Solution 06: SureGuard Insurance Group

AI-Generated Content — Use for Reference Only

This content is AI-generated and has only been validated by AI review processes. It has NOT been reviewed or validated by certified Salesforce CTAs or human subject matter experts. Do not rely on this content as authoritative or completely accurate. Use it solely as a reference point for your own study and preparation. Always verify architectural recommendations against official Salesforce documentation.

Worked Solution

This is a reference solution for Scenario 06: SureGuard Insurance Group. Attempt the scenario paper first before reviewing. Use the 9 Essential Artifacts and Five-Finger Method as your framework.

Assumptions

• MuleSoft Anypoint as enterprise middleware given 7+ integration endpoints with mixed API styles
• Financial Services Cloud (FSC) as the Salesforce edition with insurance-specific data model
• Experience Cloud for agent portal (Phase 1) and policyholder self-service (Phase 2)
• Guidewire PolicyCenter and ClaimCenter remain systems of record for policy and claims data
• IBM FileNet remains document repository through 2028; Salesforce surfaces documents via API
• COBOL billing system will not be replaced; integration must accommodate its limitations

Key Architectural Decisions

AD-1: OWD Private + Apex Managed Sharing for Agent Book-of-Business

Decision: OWD Private on Policy, Claim, and Commission objects. Apex managed sharing grants each agent visibility to only their written policies.

I chose Apex managed sharing because the same policyholder can have policies through different agents. Agent A must see the homeowners policy they wrote but NOT the auto policy Agent B wrote for the same person. Sharing sets cannot express this — they share all child records under an Account, which would leak cross-agent policies. Criteria-based sharing rules also cannot handle the dynamic agent-to-policy assignment.

Agency principal hierarchy: Principals see all policies under their agency via Role Hierarchy. Agents sit below the agency role; Apex sharing at the agent level rolls up visibility to the principal automatically.

Critical Security Detail

The split-policy scenario is the #1 trap. Any sharing model that ties visibility to the policyholder Account rather than the individual Policy record will fail the security requirement. Apex managed sharing on Policy with the writing agent as share recipient is the only correct pattern.

AD-2: Claims Territory Sharing + CAT Surge Override

Decision: Criteria-based sharing rules match Claim.Territory__c to adjuster territory assignments. During catastrophe events, a Flow-triggered “CAT Surge” process temporarily expands adjuster territories.

Territory__c is populated during FNOL based on loss location ZIP. The 6 regional adjuster teams map to 6 territory groups. During a CAT event (5,000-8,000 claims in 48 hours), MuleSoft queues buffer inbound FNOL, auto-assignment distributes claims by adjuster capacity (Claims_Open_Count rollup), and a pre-built screen Flow lets claims managers activate surge in under 2 minutes. A scheduled job removes temporary assignments when the CAT event closes.

AD-3: MuleSoft with Pattern-Per-Endpoint + Guidewire Bidirectional Sync

Decision: MuleSoft Anypoint as the single integration hub for 7+ systems. Each Guidewire flow uses the pattern matching its SLA.

Flow	Pattern	SLA
FNOL submission	Synchronous API	Real-time
Policy status sync	Near-real-time (event-driven via MuleSoft bridge)	15 minutes
Renewal processing	Batch	Nightly
Reserve amounts	Batch (field-level security: internal only)	Daily

MuleSoft handles all API styles (Guidewire SOAP/REST, billing REST + SFTP, LexisNexis/ISO/OFAC sync REST) through a single governance layer. The COBOL billing system’s batch/SFTP interface specifically requires middleware translation Salesforce cannot do natively. The API abstraction layer isolates Guidewire-facing APIs from Salesforce-facing APIs, reducing change propagation.

AD-4: LexisNexis 90-Day TTL with FCRA Compliance

Decision: Dedicated LexisNexis_Report__c object with automated 90-day purge, FLS restricted to Underwriter profiles, and Shield Platform Encryption.

Nightly scheduled Apex deletes records > 90 days followed by Database.emptyRecycleBin() to permanently remove them (Recycle Bin retention would otherwise violate FCRA limits). OWD Private, FLS Read access only for Underwriter/Senior Underwriter profiles, Event Monitoring logs every access for FCRA audit. Object excluded from all agent/policyholder report types.

