Solution 06: SureGuard Insurance Group

AI-Generated Content — Use for Reference Only

This content is AI-generated and has only been validated by AI review processes. It has NOT been reviewed or validated by certified Salesforce CTAs or human subject matter experts. Do not rely on this content as authoritative or completely accurate. Use it solely as a reference point for your own study and preparation. Always verify architectural recommendations against official Salesforce documentation.

Worked Solution

This is a reference solution for Scenario 06: SureGuard Insurance Group. Attempt the scenario paper first before reviewing. Use the 9 Essential Artifacts and Five-Finger Method as your framework.

Assumptions

MuleSoft Anypoint as enterprise middleware given 7+ integration endpoints with mixed API styles
Financial Services Cloud (FSC) as the Salesforce edition with insurance-specific data model
Experience Cloud for agent portal (Phase 1) and policyholder self-service (Phase 2)
Guidewire PolicyCenter and ClaimCenter remain systems of record for policy and claims data
IBM FileNet remains document repository through 2028; Salesforce surfaces documents via API
COBOL billing system will not be replaced; integration must accommodate its limitations

Key Architectural Decisions

Decision: OWD Private on Policy, Claim, and Commission objects. Apex managed sharing grants each agent visibility to only their written policies.

I chose Apex managed sharing because the same policyholder can have policies through different agents. Agent A must see the homeowners policy they wrote but NOT the auto policy Agent B wrote for the same person. Sharing sets cannot express this — they share all child records under an Account, which would leak cross-agent policies. Criteria-based sharing rules also cannot handle the dynamic agent-to-policy assignment.

Agency principal hierarchy: Principals see all policies under their agency via Role Hierarchy. Agents sit below the agency role; Apex sharing at the agent level rolls up visibility to the principal automatically.

Critical Security Detail

The split-policy scenario is the #1 trap. Any sharing model that ties visibility to the policyholder Account rather than the individual Policy record will fail the security requirement. Apex managed sharing on Policy with the writing agent as share recipient is the only correct pattern.

Decision: Criteria-based sharing rules match Claim.Territory__c to adjuster territory assignments. During catastrophe events, a Flow-triggered “CAT Surge” process temporarily expands adjuster territories.

Territory__c is populated during FNOL based on loss location ZIP. The 6 regional adjuster teams map to 6 territory groups. During a CAT event (5,000-8,000 claims in 48 hours), MuleSoft queues buffer inbound FNOL, auto-assignment distributes claims by adjuster capacity (Claims_Open_Count rollup), and a pre-built screen Flow lets claims managers activate surge in under 2 minutes. A scheduled job removes temporary assignments when the CAT event closes.

AD-3: MuleSoft with Pattern-Per-Endpoint + Guidewire Bidirectional Sync

Decision: MuleSoft Anypoint as the single integration hub for 7+ systems. Each Guidewire flow uses the pattern matching its SLA.

Flow	Pattern	SLA
FNOL submission	Synchronous API	Real-time
Policy status sync	Near-real-time (event-driven via MuleSoft bridge)	15 minutes
Renewal processing	Batch	Nightly
Reserve amounts	Batch (field-level security: internal only)	Daily

MuleSoft handles all API styles (Guidewire SOAP/REST, billing REST + SFTP, LexisNexis/ISO/OFAC sync REST) through a single governance layer. The COBOL billing system’s batch/SFTP interface specifically requires middleware translation Salesforce cannot do natively. The API abstraction layer isolates Guidewire-facing APIs from Salesforce-facing APIs, reducing change propagation.

AD-4: LexisNexis 90-Day TTL with FCRA Compliance

Decision: Dedicated LexisNexis_Report__c object with automated 90-day purge, FLS restricted to Underwriter profiles, and Shield Platform Encryption.

Nightly scheduled Apex deletes records > 90 days followed by Database.emptyRecycleBin() to permanently remove them (Recycle Bin retention would otherwise violate FCRA limits). OWD Private, FLS Read access only for Underwriter/Senior Underwriter profiles, Event Monitoring logs every access for FCRA audit. Object excluded from all agent/policyholder report types.

