OUR CLOUD INFRASTRUCTURE

Building cutting-edge cloud-based benefits technology products is only half the work, deploying them out of a reliable, scalable, and secure infrastructure that can support integrations with our partners’ payroll and HCM platforms to deliver a best-in-class experience is what makes our products solutions.

We make no compromises and strive to drive industry best practices when it comes to our delivery infrastructure. Here are some of the steps we take to meet that objective:

1. Hosting Infrastructure: We host our business applications and client data at multiple enterprise-grade facilities based in the US with redundant-capacity and disaster-recovery measures in place. These facilities undergo rigorous audits to ensure compliance with the latest best-of-breed security standards and regulations, and provide the optimal performance expected by our partners and clients in our service-level agreements (SLAs).
   
   
2. Data Communications: Data transmissions are encrypted, both inbound and outbound. We also support encryption-at-rest, meaning sensitive data is housed securely when not in transit.
   
   
3. Application Security: The solutions provide deep compartmentalization as well as robust access controls as part of our application security protocols. We support Two-Factor Authentication, employee role management, and audit everything that occurs in our system. All employees undergo criminal history background checks and have their job duties segregated by job requirements and training. Robotic Process Automation (RPA) is in place to manage business workflows and reduce the chance of human error.
   
   
4. Internal Processes and Controls: EverythingBenefits utilizes a host of internal controls designed to protect our clients’ information. These include:
   
   1. HIPAA & Social Engineering Training: Protecting private health information (PHI) is important to maintain compliance with the Health Information Portability & Accountability Act (HIPAA). Our staff is regularly trained to follow HIPAA guidelines and procedures.
      
      
   2. Annual In-Depth Audits & Reviews: We undergo both an annual SOC2 Type II Audit and HIPAA Matrix Review that focuses on our non-financial reporting controls as they relate to security & privacy breach rules, processing integrity, confidentiality, and availability.
      
      
   3. Annual SOC2 Type II Audits – Routine audits that focus on our non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system.

Above is a partial list of actions and features to protect our partners’ clients’ data. EverythingBenefits is committed to continued investment toward the improvement of its infrastructure. If you have any questions, please contact support@everythingbenefits.com.