Compliance

Security is not a one-time event or a single technology. We believe security begins with having the correct processes in place and having our team correctly trained and well versed in these processes. With the correct security procedures and goals already established, we can seamlessly implement the appropriate controls and technologies to ensure the security of individuals’ personal and health information. Our continued success relies on our ability to sustain a robust program consistent with industry information security standards in order to maintain confidentiality requirements concerning employee benefits.

Information Security

Security is not a one-time event or a single technology. We believe security begins with having the correct processes in place and having our team correctly trained and well versed in these processes. With the correct security procedures and goals already established, we can seamlessly implement the appropriate controls and technologies.

Application Authentication

We use different pieces of information to correctly identify and authenticate users before allowing them secure access to benefit information. When users register online, we require unique information within our systems to verify that the information you provided is your own personal information.

SOC 2 Type 2 Certified

Web Benefits Design holds the highest level of security and performs the SOC 2 Type 2 audit annually. We model many of our IT/IS policies on the ISO27001 standard. 

Web Benefits Design has undergone and maintained an audit on each of the five Trust Principles of the Service Organization Controls (SOC 2 Type 2), which focus on the mitigation of the same risks:
  • Security
  • Availability
  • Processing Integrity
  • Confidentiality
  • Privacy

Operating System Safeguards

It is our job to understand, select and deploy a variety of security safeguards and processes.

In addition to our employee confidentiality training/security awareness program, we use a complex set of interacting network, application and operating system safeguards including:

  • World class datacenter facility that is HIPAA compliant, PCI/DSS Level 1, SAS70, and ISO 27001 certified
  • SEIM infrastructure for real time 24/7 monitoring of public facing systems
  • Offsite one-way log archiving
  • Host and Network based Intrusion Detection systems
  • Stateful firewalls
  • Appropriate separation of content servers from data stores via DMZ
  • DoD level encryption technology
  • PKI based Digital Certificates
  • SSL for all electronic messaging
  • Strategic security awareness via honeypots and security dashboard
  • Third party audits and tests with independent verification

We strive to maintain the highest standards of performance and integrity in our operations. Within our web application, we take a number of measures to securely authenticate your identity and secure protected information between our data centers and the end users' network. We ensure all sensitive information is as secure as possible against unauthorized access and use. In addition to third party audits, we also review our internal security measures at regular intervals according to our security policies.

Ready For A Demo?

We invite you to experience our integrated benefits administration technology and ancillary services by completing the form or calling (800) 779-8952. One of our team members will reply shortly. Thank you for your interest.

Basic Information






Employer Details




Broker Details





Carrier Details



Send Message