How the SSP outage had earthquake repercussions for brokers

A man staring into a stack of racks in frustration

Problems started with a power cut but left brokers offline for almost a month

It was a summer evening in late August when the lights went out for around 2000 homes in Solihull. The utilities company said it was a faulty end box that caused the outage, and all those affected had power restored by midnight.

But that small power outage caused three weeks of chaos for more than 300 brokers, leaving them unable to conduct day-to-day business. Damages ranged from tens of thousands to up to £100,000. One firm is understood to have lost £1.2m from the outage.

The root of the disruption was software house SSP, and its relatively new Pure Broking platform. Because the platform had positioned itself as a one stop shop, the outage meant brokers were unable to process renewals or take out new business. Many automatic direct debit renewals couldn't be done.

In order to avoid the prospect of hundreds of motorists driving without insurance, brokers had to work closely with insurance companies to ensure clients were on cover.

"We've been in business for 50 years and we've never known anything like it," said Ben Mott, owner of Motts Insurance Services. "We've had times when it's been difficult, but never anything like this.

"It's been chaos and has stressed us to our limits. Everything has gone back to manual and we're dealing with mountains of paper."

Richard Stevens, principal at Trelawney Insurance Services, said sentiment toward SSP in the market was at an all-time low.

"I don't think anybody ever believed that anything less than a nuclear war could have caused us to be offline for three weeks," he said. "I don't think it ever crossed anybody's mind that anyone could let you down so badly."

What went wrong?
Throughout the outage, SSP communicated with brokers by emailed updates. The company initially said a backup generator had failed to kick in when the power outage occurred. In a later update, it said the problem was due to a hardware fault in the storage area network at its Solihull data centre.

The SAN, a series of storage disks grouped into cassettes, is used to back up data. The company said it had almost completed repairing the damage to the disks "when the work was interrupted by a recurrence of the original problem".

One of the key questions repeated by brokers was over why service wasn't automatically switched to a ‘mirror' data centre as SSP has three sites. 

According to a sales blurb on SSP's website, the presence of a mirrored site "ensures speedy data recovery".

It adds: "Our disaster recovery options include the ability to copy all your data between the two data centres every fifteen minutes via a dedicated high speed connection. Each data centre acts as a backup for the other, ensuring that if one data centre is unavailable the other can take over."

During the outage, SSP admitted the Solihull data centre did not have the ability to back up data every 15 minutes. Rather it had a "more traditional daily backup". 

In comments to Post, SSP said those housed at the Solihull site didn't have the mirror facility.

One broker, who declined to be named, questioned whether it was mis-sold at the renewal stage over the 15 minute backup promise.

"Either way it has misled as the website says nothing about new customers only, and it is certainly mentioned in meetings with our development manager," he said.

Moreover, SSP said it was already in the process of moving customers to a new ‘Tier 3' data centre in Acton when the outage occurred. It added that the Solihull data centre would be decommissioned.

Within days of moving to the new centre, the first 40 of 306 brokers were back online. Other brokers were restored piecemeal throughout the week. The slow process was due to SSP "unpacking data from back-up discs, re-coupling it with application data and then reconfiguring systems for individual customers".

As of 19 September, the company declined to say whether all brokers were back online.

Data loss
Even for those that were online, there was a limited service. The Documaster system, where historic documents like claims records and official letters were stored, remained offline up until Post went to press.

In an emailed update on 15 September, SSP admitted it may not be able to restore document archives from the week prior to the outage on 26 August, at least as part of the current ‘phase' of service restoration. It said it planned a "data recovery exercise" to restore those archives. However, the company said all transactional data had been restored.

One expert with experience in systems similar to SSP's said it was difficult to see why the document records were affected.

"I'm not sure how that relates to the database, because surely you wouldn't store the documents with the SAN," they said. "If you did, you'd have performance issues. Generally you keep all your data files on separate drives.

"If it can't get the data, it's either because the backup wasn't done in place or the files were corrupt. If the files are corrupt, then there must have been a cause."

If SSP is unable to retrieve the document archives, it throws up other issues surrounding data protection. Specifically, if the data is lost, there becomes a question of who is at fault under the Data Protection Act.

Matt Hodges-Long, managing director of Continuity Partner, said it depends on who is specified on the contract as the ‘controller' of the data, and who is the ‘processor'.

"The controller is ultimately responsible for the protection of data," he said. "The processor works under the jurisdiction of the controller.