Critical Diagrams

System Landscape

graph TB
    subgraph Legend
        direction LR
        NEW["🟢 NEW - Being Built"]
        KEEP["⚪ KEEPING - No Changes"]
        RETIRE["🔴 RETIRING - Decommissioning"]
        INT["🟠 INTEGRATION LAYER"]
    end

    subgraph Salesforce["Salesforce Financial Services Cloud"]
        FSC["🟢 NEW: FSC — 1,200 internal users"]
        EC_AGENT["🟢 NEW: Experience Cloud Agent Portal — 3,500 agents"]
        EC_PH["🟢 NEW: Experience Cloud Policyholder Portal — Phase 2, 850K"]
        SHIELD["🟢 NEW: Shield Platform Encryption"]
        EM["🟢 NEW: Event Monitoring"]
        CRMA_SG["🟢 NEW: CRM Analytics"]
    end

    subgraph Mule["MuleSoft Anypoint"]
        GW_LAYER["🟢 NEW: Guidewire Layer — SOAP + REST"]
        BL_LAYER["🟢 NEW: Billing Layer — REST + SFTP"]
        EX_LAYER["🟢 NEW: External Services — ISO/LexisNexis/OFAC"]
        MQ_LAYER["🟢 NEW: Anypoint MQ — CAT Buffer"]
    end

    subgraph ExtSystems["External Systems — Keeping"]
        GW_PC["⚪ KEEP: Guidewire PolicyCenter — 2.1M policies"]
        GW_CC["⚪ KEEP: Guidewire ClaimCenter — 180K claims/yr"]
        FN_SYS["⚪ KEEP: IBM FileNet — 28M docs, contract thru 2028"]
        ISO_SYS["⚪ KEEP: ISO/ACORD Rating Tables"]
        LN_SYS["⚪ KEEP: LexisNexis — CLUE, MVR, Risk Scores"]
        OFAC_SYS["⚪ KEEP: OFAC Sanctions Screening"]
        NIPR_SYS["⚪ KEEP: NIPR — Agent License Verification"]
    end

    subgraph RetiringSystems["Legacy Systems"]
        AMS["🔴 RETIRE: Agent Management System — .NET, 8yr old"]
    end

    subgraph KeepLegacy["Legacy — Keeping"]
        COBOL["⚪ KEEP: COBOL Billing Mainframe — 15yr old, not replaced"]
    end

    FSC <-->|"Bidirectional sync"| GW_LAYER
    GW_LAYER <-->|"SOAP + REST"| GW_PC
    GW_LAYER <-->|"SOAP + REST"| GW_CC
    GW_LAYER <-->|"REST on-demand"| FN_SYS
    FSC -->|"Billing sync"| BL_LAYER -->|"SFTP batch"| COBOL
    FSC -->|"Rating + compliance"| EX_LAYER
    EX_LAYER --> ISO_SYS & LN_SYS & OFAC_SYS
    MQ_LAYER -.->|"CAT surge buffer"| GW_LAYER

Sharing Model Architecture

graph TB
    subgraph Roles["Role Hierarchy"]
        CEO[CEO/COO]
        VP_D[VP Distribution]
        VP_C[VP Claims]
        VP_U[VP Underwriting]
        RSM[Regional Sales Mgrs]
        CM[Claims Mgrs x6]
        ADJ[Adjusters x145]
        UW[Underwriters x42]
        CEO --> VP_D & VP_C & VP_U
        VP_D --> RSM
        VP_C --> CM --> ADJ
        VP_U --> UW
    end

    subgraph Ext["Experience Cloud"]
        AP[Agency Principal]
        AG[Agent]
        AP --> AG
    end

    subgraph Rules["Sharing Mechanisms"]
        S1["Policy: OWD Private + Apex Share → writing agent"]
        S2["Claim: OWD Private + Criteria Share → territory adjuster"]
        S3["LexisNexis: OWD Private + FLS → Underwriter only"]
    end

    AG -.->|"Apex managed share"| S1
    AP -.->|"Role hierarchy rollup"| S1
    ADJ -.->|"Criteria sharing rule"| S2
    UW -.->|"FLS on profile"| S3

OWD Summary

Object	OWD	Sharing Mechanism	Justification
Account (Policyholder)	Private	Sharing sets for portal; role hierarchy for internal	Agents see only their policyholders; split-policy safe at Account level
Policy__c	Private	Apex Managed Sharing tied to writing Agent	Split-policy isolation: Agent A sees only home policy, Agent B sees only auto policy for same policyholder
Claim__c	Private	Criteria-based sharing on Territory__c	Adjusters see claims in their territory; CAT surge temporarily expands territory
Commission__c	Private	Apex Managed Sharing tied to earning agent	Agents see own; principals see agency total; regional mgrs see territory totals only
LexisNexis_Report__c	Private	FLS restricted to Underwriter profiles	FCRA: never visible to agents/policyholders; 90-day TTL; Shield Encryption; access logged
Reserve__c (fields on Claim)	N/A (FLS)	FLS Read on Adjuster + Claims Mgr profiles only	Internal-only: never visible in agent or policyholder portal views
Medical_Record__c	Private	Apex Managed Sharing to assigned adjuster + medical review staff	Additional Shield Encryption; restricted profile access; full audit trail
Case (FNOL)	Private	Role hierarchy + criteria sharing by territory	Agents submit; adjusters assigned by territory + caseload
Product (Insurance Lines)	Public Read Only	N/A	All users need line-of-business visibility for quoting

