The Challenge
iCARE operates in workers compensation insurance, a business that constantly exchanges documents and information with parties outside its own walls: providers, partners, and other stakeholders involved in claims and cases. Sending that material by email is insecure and impossible to control once it leaves; giving external people broad access to internal systems is worse. iCARE needed a controlled middle ground: a place where specific external users could access exactly the content meant for them, and nothing else, with the security and auditability an insurer requires. Getting external access wrong in an insurance setting risks exposing sensitive personal and claims data.
What Evocate Delivered
In 2018 Evocate built a SharePoint external access portal for iCARE:
- Discovery: identified who needs external access, to what content, and under what controls
- Portal design: designed a SharePoint portal that separates external-facing content from internal sites
- Secure access: configured secure external access and identity, with permissions scoped tightly
- Structured libraries: built document libraries and structure tailored to external collaboration
- Access controls: aligned security and access to the sensitivity of the information shared
- Handover: briefed the team to administer users and content going forward
Outcomes
iCARE now has a dedicated SharePoint portal where approved external parties access only the content intended for them. Sensitive material no longer travels by unsecured email, and access is governed by identity and permissions rather than trust. Internal sites stay walled off from external users, so collaboration happens without widening the attack surface. The result is controlled, auditable document sharing that suits a regulated insurer.
Why This Matters
Almost every organisation eventually needs to share content securely with people outside it, and email is the wrong tool for the job. iCARE shows how Evocate uses SharePoint’s external access capabilities to create a controlled extranet: the right people see the right documents, nothing more. For insurers and other regulated businesses that handle sensitive data, it is a secure, governable alternative to ad-hoc sharing.






















