Skip to content
theCodeFlash

Scenario 07: TrustShield Insurance

Work in Progress

This content is currently being reviewed for accuracy and will be updated soon.

Scenario Snapshot

FieldDetail
Start hereThis question page
DifficultyMedium
IndustryInsurance (Property and Casualty)
Heavy domainsSecurity and Integration
Recommended prep window180 minutes total: 120 min preparation + 30 min presentation + 30 min Q&A
Coverage availableQuestion + Solution
Study flowAttempt this page first, then review the sibling solution page after your own attempt.

Recommended Approach

Print this scenario. Read it twice using the Two-Pass Reading Method once for understanding and once for implicit requirements. Use the full 120-minute prep window: ~40 minutes to read and extract requirements, ~40 minutes to design your architecture, and ~40 minutes to build your artifact sketches and presentation flow.

Project Overview

TrustShield Insurance is a regional property and casualty (P&C) agency licensed and operating exclusively in Colorado. The agency distributes personal and commercial lines policies through a network of independent agents. TrustShield does not underwrite its own risk; it acts as a licensed agency placing business with two carrier partners: Horizon P&C (the primary carrier) and Summit Re (a second carrier added 18 months ago for commercial lines).

AttributeDetail
Employees85 (38 internal agents, 24 customer service reps, 12 ops/admin, 11 management)
Independent agents62 (38 captive + 24 fully independent, all 1099 contractors)
Active policyholders~18,500
Active policies~24,000 (some policyholders hold both home and auto)
Annual premium volume$42M gross written premium
Claims handled per year~3,200 (first notice only; adjusting is handled by carriers)

The CEO has secured a $1.4M budget for an 18-month transformation covering agent workflow digitization, carrier integration, and a document management overhaul. The Colorado Division of Insurance (DOI) compliance program is already on TrustShield’s roadmap as a standalone workstream.

Stakeholder Quotes

Sarah Okonkwo, CEO: “We need our agents to stop calling our ops team every time they want a quote. The carrier systems are capable; we just have no good way to talk to them. I want agents submitting applications and seeing policy status without picking up the phone. That is the core of what we are buying.”

Marcus Webb, VP of Distribution and Agency Relations: “Most of my agents are 1099. They did not sign up to learn new software. If the new system adds steps to their day, they will route around it. The tool has to make the quote-to-bind cycle faster, not just different. And I need to see production by agent: who is writing, who is renewing, who is lapsing. Right now I pull that from a spreadsheet.”

Diane Flores, Claims Director: “We handle first notice only. The real problem is we have no consistent record of what was reported, by whom, and when. Carriers come back to us with discrepancies and we cannot defend our position. I need a logged trail of every FNOL interaction: what the policyholder said, when we called the carrier, what the carrier reference number was.”

Carlos Ibarra, Compliance Officer: “Colorado DOI expects us to demonstrate controls around agent licensing and appointment status. We had one agent writing policies for two weeks after their license lapsed. We caught it ourselves, but a DOI examiner could have found it first. That cannot happen again. Every policy must be tied to an agent with a valid, current Colorado license.”

Current Systems

AMS360 (Agency Management System, cloud): Current system of record for policies, policyholders, agents, and commissions. Integration with carriers is manual: staff export CSV files and upload to carrier portals. No API layer exposed by TrustShield’s instance. 6 years of policy history.

Horizon P&C (primary carrier, SOAP API): Policy administration system for personal lines (home, auto, renters) and small commercial. Supports quoting, binding, endorsements, renewals, and cancellations via a SOAP/XML web service. Response time: 1.5-4 seconds per call depending on operation. Batch feed for nightly policy status sync available via SFTP.

Summit Re (commercial lines carrier, REST API): Newer carrier added 18 months ago for commercial lines only (BOP, GL, commercial auto). REST/JSON API. Supports quoting and status retrieval. Binding currently requires a manual web portal step; API binding is on Summit Re’s roadmap for Q3 next year.