Integration Architecture (7+ Systems)

flowchart LR
    subgraph SF["🟢 Salesforce FSC"]
        POL["🟢 NEW: Policies"]
        CLM["🟢 NEW: Claims"]
        QT["🟢 NEW: Quoting"]
        EC_A["🟢 NEW: Agent Portal"]
        UWB["🟢 NEW: Underwriter Workbench"]
    end

    subgraph MS["🟢 MuleSoft Anypoint"]
        GW["🟠 Guidewire Layer"]
        BL["🟠 Billing Layer"]
        EX["🟠 External Services"]
        MQ["🟠 Anypoint MQ — CAT Buffer"]
    end

    subgraph ExtKeep["External Systems"]
        GW_PC["⚪ KEEP: PolicyCenter"]
        GW_CC["⚪ KEEP: ClaimCenter"]
        FN["⚪ KEEP: IBM FileNet — 28M docs"]
        ISO["⚪ KEEP: ISO/ACORD"]
        LN["⚪ KEEP: LexisNexis"]
        OFAC["⚪ KEEP: OFAC"]
        NIPR["⚪ KEEP: NIPR"]
    end

    subgraph KeepLeg["Legacy — Keeping"]
        BILL["⚪ KEEP: COBOL Billing — not replaced"]
    end

    subgraph Retire["Legacy — Retiring"]
        AMS_R["🔴 RETIRE: Agent Mgmt .NET"]
    end

    POL <-->|"SOAP/REST event-driven<br/>OAuth 2.0 / <15 min<br/>175K renewals/mo nightly batch"| GW
    CLM <-->|"REST sync FNOL submit<br/>OAuth 2.0 / Real-time<br/>180K claims/yr + 5-8K CAT surge"| GW
    QT -->|"REST sync — rating request<br/>API Key / Real-time<br/>2-4 calls/quote, 800ms each"| EX
    UWB -->|"REST sync — risk scores<br/>OAuth 2.0 / On-demand<br/>1.2s response, 90-day TTL"| EX

    GW -->|"SOAP + REST<br/>Service Account / Sync + Batch"| GW_PC
    GW -->|"SOAP + REST<br/>Service Account / Sync + Batch"| GW_CC
    GW <-->|"REST CMIS on-demand<br/>OAuth 2.0 / On-demand / 28M docs"| FN

    EX -->|"REST sync — ISO tables<br/>API Key / Real-time"| ISO
    EX -->|"REST sync — CLUE + MVR<br/>API Key / Real-time / FCRA encrypted"| LN
    EX -->|"REST sync — pre-bind screen<br/>API Key / Real-time / hard block on failure"| OFAC

    POL -->|"SFTP batch nightly<br/>PGP encrypted / 1.8M txn/mo"| BL
    BL -->|"SFTP batch<br/>PGP encrypted / Nightly"| BILL

    EC_A -->|"REST — license verify<br/>API Key / On-demand / 3,500 agents"| NIPR

    MQ -.->|"Async surge buffer<br/>5-8K claims/48hr CAT events"| GW

Data Model / ERD

erDiagram
    Account ||--o{ Contact : "has contacts"
    Account ||--o{ Policy__c : "policyholder has policies"
    Account ||--o{ Claim__c : "policyholder has claims"
    Policy__c ||--o{ Claim__c : "policy has claims"
    Policy__c ||--o{ Endorsement__c : "policy endorsements"
    Policy__c }o--|| Agent__c : "written by agent"
    Policy__c }o--|| Product2 : "insurance line"
    Policy__c ||--o{ Coverage__c : "coverage components"
    Claim__c ||--o{ Claim_Payment__c : "claim payments"
    Claim__c ||--o{ Reserve__c : "claim reserves"
    Claim__c }o--|| User : "assigned adjuster"
    Claim__c ||--o{ Subrogation__c : "recovery tracking"
    Agent__c }o--|| Agency__c : "belongs to agency"
    Agent__c ||--o{ Commission__c : "earns commissions"
    Agent__c ||--o{ Territory_Assignment__c : "territory ZIP ranges"
    Agent__c }o--|| Agent_Tier__c : "Elite/Premier/Standard/Developing"
    Product2 ||--o{ Coverage__c : "line-specific coverages"
    Coverage__c ||--o{ State_Variation__mdt : "state-specific rules (CMT)"
    LexisNexis_Report__c }o--|| Account : "risk report for policyholder"
    Account ||--o{ Billing_Transaction__c : "billing records"
    Claim__c ||--o{ Document_Reference__c : "FileNet document links"

