From PHI and PII to encrypting sensitive data, BenefitMall protects you and your clients' information.
lock
Data Security
- Security Awareness Program provides annual training, security advisories, and a Security Champions Initiative
- All PHI/PII data is encrypted at rest and in motion
- Automatic alerts and encryption for emails containing PHI/PI
- Third-party Information Security Risk Assessment is performed regularly
security
Endpoint and Systems Security
- Protection on laptops and workstations includes USB drives disabled, anti-virus installed, and full disk encryption
- Anti-virus installed on servers
- Databases are encrypted
- Exteral vulnerability scans performed monthly along with laptop and workstation patches
vpn_key
Access Control
- Password best practices followed
- Multi-Factor Authentication (MA)
saved_search
Third Party Security
- Vendor Management Program verifies all third-party access to our systems
- All vendors or third parties required to complete security risk assessment periodically
network_wifi
Network Security
- Network access control for LAN ports and WiFi
- Web content filtering and firewalls
- Penetration testing semi-annually
computer
Application Security
- Data masking of sensitive data with role based access
- Release management includes OWASP security testing and a full technical committee review
- Agency Workspace provides secure business case submission
business_center
Business Resilience
- Disaster Recovery Plans tested annually
- Back-ups verified to meet Data Retention Policy
- Incident Response Plan tested annually
pages
Certification and Attestation
- SOC 1 Type 2 and SSAE 18
fingerprint
Physical Security
- Physical access to data centers only for authorized employees and visitors with ID and BenefitMall escort
