Insurance Project Planning Checklist

Capture why the project exists in the language a steering committee will recognize: a new product line, a state expansion, a SOC 2 / NYDFS Part 500 remediation, a Guidewire migration, or an M&A integration. State drivers and disqualifying constraints up front so scope creep gets pushed back against the original mandate.

Most insurance projects fail because compliance, actuarial, or reinsurance was looped in late. Build the RACI with named individuals from underwriting, claims, IT, compliance, actuarial, reinsurance, and producer relations — not just department headers.

Charter should state in-scope lines of business, target states, effective date, target loss ratio or expense ratio impact, and explicit out-of-scope items. Attach the signed PDF — auditors and acquirers will ask for it during diligence.

Confirm an accountable executive sponsor (CUO, COO, or CIO depending on project type) and an approved capital and expense budget. Funded projects without a named sponsor stall the first time a cross-department conflict arrives.

Inventory exposures the project introduces: state filing miss, producer licensing gap, prompt-pay (e.g., Texas Chapter 542) impact, OFAC screening change, GLBA / NYDFS Part 500 NPI handling, anti-fraud plan refresh in NY/CA/FL/NJ. Distinguish project-execution risks from steady-state operational risks the project leaves behind.

Score each risk on likelihood and impact using the carrier's standard scale. NAIC Insurance Data Security Model Law and NYDFS Part 500 expect documented risk assessments — the project-level register feeds the enterprise risk program, so format consistently.

For each high or critical risk, name the control, the residual risk after the control, and the date the control becomes operational. Avoid the "monitor" cop-out — monitoring is not a mitigation.

Coordinate with regulatory affairs to set the filing sequence: priority states, expected DOI review windows (often 30–90 days in PA states), filing-fee schedule, and effective-date contingencies. Build a 60-day buffer between expected approval and the planned bind date.

Identify the named UW and claims practitioners whose time the project will consume — by line, by state, and by hours per week. SMEs are the constraint on most insurance projects, not engineers.

Plot internal hours, vendor hours, and capital spend by month against the approved budget. Flag any month where forecast burn exceeds budget so the sponsor can re-baseline before the variance reports go out.

Tie milestones to the controlling external dates: SERFF approval, reinsurance treaty inception, ACORD form release, NCCI rate effective date, or carrier bind authority effective date. Internal milestones should ladder backwards from these.

NYDFS Part 500 §500.11 vendor scope includes TPAs, claims vendors, document-destruction firms, and printers handling claim packets — anyone touching nonpublic information. A "no" here should be defensible against the §500.11 definition, not just the IT-vendor short list.

Collect the vendor's SOC 2 Type II, WISP, encryption-in-transit-and-at-rest attestation, MFA posture, and incident-notification SLA. Update the contract addendum so the carrier's 72-hour DOI notification obligation flows through to the vendor.

For each stakeholder group — sponsor, steering, line UWs, claims operations, producers, reinsurers, DOI-facing regulatory affairs — list the message frequency, channel, owner, and the decision they need to make. One-size-fits-all updates get ignored by everyone.

Internal: SharePoint, Teams, or the PMO tool. External producer-facing: agent portal bulletins, Applied Epic/AMS360 messaging, broker email blasts. Avoid mixing producer-confidential commission detail into general broker channels.

Weekly working group, biweekly sponsor, monthly steering is the typical cadence for a multi-quarter insurance project. Lock the cadence on the calendar before kickoff so it does not slip during execution.

Standard sections: RAG status, milestone burn-up, top 5 risks, decisions needed this week, blockers. Force a one-page limit — steering committees do not read multi-page narratives.