    Account {
        string OWD "Private"
        string Volume "850,000 active policyholders"
        string Note "Unified from PolicyCenter + billing + agent mgmt - 3 source IDs"
    }
    Contact {
        string OWD "Controlled by Parent"
        string Volume "1.2M"
        string Note "Shield Encryption on PII fields"
    }
    Policy__c {
        string OWD "Private"
        string Volume "2.1M active policies"
        string LDV "LDV [LDV] - life + 7yr retention"
        string Note "Apex Managed Sharing to writing agent"
    }
    Claim__c {
        string OWD "Private"
        string Volume "180K new/year + 520 open/adjuster"
        string LDV "LDV [LDV] - 7yr post-closure retention"
        string Note "Criteria sharing by Territory__c"
    }
    Endorsement__c {
        string OWD "Controlled by Parent"
        string Volume "14,000/month"
        string Note "Agent-submitted via portal"
    }
    Coverage__c {
        string OWD "Controlled by Parent"
        string Volume "8M (2.1M policies x avg 4 coverages)"
        string LDV "LDV [LDV] - follows Policy retention"
        string Note "Up to 34 components per NY homeowners"
    }
    State_Variation__mdt {
        string OWD "N/A (metadata, not data)"
        string Volume "3,000 (22 states x ~140 variations)"
        string Note "Custom Metadata Type - deployable without data migration, queryable in Apex"
    }
    Agent__c {
        string OWD "Private"
        string Volume "3,500 active agents"
        string Note "NIPR license verification; migrated from .NET AMS"
    }
    Agency__c {
        string OWD "Private"
        string Volume "1,800 agencies"
        string Note "Principal sees all agents via role hierarchy"
    }
    Commission__c {
        string OWD "Private"
        string Volume "420K/year"
        string Note "Agents see own; principals see agency; regional mgrs see totals"
    }
    Territory_Assignment__c {
        string OWD "Private"
        string Volume "12,000 assignments"
        string Note "Non-overlapping ZIP ranges by line of business"
    }
    Reserve__c {
        string OWD "Private"
        string Volume "180K/year"
        string Note "FLS: internal only - never in agent/PH views. $890M total"
    }
    LexisNexis_Report__c {
        string OWD "Private"
        string Volume "Rolling - 90-day TTL purge"
        string Note "FCRA: underwriter-only FLS; Shield Encryption; access logged"
    }
    Subrogation__c {
        string OWD "Private"
        string Volume "Est. $12M/yr recovery potential"
        string Note "Systematic tracking - currently missed"
    }
    Claim_Payment__c {
        string OWD "Controlled by Parent"
        string Volume "300K/year"
    }
    Billing_Transaction__c {
        string OWD "Private"
        string Volume "1.8M transactions/month from COBOL"
        string LDV "LDV [LDV] - archive >2yr to Big Object"
    }
    Document_Reference__c {
        string OWD "Controlled by Parent"
        string Volume "28M docs in FileNet - refs only in SF"
        string Note "CMIS API links - docs stay in FileNet thru 2028"
    }
    Agent_Tier__c {
        string OWD "Public Read Only"
        string Volume "4 tiers"
        string Note "Elite/Premier/Standard/Developing"
    }

Why Policy__c (custom) instead of FSC InsurancePolicy (standard)?

FSC ships with a standard InsurancePolicy object, but this solution intentionally uses custom Policy__c. The reason: Apex sharing reasons are only available on custom objects. The split-policy sharing model — where Agent A sees only the homeowners policy they wrote and NOT the auto policy Agent B wrote for the same policyholder — requires Apex managed sharing with a dedicated sharing reason. On standard objects like InsurancePolicy, only RowCause = Manual is available, and Manual sharing records are automatically deleted when record ownership changes, breaking the sharing model. Custom Policy__c with a dedicated Apex sharing reason (e.g., Writing_Agent__c) provides durable, recalculable sharing that survives ownership transfers. This is a critical CTA-level justification.