DocuWare (document management, REST API): On-premise document storage for policy declarations, endorsement confirmations, FNOL reports, agent agreements, and compliance filings. 8 years of documents (~140,000 files). REST API with OAuth 2.0. Contract renewal decision due in 14 months.

Spreadsheets and email: Agent onboarding, commission statements, production tracking, and compliance monitoring are all managed manually across shared spreadsheets and email threads. No single source of truth for agent licensing status.

Business Requirements

Agent Data Security and Book-of-Business Sharing

  1. Each agent must see only the policyholders and policies in their own book of business. An agent must not be able to view, search for, or accidentally access another agent’s policyholders or policies through list views, reports, or search.

  2. A policyholder may hold policies through more than one agent (for example, an auto policy through Agent A and a homeowners policy through Agent B). Each agent sees only the policy they wrote. Neither agent sees the other’s policy on the same policyholder record. This split-policy constraint must hold across all access paths including related lists, global search, and reports.

  3. Agency principals (owners or designated managers of agencies that have multiple agents under their umbrella) must see the combined book of all agents in their agency (including policies and commission data) without seeing policies from agents outside their agency.

  4. TrustShield internal customer service reps must see all policyholders and policies to support inbound calls from any customer. They must not be able to edit policy records; read-only access for service purposes only.

  5. Operations and management staff see all records. Agents do not see management dashboards or production reporting beyond their own metrics.

  6. The compliance officer needs read-only access to all agent records, license status, appointment records, and audit logs. This access must itself be auditable.

  7. All record access by any user must be logged in a way that satisfies a DOI examiner requesting an access log for a specific policy or policyholder over a defined time range.

Integration Architecture

  1. TrustShield must connect to Horizon P&C’s SOAP API to submit quote requests, retrieve quote results, bind policies, submit endorsement requests, and retrieve policy status. The integration must handle the 1.5-4 second response window without degrading the agent experience.

  2. The Horizon SOAP API uses WSDL-defined message schemas. TrustShield’s platform must map its internal data model to those schemas without requiring agents to learn carrier-specific field names. Field mapping must be configurable by ops staff without a code deployment.

  3. Horizon P&C provides a nightly SFTP batch file of all policy statuses and premium updates. This file must be processed each night and used to update policy records in Salesforce (additions, modifications, and cancellations), with a reconciliation report flagging records that could not be matched.

  4. TrustShield must connect to Summit Re’s REST API to submit commercial line quote requests and retrieve quote results. Because Summit Re API binding is not yet available, the system must present a clear handoff to the Summit Re web portal for the binding step, with a status record created in Salesforce to track pending binds.

  5. All carrier API calls (request payload, response payload, timestamp, HTTP status, carrier reference number, and initiating user) must be logged in Salesforce for a minimum of 7 years to support DOI examination and E&O (errors and omissions) defense.

  6. TrustShield must connect to DocuWare via its REST API to retrieve policy documents, FNOL reports, and agent agreements on demand and attach them to the relevant Salesforce records. New documents generated through Salesforce workflows (e.g., FNOL reports) must be pushed to DocuWare and the resulting DocuWare document ID stored on the Salesforce record.

  7. DocuWare API calls must not block the agent UI. Document retrieval must be asynchronous: agents see a loading state and receive a notification when the document is ready.

  8. TrustShield must maintain a fallback path for each carrier integration. If the Horizon SOAP endpoint is unavailable, agents must receive a clear error message and the request must be queued for retry. Operations must be notified of integration failures within 5 minutes.

  9. The integration layer must be able to accommodate a third carrier in the future without requiring a re-architecture. The carrier connectivity model should be abstracted so that adding a new carrier is a configuration task, not an engineering project.

Agent Experience and Onboarding

  1. Agents must be able to initiate a quote for home, auto, renters, or small commercial lines from within Salesforce, see the carrier response in context, and progress to bind, or save the quote for follow-up, without leaving the platform.