"If a customer gives their confidential data to a company, it's the company's responsibility to make sure it is looked after. If the company, a broker, decides to put that on a third-party system like SSP, it can't abdicate its responsibility. Whether that's right or not ethically is a different point, but that's what the legal position is."

A spokesman for SSP said the company was specified as the data 'processor'.

FCA involvement
A spokesman for the Financial Conduct Authority declined to comment on the issue. But on 16 September, SSP forwarded a communication from the FCA to brokers.

The communication was a warning that companies should continue to perform Cass 5 client money calculations, despite the outage. It added that if brokers were unable to perform the calculations, they should inform the FCA.

One broker, who declined to be named, said the FCA should have faith brokers were doing what they should be doing.

"When you've got two weeks of downtime, it's the least of our worries," he said. "If we can't do it, we can't do it. Our main priority is to make sure people are on cover, not reporting procedures. I just hope the FCA see a bit of sense and doesn't come down on us.

"It should instead be investigating SSP. Software is a fundamental part of what we do. Some regulations on software providers should be enforced after this. We rely on them so much to provide a service."

One accountant, with links to the FCA, confirmed it was an issue the regulator was looking into. "I wouldn't be surprised if it announces a thematic review on the issue [of regulation of software houses]," he said.

However, the idea of further regulation was not welcomed by all. Ian Summers, business development director at broker software house Sequel, said the onus should instead be on brokers.

"The regulator gets it about right in that it looks after the protection of the customer," he said. "If you regulated the software houses themselves, it would increase the burden on the regulator. The cost of supplying that software would increase, which in turn would be passed on to the end customer.

"The broker market space is already regulated, putting the emphasis on those guys to make sure their suppliers are properly diligent in their service is the right answer, rather than focus on the supplier themselves."

Compensation
SSP has offered a rebate to customers for service fees during the period Pure was offline. However, beyond that, brokers have lost thousands of pounds from turning customers away. Some brokers, unaffected by the outage, attempted to gain business from their rivals by posting on Twitter that they were open for business as usual.

The majority of brokers contacted by Post said they have yet to fully calculate the proposed losses. However, Jeff Mortonson, director at Abacus Insurance Brokers, said his accountants had put the losses at £100,000 in the 17 days he was unable to process new business.

"I'll get it back, by hook or by crook," he said. "I'm sure it won't come quietly though, there will be lots of kicking and screaming."

Contractually, it is not clear whether SSP is liable for lost business during the outage. Another broker told Post its contract says SSP is not responsible for "consequential loss".

Hodges-Long concluded it would inevitably be a question that involved lawyers. "I haven't seen the contract but I doubt it they'd get much from a standard SaaS contract," he said.

"Normally it allows a refund of fee for the period of the outage. It's unlikely the vendor would accept any liability beyond the refund of fees. But it depends on what each broker has negotiated; they may have negotiated contracts with more onerous liability clauses."

The British Insurance Brokers' Association has invited members to a roundtable with SSP officials to discuss the reasons for the outage.

Steve White, CEO of Biba said: "The meeting is to discuss a range of issues. It's not solely designed to address the issue of compensation, but it may well crop up."

SSP responds

Why wasn't service immediately transferred to a mirror site at the time of the outage?
Customers affected by the outage didn't have mirroring in place. None of the services contracted by customers supported from the Solihull centre at the time of the outage include a mirroring facility.

The service wasn't transferred immediately because our incident team, working with our suppliers, considered restoration in Solihull to be the approach that would cause the least disruption to customers. Unfortunately the persistence of issues with the storage facility meant that this was not ultimately the case.

Did backups occur?
Full backups were taken regularly within the Solihull data centre facility, and part but not all data was backed up to a secondary site.

Did you tell brokers at contract inception or renewal stage they were at a site that had a 24 hour back up, rather than at a ‘Tier 3' site as per the sales blurb on your site? There are allegations of miss-selling.
Our contractual terms and agreements vary from customer to customer depending upon the service they require and the type of support we provide. Our contracts are clear regarding service commitments.

The Solihull data centre has never been described as a Tier 3 site. We operate two Tier 3 data centres. One is in Acton, West London and the other is in Northampton in the Midlands. Prior to the power outage we were in the process of a planned migration of those brokers still hosted within our Solihull data centre to one of our new Tier 3 centres.