LDV Strategy

• Policies (2.1M active): Skinny tables on Policy__c. Custom indexes on Policy_Number__c, Agent__c, and Territory__c. Retention: life of policy + 7 years in standard objects; archive to Big Objects (Archived_Policy__b) after that.
• Claims (180K/yr, 520 open/adjuster): Custom indexes on Territory__c, Adjuster__c, and Status__c for assignment queries. Archive 7 years post-closure to Big Objects.
• Coverages (8M+): Master-detail to Policy for cascade delete. Async SOQL for bulk coverage reporting across the portfolio.
• Billing Transactions (1.8M/mo): Highest volume object. Archive records older than 2 years to Archived_Billing__b. Active set stays under 50M rows.
• Regulatory Correspondence: 10-year retention in FileNet (system of record for docs). Document_Reference__c records in Salesforce are lightweight pointers only.

Migration Strategy

flowchart TB
    subgraph Phase0["Phase 0: Data Assessment + Unification (Weeks 1-4)"]
        P0A[Profile 3 source systems<br/>PolicyCenter + COBOL Billing + Agent Mgmt]
        P0B[Map 3 policyholder ID schemes<br/>to unified Account record]
        P0C[Define golden record rules<br/>Match on policy # + SSN + DOB]
        P0D[Build agent territory map<br/>12,000 ZIP-range assignments]
        P0A --> P0B --> P0C --> P0D
    end

    subgraph Phase1["Phase 1: Reference + Agent Data (Weeks 5-8)"]
        P1A[Migrate insurance product model<br/>6 lines of business + coverage types]
        P1B[Load state-specific configurations<br/>22 states into Custom Metadata Types]
        P1C[Migrate agent profiles from .NET AMS<br/>3,500 agents with tiers + territories]
        P1D[Migrate 5yr agent production history<br/>210K records + commission payments]
        P1A --> P1B --> P1C --> P1D
    end

    subgraph Phase2["Phase 2: Policyholder + Policy Data (Weeks 9-14)"]
        P2A[Extract policyholders from PolicyCenter<br/>850K accounts — deduplicate across 3 systems]
        P2B[Migrate active policies<br/>2.1M policies with coverage components]
        P2C[Link policies to writing agents<br/>Create Apex managed sharing records]
        P2D[Validate split-policy isolation<br/>Verify Agent A cannot see Agent B policies]
        P2A --> P2B --> P2C --> P2D
    end

    subgraph Phase3["Phase 3: Claims + Billing History (Weeks 15-20)"]
        P3A[Migrate open claims from ClaimCenter<br/>With adjuster assignments + reserves]
        P3B[Migrate 5yr closed claims<br/>For actuarial analysis + regulatory retention]
        P3C[Migrate billing transaction history<br/>From COBOL via SFTP extract — 2yr active window]
        P3D[Create FileNet document references<br/>28M document pointers — no file migration]
        P3A --> P3B --> P3C --> P3D
    end

    subgraph Phase4["Phase 4: Validation + Go-Live (Weeks 21-24)"]
        P4A[Reconciliation: policy counts<br/>SF vs PolicyCenter for all 22 states]
        P4B[Reconciliation: agent books<br/>Verify each agent sees correct policies only]
        P4C[Anonymize all non-prod environments<br/>NAIC compliance — mask PII in sandboxes]
        P4D[Agent advisory council UAT<br/>Top agents validate portal workflows]
        P4E[Go-live: agent portal Phase 1<br/>Policyholder portal deferred to Phase 2]
        P4A --> P4B --> P4C --> P4D --> P4E
    end

    Phase0 --> Phase1 --> Phase2 --> Phase3 --> Phase4

Migration Tools: MuleSoft batch jobs for PolicyCenter and ClaimCenter extraction (SOAP + REST APIs). SFTP file extraction from COBOL billing system for historical transactions. Bulk API 2.0 for Salesforce loading. Agent Management System data extracted via REST API. FileNet document references (metadata only) loaded via Composite API — no document file migration needed (FileNet contract through 2028).

Data Anonymization: Post-migration, all non-production environments run an automated anonymization script masking policyholder names, SSNs, addresses, and policy numbers. LexisNexis data excluded entirely from sandbox refreshes per FCRA.

Identity & SSO Flow

sequenceDiagram
    participant User as Internal User<br/>(Adjuster / Underwriter)
    participant Browser as Browser
    participant AD as Active Directory<br/>(On-Premise AD + ADFS)
    participant SF as Salesforce FSC

    User->>Browser: Navigate to Salesforce
    Browser->>AD: Redirect (SP-initiated SSO)
    AD->>AD: Authenticate (MFA via RSA SecurID)
    AD->>Browser: SAML 2.0 Assertion
    Browser->>SF: POST SAML to ACS URL
    SF->>SF: Match Federation ID → User record
    SF->>Browser: Session Cookie + Redirect

sequenceDiagram
    participant Agent as Insurance Agent<br/>(3,500 independent)
    participant Browser as Browser
    participant SF as Salesforce<br/>(Experience Cloud)