  2. Each agent’s home page must show their active book of business: policy count, total premium in force, upcoming renewals (next 60 days), open FNOL submissions, and commission earned year-to-date. This view must be personalized and show only their data.

  3. Agent onboarding currently takes 19 days. The target is 7 days. Onboarding must include: license verification against the Colorado Division of Insurance license lookup, appointment filing confirmation with Horizon P&C, digital signature of the agent agreement, DocuWare storage of the signed agreement, and Salesforce profile provisioning. These steps must be tracked as a checklist with owner and due date for each item.

  4. When an agent’s Colorado license is within 60 days of expiration, the compliance officer and the agent’s agency principal must receive an automated alert. If the license expires without renewal, the agent’s ability to submit new quotes must be suspended automatically until the license is confirmed renewed.

  5. Agents must be able to view their own commission statements by month and year, see the policies contributing to each statement, and download a PDF version. They must not see another agent’s commission data.

  6. Independent agents (1099 contractors) access Salesforce through Experience Cloud. Their access profile must be distinct from internal employee access: they see no internal TrustShield operational records, pipeline views, or staff-facing dashboards.

Claims and First Notice of Loss

  1. When a policyholder reports a claim, the agent or customer service rep must record structured FNOL data: policyholder identity, policy number, date and time of loss, type of loss, brief description, and contact information. The FNOL record must be linked to the policy and the policyholder.

  2. The system must identify the carrier for the policy and generate a carrier-specific FNOL notification. For Horizon P&C, this notification must be transmitted via the SOAP API. For Summit Re, the current path is an email notification to a designated Summit Re inbox (API FNOL is out of scope for Phase 1).

  3. Every FNOL record must capture the carrier’s acknowledgment reference number, the timestamp of first contact with the carrier, and the name of the TrustShield representative who made the contact.

  4. Claims Director needs a daily report of all open FNOLs, carrier acknowledgment status, and any FNOLs more than 24 hours old without a carrier reference number.

  5. Policyholders must receive an email confirmation within one hour of FNOL submission, containing the carrier reference number and the name of their TrustShield contact. This must be automated with no manual step for the CSR.

Compliance and Audit

  1. Every agent record must carry a current Colorado DOI license number, license type, expiration date, and appointment status with each carrier. This data must be visible to the compliance officer and agency principals, and must be the source of truth used by the license-expiry alert (BR-20).

  2. TrustShield must maintain an appointment record for each agent-carrier combination, showing appointment effective date, status (active, pending, terminated), and the date of last status confirmation. Horizon P&C appointments must be confirmable via a manual import from a Horizon-provided roster file. Summit Re appointments are tracked manually.

  3. The compliance officer must be able to generate a DOI-ready report showing, for any given date range: all policies written, the writing agent, agent license status at time of writing, and the carrier. This report must be exportable as CSV or PDF.

  4. All changes to agent license records, appointment records, or compliance flags must be logged with the editing user, timestamp, previous value, and new value. This log must be immutable: no user may edit or delete a log entry.

  5. If a policy is submitted through the carrier API while the writing agent’s license status in Salesforce is marked as expired or pending renewal, the submission must be blocked and a compliance alert created for the compliance officer.

  6. The Colorado DOI may request access to TrustShield’s Salesforce environment for examination purposes. The compliance officer must be able to provision a time-limited, read-only user for a DOI examiner that expires automatically after the examination window (typically 30-90 days). The examiner’s access must itself be logged.