Critical Diagrams

graph TB
    subgraph Roles["Role Hierarchy"]
        CEO[CEO/COO]
        VP_D[VP Distribution]
        VP_C[VP Claims]
        VP_U[VP Underwriting]
        RSM[Regional Sales Mgrs]
        CM[Claims Mgrs x6]
        ADJ[Adjusters x145]
        UW[Underwriters x42]
        CEO --> VP_D & VP_C & VP_U
        VP_D --> RSM
        VP_C --> CM --> ADJ
        VP_U --> UW
    end

    subgraph Ext["Experience Cloud"]
        AP[Agency Principal]
        AG[Agent]
        AP --> AG
    end

    subgraph Rules["Sharing Mechanisms"]
        S1["Policy: OWD Private + Apex Share → writing agent"]
        S2["Claim: OWD Private + Criteria Share → territory adjuster"]
        S3["LexisNexis: OWD Private + FLS → Underwriter only"]
    end

    AG -.->|"Apex managed share"| S1
    AP -.->|"Role hierarchy rollup"| S1
    ADJ -.->|"Criteria sharing rule"| S2
    UW -.->|"FLS on profile"| S3

Integration Architecture (7+ Systems)

graph LR
    subgraph Legend
        direction LR
        NEW["🟢 NEW - Being Built"]
        KEEP["⚪ KEEPING - No Changes"]
        RETIRE["🔴 RETIRING - Decommissioning"]
        INTL["🟠 INTEGRATION LAYER"]
    end

    subgraph SF["Salesforce FSC"]
        POL[Policies]
        CLM[Claims]
        QT[Quoting]
    end

    subgraph MS["MuleSoft Anypoint"]
        GW[Guidewire Layer<br/>SOAP + REST]
        BL[Billing Layer<br/>REST + SFTP]
        EX[External Services<br/>ISO / LexisNexis / OFAC]
        MQ[Anypoint MQ<br/>CAT Buffer]
    end

    GW_SYS[Guidewire<br/>PolicyCenter + ClaimCenter]
    BILL[COBOL Billing]
    FN[IBM FileNet<br/>28M docs]

    POL & CLM <-->|"REST/SOAP real-time + batch nightly"| GW -->|"SOAP + REST sync"| GW_SYS
    QT -->|"REST sync rating request"| EX
    POL -->|"SFTP batch nightly"| BL -->|"SFTP batch"| BILL
    SF <-->|"REST on-demand doc retrieval"| GW
    GW <-->|"REST on-demand"| FN
    MQ -.->|"Async surge buffer"| GW

    style POL fill:#cce5ff,stroke:#0d6efd
    style CLM fill:#cce5ff,stroke:#0d6efd
    style QT fill:#cce5ff,stroke:#0d6efd
    style GW fill:#fff3cd,stroke:#fd7e14
    style BL fill:#fff3cd,stroke:#fd7e14
    style EX fill:#fff3cd,stroke:#fd7e14
    style MQ fill:#fff3cd,stroke:#fd7e14
    style GW_SYS fill:#e9ecef,stroke:#6c757d
    style BILL fill:#f8d7da,stroke:#dc3545,stroke-dasharray: 5 5
    style FN fill:#f8d7da,stroke:#dc3545,stroke-dasharray: 5 5

Identity & SSO Flow

sequenceDiagram
    participant User as Internal User<br/>(Adjuster / Underwriter)
    participant Browser as Browser
    participant AD as Active Directory<br/>(On-Premise AD + ADFS)
    participant SF as Salesforce FSC

    User->>Browser: Navigate to Salesforce
    Browser->>AD: Redirect (SP-initiated SSO)
    AD->>AD: Authenticate (MFA via RSA SecurID)
    AD->>Browser: SAML 2.0 Assertion
    Browser->>SF: POST SAML to ACS URL
    SF->>SF: Match Federation ID → User record
    SF->>Browser: Session Cookie + Redirect

sequenceDiagram
    participant Agent as Insurance Agent<br/>(3,500 independent)
    participant Browser as Browser
    participant SF as Salesforce<br/>(Experience Cloud)