    Agent->>Browser: Navigate to Agent Portal
    Browser->>SF: Login page (Experience Cloud)
    SF->>SF: Username/Password + MFA (TOTP App)
    SF->>Browser: Session Cookie + Portal Home

sequenceDiagram
    participant PH as Policyholder<br/>(Phase 2 — 850K)
    participant Browser as Browser
    participant SF as Salesforce<br/>(Experience Cloud)

    PH->>Browser: Navigate to Self-Service Portal
    Browser->>SF: Login page
    SF->>SF: Email/Password + MFA (Email OTP)
    SF->>Browser: Session Cookie + Policyholder Dashboard

Internal users (1,200): SAML 2.0 SP-initiated SSO with on-premise Active Directory via AD FS. Insurance companies typically maintain on-premise AD for regulatory compliance and established identity infrastructure. MFA via RSA SecurID (common in financial services). Federation ID mapped to employee ID.

Independent agents (3,500): Experience Cloud native login with TOTP-based MFA (authenticator app). Agents are independent contractors — no shared corporate IdP. Self-registration tied to the agent onboarding workflow (automated license verification via NIPR, appointment filing, territory assignment, then portal provisioning). Agency principals get the same login flow with elevated role.

Policyholders (850K, Phase 2): Experience Cloud Customer portal with email/password + email OTP for MFA. Low-friction authentication appropriate for consumer self-service. Identity verification during registration ties to PolicyCenter policyholder record via policy number + DOB + ZIP.

Integration Error Handling

Integration	Pattern	Retry Strategy	Dead Letter Queue	Monitoring	Fallback
Guidewire FNOL Submission	Sync REST	3 retries: 1s, 5s, 30s backoff	Failed FNOLs → Anypoint MQ DLQ → FNOL_Error__c	Alert on > 3 failures/min; PagerDuty to claims ops	FNOL saved in Salesforce with “Pending ClaimCenter” status; batch retry every 15 min
Guidewire Policy Sync (event-driven)	Near-real-time (< 15 min)	Auto-retry on next event cycle; 3 retries per event	Unprocessed policy events → Anypoint MQ DLQ	Alert if policy sync lag > 30 min; dashboard monitor on queue depth	Stale policy data displayed with “last synced” timestamp; agent can request manual refresh
Guidewire Renewal Processing	Batch nightly	Full batch re-run on systemic failure; record-level retry for individual errors	Failed renewals → Renewal_Sync_Error__c with policy ID + error	Morning reconciliation report; alert if > 1% error rate	Renewals processed in next nightly cycle; agent notification delayed by 24 hrs
COBOL Billing (SFTP batch)	Batch nightly SFTP	File re-send on transfer failure; record-level error logging	Failed billing records → error file on SFTP landing zone	Alert on missing file by 6 AM; reconciliation count mismatch alert	Previous day’s billing data displayed; manual billing lookup via mainframe terminal
ISO/ACORD Rating (sync)	Sync REST (800ms each, 2-4 calls/quote)	2 retries: 500ms, 2s backoff (tight SLA)	N/A (stateless query)	Alert on > 2s average latency; circuit breaker at 5s	Quote flagged “manual rate required”; underwriter completes rating offline
LexisNexis (sync)	Sync REST (1.2s response)	2 retries: 1s, 3s backoff	N/A (FCRA prohibits storing failed requests)	Alert on > 3s latency; access audit log for FCRA	Underwriter notified “report unavailable”; manual LexisNexis portal lookup
OFAC Screening	Sync REST (pre-bind)	3 retries: 1s, 5s, 30s backoff	Failed screens → OFAC_Pending__c (blocks binding)	Alert on any failure; compliance team notified	Policy CANNOT bind until OFAC clears; hard block with compliance escalation
IBM FileNet (doc retrieval)	On-demand REST	3 retries: 1s, 5s, 30s backoff	N/A (on-demand query)	Alert on > 5s average retrieval time	”Document temporarily unavailable” message; retry button; FileNet direct URL fallback

CAT Event Error Handling

During catastrophe events (5,000-8,000 claims in 48 hours), the Anypoint MQ buffer absorbs FNOL spikes. If ClaimCenter becomes slow or unavailable, the queue grows but no FNOLs are lost. Agents see a “Claim Received” confirmation immediately from Salesforce. MuleSoft workers auto-scale to process the backlog when ClaimCenter recovers. A dedicated CAT monitoring dashboard shows queue depth, processing rate, and estimated time to clear.

