With our history in the highly regulated payer space, we fully understand the compliance, security and privacy requirements in the industry. Our suite of products meets or exceeds industry standards, including but not limited to SOC 2 Type II, ISO/ISMS, PCI DSS and HIPAA compliance. benefitalign® is a CMS approved Phase 3 Enhances Direct Enrollment (EDE) partner and one of only a handful of companies who regularly work with CMS and a number of State Exchanges that includes California, Washington and New Jersey.
Our primary data center in Ashburn, VA is SOC 2 Type II certified. This is the platinum standard for data security and compliance. Third-party auditor conducts the audit to verify that the information security practices, policies, procedures and operations meet the SOC 2 standards for security, availability, and confidentiality.
ISO 9001:2015/ISO 27001:2013 is the quality and security certification for internal operations. ISO 9001:2015 specifies the requirements for a quality management system (QMS) providing products and services that meet customer and regulatory requirements. ISO 27001:2013 provides a set of standardized requirements for the Information Security Management System (ISMS). We have implemented a well-defined process for monitoring, maintaining and improving ISMS.
The Payment Card Industry Data Security Standard (PCI DSS) compliance has a complex set of rules and regulations to ensure that all credit card data is processed, stored, or transmitted in a secure environment and stays protected against any data breach. Third-party auditors conduct the annual audit and the quarterly Vulnerability Assessment & Penetration Tests (VA/PT), including the OWASP Top 10 Web Application Security Risks. Any technical vulnerabilities identified from the audits are successfully fixed and the risks for a data breach are mitigated in order to ensure that our customers cardholder data remains protected.
benefitalign® provides role-based, department-level training on data security, privacy requirements, PII, PHI and HIPAA regulations to all employees.