    Agent->>Browser: Navigate to Agent Portal
    Browser->>SF: Login page (Experience Cloud)
    SF->>SF: Username/Password + MFA (TOTP App)
    SF->>Browser: Session Cookie + Portal Home

sequenceDiagram
    participant PH as Policyholder<br/>(Phase 2 — 850K)
    participant Browser as Browser
    participant SF as Salesforce<br/>(Experience Cloud)

    PH->>Browser: Navigate to Self-Service Portal
    Browser->>SF: Login page
    SF->>SF: Email/Password + MFA (Email OTP)
    SF->>Browser: Session Cookie + Policyholder Dashboard

Internal users (1,200): SAML 2.0 SP-initiated SSO with on-premise Active Directory via AD FS. Insurance companies typically maintain on-premise AD for regulatory compliance and established identity infrastructure. MFA via RSA SecurID (common in financial services). Federation ID mapped to employee ID.

Independent agents (3,500): Experience Cloud native login with TOTP-based MFA (authenticator app). Agents are independent contractors — no shared corporate IdP. Self-registration tied to the agent onboarding workflow (automated license verification via NIPR, appointment filing, territory assignment, then portal provisioning). Agency principals get the same login flow with elevated role.

Policyholders (850K, Phase 2): Experience Cloud Customer portal with email/password + email OTP for MFA. Low-friction authentication appropriate for consumer self-service. Identity verification during registration ties to PolicyCenter policyholder record via policy number + DOB + ZIP.

Integration Error Handling

Integration	Pattern	Retry Strategy	Dead Letter Queue	Monitoring	Fallback
Guidewire FNOL Submission	Sync REST	3 retries: 1s, 5s, 30s backoff	Failed FNOLs → Anypoint MQ DLQ → `FNOL_Error__c`	Alert on > 3 failures/min; PagerDuty to claims ops	FNOL saved in Salesforce with “Pending ClaimCenter” status; batch retry every 15 min
Guidewire Policy Sync (event-driven)	Near-real-time (< 15 min)	Auto-retry on next event cycle; 3 retries per event	Unprocessed policy events → Anypoint MQ DLQ	Alert if policy sync lag > 30 min; dashboard monitor on queue depth	Stale policy data displayed with “last synced” timestamp; agent can request manual refresh
Guidewire Renewal Processing	Batch nightly	Full batch re-run on systemic failure; record-level retry for individual errors	Failed renewals → `Renewal_Sync_Error__c` with policy ID + error	Morning reconciliation report; alert if > 1% error rate	Renewals processed in next nightly cycle; agent notification delayed by 24 hrs
COBOL Billing (SFTP batch)	Batch nightly SFTP	File re-send on transfer failure; record-level error logging	Failed billing records → error file on SFTP landing zone	Alert on missing file by 6 AM; reconciliation count mismatch alert	Previous day’s billing data displayed; manual billing lookup via mainframe terminal
ISO/ACORD Rating (sync)	Sync REST (800ms each, 2-4 calls/quote)	2 retries: 500ms, 2s backoff (tight SLA)	N/A (stateless query)	Alert on > 2s average latency; circuit breaker at 5s	Quote flagged “manual rate required”; underwriter completes rating offline
LexisNexis (sync)	Sync REST (1.2s response)	2 retries: 1s, 3s backoff	N/A (FCRA prohibits storing failed requests)	Alert on > 3s latency; access audit log for FCRA	Underwriter notified “report unavailable”; manual LexisNexis portal lookup
OFAC Screening	Sync REST (pre-bind)	3 retries: 1s, 5s, 30s backoff	Failed screens → `OFAC_Pending__c` (blocks binding)	Alert on any failure; compliance team notified	Policy CANNOT bind until OFAC clears; hard block with compliance escalation
IBM FileNet (doc retrieval)	On-demand REST	3 retries: 1s, 5s, 30s backoff	N/A (on-demand query)	Alert on > 5s average retrieval time	”Document temporarily unavailable” message; retry button; FileNet direct URL fallback

CAT Event Error Handling

During catastrophe events (5,000-8,000 claims in 48 hours), the Anypoint MQ buffer absorbs FNOL spikes. If ClaimCenter becomes slow or unavailable, the queue grows but no FNOLs are lost. Agents see a “Claim Received” confirmation immediately from Salesforce. MuleSoft workers auto-scale to process the backlog when ClaimCenter recovers. A dedicated CAT monitoring dashboard shows queue depth, processing rate, and estimated time to clear.