Requirements Addressed

1. Agent book-of-business isolation — Apex managed sharing on Policy tied to writing agent; split-policy safe (Reqs 23, 24)
2. Agent self-service portal — Experience Cloud Partner with quoting, binding, FNOL, endorsements (Reqs 1, 2, 7, 8)
3. CAT surge capacity — Anypoint MQ buffer + Flow-driven territory expansion + auto-assignment by caseload (Reqs 11, 9)
4. Guidewire bidirectional sync — Pattern-per-SLA: real-time FNOL, 15-min policy, nightly renewals/reserves (Reqs 18, 19)
5. LexisNexis FCRA compliance — 90-day TTL with automated purge, FLS restricted to underwriters, Shield Encryption (Req 28)
6. Underwriter workbench — Consolidated view with tiered authority and auto-escalation (Reqs 14, 15)
7. NAIC compliance — Event Monitoring, Shield Encryption, incident response plan, annual risk assessment (Req 27)
8. State-specific configuration — Custom Metadata Types for 22-state variations, maintainable without deployments (Req 22)

Governance & DevOps

flowchart LR
    DEV1[Developer Sandbox x3<br/>Hartford Team] --> INT[Integration Test<br/>Partial Copy<br/>Guidewire Test Instance]
    DEV2[Developer Sandbox x2<br/>Contractors] --> INT
    HF[Hotfix Sandbox<br/>Developer Pro] --> INT
    INT --> UAT[UAT — Full Copy<br/>Anonymized Production Data]
    UAT --> PROD[Production]
    TRAIN[Training — Partial Copy<br/>Anonymized Data] -.-> |"Refresh quarterly"| UAT

Branching Strategy

Main + develop + feature branches suited to the 12-person team with monthly release cadence.

• main — production-ready, protected branch. All deployments cut from here.
• develop — integration branch. Feature branches merge here first.
• feature/* — short-lived branches per user story (max 2 weeks). Separate tracks for agent portal features vs. integration work.
• hotfix/* — emergency fixes for regulatory mandates (30-60 day DOI deadlines). Cherry-picked to main and back-merged to develop.
• release/* — monthly release stabilization branch. Created 1 week before production deployment.

Sandbox Strategy

Sandbox Type	Count	Purpose
Developer	5	3 for Hartford FTEs, 2 for contractors. Individual development.
Developer Pro	1	Hotfix environment for emergency regulatory changes (30-60 day DOI mandates).
Partial Copy	2	1 for integration testing (connected to Guidewire test instance), 1 for compliance training with anonymized data.
Full Copy	1	UAT with anonymized production data. All PII masked per NAIC requirements. Refreshed monthly before each release.

Data Anonymization Requirement

NAIC Insurance Data Security Model Law requires all production data in non-production environments to be anonymized. The Full Copy UAT sandbox uses a post-refresh anonymization script that masks policyholder names, SSNs, addresses, and policy numbers while preserving data relationships for testing. LexisNexis data is excluded entirely from sandbox refreshes.

Testing Strategy

Regulatory compliance gates are mandatory before every production deployment.

• Apex unit tests: >80% coverage. All Guidewire callout classes use HttpCalloutMock with SOAP and REST response payloads. Apex managed sharing logic has dedicated test classes verifying split-policy isolation.
• Integration testing: End-to-end FNOL submission against Guidewire test instance. Policy sync latency validation (< 15 min). COBOL SFTP file format validation with known-good test files.
• PII data masking verification: Automated scan of all sandbox environments confirming no unmasked PII in non-production. Run after every sandbox refresh.
• FCRA compliance testing: Verify LexisNexis 90-day purge job operates correctly. Confirm FLS prevents agent/policyholder access. Validate audit trail captures every access event.
• CAT surge simulation: Load test simulating 5,000 FNOLs in 48 hours against Anypoint MQ. Verify queue processing, auto-scaling, and ClaimCenter bulk create API performance.
• UAT: 2-week cycle with claims managers, underwriting leads, and agent advisory council. State-specific workflows tested for all 22 states.
• Regression: Automated tests for agent portal quoting/binding flows, FNOL submission, and endorsement processing. Run on every deployment to integration and UAT.

CoE / Governance

IT Director serves as platform owner with a dedicated Salesforce team of 6 FTEs.

• Post-go-live ownership: 2 admins + 2 developers for platform maintenance. 2 integration developers maintain MuleSoft Guidewire/billing connectors.
• Change management: All production deployments require IT Director + VP sign-off (Req 35). Monthly release cadence with 24-hour hotfix capability for critical issues.
• Regulatory change process: DOI mandates (30-60 day deadlines) use the hotfix branch and dedicated Developer Pro sandbox. Bypass standard release cycle with expedited IT Director approval. State-specific configurations via Custom Metadata Types can deploy without a full release.
• Release cadence: Monthly production releases. Regulatory hotfixes as needed (average 3-4/year). Experience Cloud agent portal updates deployed independently.
• Compliance audit: Quarterly internal audit of Event Monitoring logs, Shield Encryption key rotation, FCRA purge job execution, and NAIC incident response plan review.

