions.  In addition, Socotra complies with EU regulations and provides customers with a data processing agreement that outlines the technical and operating procedures when working with customer data.

Every configuration change and material operation customer data is tracked and recorded in Socotra's audit log. This audit log is exposed via the Event Streaming feature.  Socotra operations include the date, user, operation and relevant object ID. In addition to direct auditing applications, this audit data can be used to trigger other operations, generate reports, or identify business operation weaknesses.