Requirements Addressed

Agent book-of-business isolation — Apex managed sharing on Policy tied to writing agent; split-policy safe (Reqs 23, 24)
Agent self-service portal — Experience Cloud Partner with quoting, binding, FNOL, endorsements (Reqs 1, 2, 7, 8)
CAT surge capacity — Anypoint MQ buffer + Flow-driven territory expansion + auto-assignment by caseload (Reqs 11, 9)
Guidewire bidirectional sync — Pattern-per-SLA: real-time FNOL, 15-min policy, nightly renewals/reserves (Reqs 18, 19)
LexisNexis FCRA compliance — 90-day TTL with automated purge, FLS restricted to underwriters, Shield Encryption (Req 28)
Underwriter workbench — Consolidated view with tiered authority and auto-escalation (Reqs 14, 15)
NAIC compliance — Event Monitoring, Shield Encryption, incident response plan, annual risk assessment (Req 27)
State-specific configuration — Custom Metadata Types for 22-state variations, maintainable without deployments (Req 22)

Governance & DevOps

flowchart LR
    DEV1[Developer Sandbox x3<br/>Hartford Team] --> INT[Integration Test<br/>Partial Copy<br/>Guidewire Test Instance]
    DEV2[Developer Sandbox x2<br/>Contractors] --> INT
    HF[Hotfix Sandbox<br/>Developer Pro] --> INT
    INT --> UAT[UAT — Full Copy<br/>Anonymized Production Data]
    UAT --> PROD[Production]
    TRAIN[Training — Partial Copy<br/>Anonymized Data] -.-> |"Refresh quarterly"| UAT

Branching Strategy

Main + develop + feature branches suited to the 12-person team with monthly release cadence.

main — production-ready, protected branch. All deployments cut from here.
develop — integration branch. Feature branches merge here first.
feature/* — short-lived branches per user story (max 2 weeks). Separate tracks for agent portal features vs. integration work.
hotfix/* — emergency fixes for regulatory mandates (30-60 day DOI deadlines). Cherry-picked to main and back-merged to develop.
release/* — monthly release stabilization branch. Created 1 week before production deployment.

Sandbox Strategy

Sandbox Type	Count	Purpose
Developer	5	3 for Hartford FTEs, 2 for contractors. Individual development.
Developer Pro	1	Hotfix environment for emergency regulatory changes (30-60 day DOI mandates).
Partial Copy	2	1 for integration testing (connected to Guidewire test instance), 1 for compliance training with anonymized data.
Full Copy	1	UAT with anonymized production data. All PII masked per NAIC requirements. Refreshed monthly before each release.

Data Anonymization Requirement

NAIC Insurance Data Security Model Law requires all production data in non-production environments to be anonymized. The Full Copy UAT sandbox uses a post-refresh anonymization script that masks policyholder names, SSNs, addresses, and policy numbers while preserving data relationships for testing. LexisNexis data is excluded entirely from sandbox refreshes.

Testing Strategy

Regulatory compliance gates are mandatory before every production deployment.

Apex unit tests: >80% coverage. All Guidewire callout classes use HttpCalloutMock with SOAP and REST response payloads. Apex managed sharing logic has dedicated test classes verifying split-policy isolation.
Integration testing: End-to-end FNOL submission against Guidewire test instance. Policy sync latency validation (< 15 min). COBOL SFTP file format validation with known-good test files.
PII data masking verification: Automated scan of all sandbox environments confirming no unmasked PII in non-production. Run after every sandbox refresh.
FCRA compliance testing: Verify LexisNexis 90-day purge job operates correctly. Confirm FLS prevents agent/policyholder access. Validate audit trail captures every access event.
CAT surge simulation: Load test simulating 5,000 FNOLs in 48 hours against Anypoint MQ. Verify queue processing, auto-scaling, and ClaimCenter bulk create API performance.
UAT: 2-week cycle with claims managers, underwriting leads, and agent advisory council. State-specific workflows tested for all 22 states.
Regression: Automated tests for agent portal quoting/binding flows, FNOL submission, and endorsement processing. Run on every deployment to integration and UAT.

