Database Security
BenefitPlan Manager's highest priority
is to provide a secure Internet site. Our database is secured with a specialized
configuration of hardware and software. Accessing information from this configuration
requires passing through a highly secured "firewall" and series of filtering mechanisms.
This environment protects our database from Internet security risks.
Personal and plan information sent from our site over the Internet is encrypted
with a security technology called Secured Socket Layers (SSL). Our SSL web server
offers the highest level (128-bit RC4) of encryption technology available. This
technology encrypts the information before transmitting, so that only the person
requesting it is able to view it.
BenefitPlan Manager's web site
must be used with an SSL compatible browser, Microsoft Internet Explorer (version
3.0 or greater). If your browser doesn't support SSL, or if you've disabled that
feature on your browser, you won't be able to view any information from our site.
You can tell when you are secure by looking at the location (URL) field. If the
URL begins with https://(instead of http://), the document comes from a secure server.
This means your data cannot be read or deciphered by unauthorized individuals.
Application Access
BenefitPlan Manager requires three
layers of authentication (group name, user name and password) that must be satisfied
in order to utilize the site. The group names, user names and passwords are stored
in an encrypted database that is isolated from the Internet.
Optional IP recognition can also be added for Administrator Access and View Only
Access users to limit access to users within their certain bank of IPs.
Security Details
High levels of physical security
- Two-factor (card+PIN) authentication for physical entry
- Security cameras with digital recorders
- Security guards round the clock
|
Intrusion protection
- Intrusion Detection System (IDS)
- Intrusion Prevention System (IPS)
|
Layered security approach
- Firewalls
- VPN
- Virus screening and protection
|
n+1 Redundancy
- Power from more than one feed
- Network connectivity from at least 2 providers
- Each power supply on independent UPSs
- Redundant Diesel generators to sustain continuous operations in case of extended power failure
|
Fully redundant network infrastructure
- Routers
- Switches
- Firewalls
|
Standby/failover servers
|
Backup and Replication
- Daily full database & directory structure
- Hourly incremental database backups
- Disk - disk - tape architecture
|
Off-site long term data retention
|
Sensitive Data Encrypted
- Social security numbers
- Passwords
|
SAS 70 Type II exams performed annually
- Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a widely recognized auditing standard developed by the American Institute of CPA's (AICPA)
- Includes description of controls and reports on detailed testing of controls over a minimum six month period
|