SmartBen Security

SmartBen is committed to providing state-of-the-art security for our clients' sensitive data. SmartBen protects your company and employee data by using multiple levels of security protection. Our security platform includes application security, host security, encryption during transmission, and physical barriers to our server environment. Our security methods ensure that your critical data and information is more secure than if it were kept on-premises or in an office. This protection starts with a wide range of physical security features for the servers that host the SmartBen application and data. The hosting facility provides 24x7 security monitoring by on-premises security officers, continuous video camera surveillance, electronic motion sensors, security breach alarms, and biometric access and exit sensors. Access to the servers is strictly limited to authorized SmartBen personnel.

Login Security

Physical security of the servers is only half of the battle. SmartBen also uses comprehensive measures to protect our clients' data during transmission over the Internet. Access to the site requires a unique username and password. Once the user has successfully authenticated their identity and requests information, data transfers between the client and server are protected by 128-bit Secure Socket Layer (SSL) encryption. SSL creates a secured connection between our web servers and the user's browser, which eliminates unauthorized access to transmitted data and received data.

Network Security

The data is hosted behind a dedicated firewall cluster for traffic load balancing and high availability in the event of a system failure. The firewall only permits designated traffic to access the SmartBen servers. Unauthorized system access is proactively monitored and attack definitions updated at multiple daily intervals providing protection against attacks and OWASP threats. A Unified Threat Management (UTM) System that is monitored 24x7 also protects our systems. This system eliminates network based attacks and intruders at the firewall as a third level of defense. SmartBen’s fourth level of defense is the deployment of an application firewall which monitors web traffic at the application level and monitors against attack vectors.

Data Encryption

SmartBen encrypts all data on its network of servers in addition to external offsite database backups using strong 256-bit encryption. Hard drive encryption as well as an encrypted email system is maintained on all desktop and laptop systems to meet the highest security and HIPAA standards. Each of these elements combines to form the highest level of security available, while providing our customers with ease of system use.

SSAE 16 Audited

Our data facility in addition to the SmartBen system have successfully completed the SSAE 16 Type II audits (formally SAS 70). These audits were performed by independent auditing firms. SmartBen is dedicated to security at a level that meets or exceeds the highest industry and regulatory standards.

SSAE 16, developed by the Auditing Standards Board ("ASB") of the American Institute of Certified Public Accountants ("AICPA"), replaces the Statement on Auditing Standards No. 70 ("SAS 70"), which was the standard used for reviewing the control processes of service organizations for nearly two decades. SSAE 16 has been created to address some of the limitations of SAS 70 Type II audits for technology service providers.

A SSAE 16 examination is widely recognized, because it represents that a service organization has been through a thorough evaluation of their control activities as they relate to an audit of the financial statements of its customers. A Type II report not only includes the service organization's system description, but also includes detailed testing of the design and operating effectiveness of the service organization's controls.