Risk Assessment

Risk	Likelihood	Impact	Mitigation
CAT event overwhelms FNOL integration (5-8K claims/48 hrs)	Medium	Critical	Anypoint MQ buffering; pre-scaled workers; ClaimCenter bulk create API
Apex sharing performance at scale (3,500 agents x ~600 policies)	Medium	High	Batch recalculation during territory realignment; monitor Sharing Row count; archive shares after 7-year retention
COBOL billing system failure (2 devs near retirement)	High	Critical	Document all SFTP formats now; MuleSoft abstraction layer enables billing system swap without Salesforce changes
LexisNexis purge job failure exposes FCRA violation	Low	Critical	Dual safeguard: scheduled Apex + weekly audit flagging records > 85 days; automated compliance alert at 88 days

Domain Scoring Notes

D2 Security (HEAVY): Make-or-break domain. Explain why sharing sets fail (share all Account children) and why Apex managed sharing is required (record-level share tied to writing agent). Agency principal hierarchy must be clear. FLS for reserves (internal only), LexisNexis (underwriter only), medical records (assigned adjuster + medical review). NAIC compliance: incident response plan, annual risk assessment, Event Monitoring, Shield Encryption for PHI/FCRA.

D5 Integration (HEAVY): Clear middleware justification for 7+ systems with mixed API styles. Each endpoint needs a named pattern with specific SLA. FNOL sequence diagram must show synchronous round-trip. COBOL SFTP acknowledged as a constraint. CAT surge handling via Anypoint MQ buffer is the key pattern.

D1 System Architecture (MEDIUM): FSC for 1,200 internal users, Experience Cloud Partner for 3,500 agents, Experience Cloud Customer (Phase 2) for 850K policyholders. Community Plus vs basic license justification needed. Mobile for top 200 agents with offline FNOL.

D4 Solution Architecture (MEDIUM): Use Guidewire’s rating engine via API — do NOT rebuild in Salesforce. State-specific configs (22 states) via Custom Metadata Types maintainable without deployments.

What Would Fail

Using sharing sets for agent book-of-business. Most common mistake. Sharing sets share all records related to an Account. When policyholder Jane has policies through two agents, both get access to both. The solution requires Apex managed sharing on Policy tied to the writing Agent. Miss this, and judges fail you on Security.

Building a rating engine in Salesforce. Guidewire already has a mature rating engine with ISO tables. Rebuilding is a multi-year project. Call PolicyCenter’s rating API synchronously via MuleSoft. Salesforce is the engagement layer, Guidewire is the calculation layer.

Ignoring the CAT event surge. If the architecture cannot handle 5,000-8,000 claims in 48 hours, you have missed a critical requirement. Anypoint MQ buffering with auto-scaling is the answer. Judges will ask: “What happens when ClaimCenter is slow?” Answer: claims queue in Anypoint MQ; agent sees a received confirmation; claim number delivered via notification once processed.

Scoring Rubric

Criterion	Weight	What Judges Look For
Security & Sharing Model	30%	Agent book-of-business sharing via Apex managed sharing (not sharing sets). Agency principal hierarchy. Adjuster territory-based access. Underwriter authority levels. FLS for reserves, LexisNexis, medical records. NAIC compliance controls. FCRA 90-day data retention for LexisNexis
Integration Architecture	25%	7+ systems classified by pattern and protocol. Guidewire bidirectional sync (real-time FNOL, near-real-time policy, batch renewals). COBOL SFTP acknowledged as constraint. Catastrophe surge handling via Anypoint MQ buffering. Error handling per endpoint
Architecture Completeness	20%	FSC platform selection justified. Experience Cloud for agent portal (Phase 1) and policyholder self-service (Phase 2). Guidewire as system of record for policy/claims (not Salesforce). State-specific configuration via Custom Metadata Types. System landscape with all endpoints
Data Architecture	15%	Policy-agent-policyholder data model. 850K policyholder data sync strategy. 7-10 year retention requirements. Anonymized data in sandboxes per NAIC. LexisNexis data lifecycle management
Trade-off Articulation	10%	WHY Apex sharing over sharing sets (split-policy scenario). WHY Guidewire’s rating engine stays (not rebuilt in Salesforce). WHY Anypoint MQ for CAT surge (not synchronous processing)