Constraints

  • Budget is $1.4M total over 18 months. No contingency has been identified. Change orders will require CEO approval.
  • TrustShield has no in-house Salesforce developers. The build will be done by a selected SI partner. Post-go-live, a single Salesforce admin (to be hired) will own the platform.
  • Summit Re API binding is not available in Phase 1. The architecture must not assume it.
  • DocuWare is under a contract renewal decision in 14 months. The architecture must not create an irreversible dependency on DocuWare; document retrieval and storage must be abstracted enough to swap the document management system if the contract is not renewed.
  • The Horizon SOAP API does not support OAuth. It uses username/password authentication with a static IP allowlist. Credentials are managed by Horizon and rotated annually.
  • All data must remain in the United States. No cross-border data transfer is permitted under TrustShield’s carrier agreements.
  • The Colorado DOI examination cadence is every 3-5 years, but TrustShield must be audit-ready at all times, not just during an active examination.

Implicit Requirements

Before designing, think through: What does the split-policy requirement mean for the Salesforce sharing model? Can it be solved with standard role hierarchy alone, or is criteria-based sharing needed? What does 62 independent agents on Experience Cloud mean for licensing math and profile design? How does the Horizon SOAP integration interact with Salesforce’s callout limits and governor limits? What is the right pattern for synchronous vs. asynchronous calls? The nightly SFTP batch from Horizon: what does “reconciliation” require from a data model standpoint? If DocuWare is replaced in 14 months, what abstraction layer prevents a re-build? What does the compliance officer’s “time-limited DOI examiner access” requirement imply for user provisioning? Can standard Salesforce user management satisfy this, or is there a custom automation needed? What does the license-expiry block on quote submission imply for the integration layer? Where does that check live? The agent commission PDF download requirement: where is the data sourced, and what does that mean for the data model and document generation approach?

Deliverables Checklist

When you present your solution, it should include:

  • Sharing model design: book-of-business isolation, split-policy solution, agency principal access, CSR read-only, Experience Cloud agent profiles
  • Integration architecture diagram: Horizon SOAP, Summit Re REST, DocuWare REST (patterns for each, async vs. synchronous decisions)
  • Carrier abstraction layer design: how a third carrier would be added without re-architecture
  • FNOL process flow: data capture, carrier notification, policyholder confirmation, audit trail
  • Agent onboarding workflow: steps, owners, license check, DocuWare storage, profile provisioning
  • Compliance and audit design: license-expiry alerts, submission block, immutable audit log, DOI examiner provisioning
  • Data model sketch: key objects (Policy, Policyholder, Agent, Carrier, FNOL, Commission, Document) and their relationships
  • Environment and deployment strategy: given a single admin post-go-live and a 18-month build window
  • Licensing recommendation: internal users, Experience Cloud agents, integration users

Time Management: 180-Minute Practice Session

Prep, first 40 min: Read the scenario twice. First pass for full understanding. Second pass to annotate implicit requirements. Capture your key architecture decisions and trade-offs before sketching. Focus on the split-policy sharing constraint and the carrier abstraction requirement.

Prep, middle 40 min: Design your architecture. Prioritize the sharing model and integration layer. These are the two axes this scenario tests most directly. Note where you are making assumptions and what you would validate with the client.

Prep, final 40 min: Sketch your artifacts: a sharing model diagram, an integration architecture diagram, a data model sketch, and a compliance/audit process flow. Use the extra time to prepare your narrative for the presentation.

Presentation (30 min): Lead with the sharing model and the carrier integration architecture. Then cover agent onboarding workflow, FNOL process, and compliance design. Practice narrating your decisions as if presenting to a review board.

Q&A (30 min): Expect probing on the split-policy sharing constraint, how the Horizon SOAP integration handles governor limits, what happens if DocuWare is not renewed, and how the compliance officer provisions a time-limited DOI examiner account.

Ready to Check?

When you have completed your own solution, compare with the reference solution.

Always verify against official Salesforce documentation

This content is study material for CTA exam preparation. Content compiled and presented with AI assistance. Not affiliated with Salesforce.

Personal study notes for the Salesforce CTA exam. Content compiled from VJ's study notes, official Salesforce documentation, community sources, and online publicly available content, then organized and presented with AI assistance. Not affiliated with Salesforce. © 2025–2026 VJ Srivastava.