Why are there problems restoring document archives when the hardware fault was with the SAN. Document archives are not normally stored in the SAN.
Document archive are stored on the SAN and backed up locally and on external media. Problems were encountered restoring from back up.

SSP has given brokers the opportunity to ‘opt out' of a list it will submit to the FCA of affected brokers. How many brokers are on that list, and is it less than the 306 that were affected?
We have been collaborating and working closely with the FCA who are satisfied with the information that has been provided to them. A small number of brokers stated that they would prefer to engage with the FCA directly on the issue, so we gave all brokers the option to be included or not. The list we sent contained 305 names.

Is SSP contractually liable for lost business from brokers during the period of the outage? Or does that come under the subject of "consequential loss" as per the contract?
We do not comment on the specifics of individual customer contracts, which are confidential. Our contractual terms and agreements vary from customer to customer depending upon the service they require and the type of support we provide.

Did you tell brokers “categorically" that support for M3 would be withdrawn - all the while providing support for your largest clients like A-Plan which insisted on retaining M3?
We continue to support all our customers irrespective of which platforms they are on, and the choice of platform remains the customer’s individual decision.
SSP's strategy is to rationalise its broker product portfolio to a single platform.

Traditionally Electra M3 operated on a Unix platform that was made end of life by its provider in 2009. During 2015 SSP gave all Electra clients the opportunity to continue to use Electra M3 on a more up-to-date, fully supported, Linux platform or to migrate to SSP Pure Broking, which is SSP's strategic solution. Any formal SSP notification to clients at this time was in regard to the end of support on the Unix operating system, rather than the Electra M3 platform. Whilst a number of clients elected to migrate to the Linux platform most opted to migrate to SSP Pure Broking and their choice will have been down to their individual circumstances. In some instances, Electra clients may have been using server hardware that was between 10 and 15 years old and, therefore, specific conversations will have taken place about upgrading or moving to SSP Pure Broking.

Teething problems
SSP began to migrate its users on the older Electra M3 system to Pure some years ago. Mott said his company was told in June 2014 that support for M3 may be withdrawn by July the following year.

"We were categorically told M3 was being phased out, and if we didn't move we'd have to find another software provider," he said.

"It told us we were one of the last brokers on M3. The whole process was rushed, we weren't ready for it. And I don't think Pure was ready for us.

"M3 was a good system, it sat in the background and did its job. With this new Pure system, just simple things like trying to do monthly reports became a nightmare. We were working in the dark for about six months.

"We appreciate that technology changes, so we had no problem with moving to the new system. But my opinion is that it was brought to market only half finished."

One of SSP's largest clients, A-Plan is still on the original M3 system. Carl Shuker, CEO of A-Plan said it was the right decision, not to have moved to Pure.

"We've talked about Pure but we weren't persuaded," he said. "The whole thing is pretty dreadful for the brokers affected."

He said as far as he knew, SSP had continued to support the platform.

For Mott, this doesn't seem fair. "A-Plan is one of SSP's largest users," he said. "SSP let it stay on M3 indefinitely, which is a bit of a kick in the teeth for the rest of us."

Long term damage
What is clear from the outage is that SSP is unlikely to emerge with its reputation fully intact. Many brokers, like Bollington that were already in the process of transitioning certain lines of the business to rival software house Transactor have begun to look at whether other lines should also be moved over.

"The plan was we were going to move our wheels-based stuff onto Transactor and then have a discussion about the commercial side next," said Rob Applin, operations director at Bollington.

"This type of incident makes it easier to have that sort of conversation."

Stevens was even more scathing: "I'm sure a lot of brokers will want to extricate themselves from SSP. Not so much because of the outage but because of the pathetic way it has handled it."

JOIN THE DEBATE, CICK HERE FOR DETAILS OF THE POST DIGITAL INSURANCE WORLD AT THE BUSINESS DESIGN CENTRE, LONDON, ON THE 18TH OCTOBER

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@postonline.co.uk or view our subscription options here: http://subscriptions.postonline.co.uk/subscribe

You are currently unable to copy this content. Please contact info@postonline.co.uk to find out more.

Q&A: Simon Axon, Teradata

Simon Axon, global financial services industry director at Teradata, explains how general insurance providers are lagging behind banks in making the most of their data and why Amazon’s style of operating should inspire boards to back investment in digital transformation.

Most read articles loading...

You need to sign in to use this feature. If you don’t have an Insurance Post account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here