CoE / Governance

IT Director serves as platform owner with a dedicated Salesforce team of 6 FTEs.

Post-go-live ownership: 2 admins + 2 developers for platform maintenance. 2 integration developers maintain MuleSoft Guidewire/billing connectors.
Change management: All production deployments require IT Director + VP sign-off (Req 35). Monthly release cadence with 24-hour hotfix capability for critical issues.
Regulatory change process: DOI mandates (30-60 day deadlines) use the hotfix branch and dedicated Developer Pro sandbox. Bypass standard release cycle with expedited IT Director approval. State-specific configurations via Custom Metadata Types can deploy without a full release.
Release cadence: Monthly production releases. Regulatory hotfixes as needed (average 3-4/year). Experience Cloud agent portal updates deployed independently.
Compliance audit: Quarterly internal audit of Event Monitoring logs, Shield Encryption key rotation, FCRA purge job execution, and NAIC incident response plan review.

Risk Assessment

Risk	Likelihood	Impact	Mitigation
CAT event overwhelms FNOL integration (5-8K claims/48 hrs)	Medium	Critical	Anypoint MQ buffering; pre-scaled workers; ClaimCenter bulk create API
Apex sharing performance at scale (3,500 agents x ~600 policies)	Medium	High	Batch recalculation during territory realignment; monitor Sharing Row count; archive shares after 7-year retention
COBOL billing system failure (2 devs near retirement)	High	Critical	Document all SFTP formats now; MuleSoft abstraction layer enables billing system swap without Salesforce changes
LexisNexis purge job failure exposes FCRA violation	Low	Critical	Dual safeguard: scheduled Apex + weekly audit flagging records > 85 days; automated compliance alert at 88 days

Domain Scoring Notes

D2 Security (HEAVY): Make-or-break domain. Explain why sharing sets fail (share all Account children) and why Apex managed sharing is required (record-level share tied to writing agent). Agency principal hierarchy must be clear. FLS for reserves (internal only), LexisNexis (underwriter only), medical records (assigned adjuster + medical review). NAIC compliance: incident response plan, annual risk assessment, Event Monitoring, Shield Encryption for PHI/FCRA.

D5 Integration (HEAVY): Clear middleware justification for 7+ systems with mixed API styles. Each endpoint needs a named pattern with specific SLA. FNOL sequence diagram must show synchronous round-trip. COBOL SFTP acknowledged as a constraint. CAT surge handling via Anypoint MQ buffer is the key pattern.

D1 System Architecture (MEDIUM): FSC for 1,200 internal users, Experience Cloud Partner for 3,500 agents, Experience Cloud Customer (Phase 2) for 850K policyholders. Community Plus vs basic license justification needed. Mobile for top 200 agents with offline FNOL.

D4 Solution Architecture (MEDIUM): Use Guidewire’s rating engine via API — do NOT rebuild in Salesforce. State-specific configs (22 states) via Custom Metadata Types maintainable without deployments.

What Would Fail

Using sharing sets for agent book-of-business. Most common mistake. Sharing sets share all records related to an Account. When policyholder Jane has policies through two agents, both get access to both. The solution requires Apex managed sharing on Policy tied to the writing Agent. Miss this, and judges fail you on Security.

Building a rating engine in Salesforce. Guidewire already has a mature rating engine with ISO tables. Rebuilding is a multi-year project. Call PolicyCenter’s rating API synchronously via MuleSoft. Salesforce is the engagement layer, Guidewire is the calculation layer.

Ignoring the CAT event surge. If the architecture cannot handle 5,000-8,000 claims in 48 hours, you have missed a critical requirement. Anypoint MQ buffering with auto-scaling is the answer. Judges will ask: “What happens when ClaimCenter is slow?” Answer: claims queue in Anypoint MQ; agent sees a received confirmation; claim number delivered via notification once processed.