Database Security

BenefitPlan Manager's highest priority is to provide a secure Internet site. Our database is secured with a specialized configuration of hardware and software. Accessing information from this configuration requires passing through a highly secured "firewall" and series of filtering mechanisms. This environment protects our database from Internet security risks.

Personal and plan information sent from our site over the Internet is encrypted with a security technology called Secured Socket Layers (SSL). Our SSL web server offers the highest level (128-bit RC4) of encryption technology available. This technology encrypts the information before transmitting, so that only the person requesting it is able to view it.

BenefitPlan Manager's web site must be used with an SSL compatible browser, Microsoft Internet Explorer (version 3.0 or greater). If your browser doesn't support SSL, or if you've disabled that feature on your browser, you won't be able to view any information from our site.

You can tell when you are secure by looking at the location (URL) field. If the URL begins with https://(instead of http://), the document comes from a secure server. This means your data cannot be read or deciphered by unauthorized individuals.

Application Access

BenefitPlan Manager requires three layers of authentication (group name, user name and password) that must be satisfied in order to utilize the site. The group names, user names and passwords are stored in an encrypted database that is isolated from the Internet.

Optional IP recognition can also be added for Administrator Access and View Only Access users to limit access to users within their certain bank of IPs.

Security Details

High levels of physical security
  • Two-factor (card+PIN) authentication for physical entry
  • Security cameras with digital recorders
  • Security guards round the clock
Intrusion protection
  • Intrusion Detection System (IDS)
  • Intrusion Prevention System (IPS)
Layered security approach
  • Firewalls
  • VPN
  • Virus screening and protection
n+1 Redundancy
  • Power from more than one feed
  • Network connectivity from at least 2 providers
  • Each power supply on independent UPSs
  • Redundant Diesel generators to sustain continuous operations in case of extended power failure
Fully redundant network infrastructure
  • Routers
  • Switches
  • Firewalls
Standby/failover servers
  • Web
  • Application
  • Database
Backup and Replication
  • Daily full database & directory structure
  • Hourly incremental database backups
  • Disk - disk - tape architecture
Off-site long term data retention
Sensitive Data Encrypted
  • Social security numbers
  • Passwords
SAS 70 Type II exams performed annually
  • Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a widely recognized auditing standard developed by the American Institute of CPA's (AICPA)
  • Includes description of controls and reports on detailed testing of controls over a minimum six month period