Security
Data Security Is Our Highest Priority.
Our customers have entrusted us with the protection of their data, and we earn that trust every day with systems that are built with integrity and security. Vimly Benefit Solutions has completed rigorous third-party evaluations and testing to ensure we have the proper internal controls and security safeguards in place.
- We are pleased to announce that SIMON®, our benefits administration platform, has earned Certified status for information security by HITRUST—the highest standard for protecting your data and information. See our announcement here.
- Data protection with a layered security model and multiple encrypted transmission methods tailored to the specific system and data being transferred.
- 24×7 real-time monitoring and incident response.
- Additional systems monitor access to data, log transmission successes and failures, and conduct audits of our transactions.
- SOC1 and SOC2 certified and HIPAA compliant.
- We conduct routine vulnerability and penetration testing of our network.
- Multi-factor authentication (MFA) is used to protect access to your data. Multi-factor authentication (MFA) is used via a two-step verification processes to confirm user identity when accessing our systems. Multi-factor authentication provides an additional layer of security that helps protect your confidential data.
- Secure Sockets Layer (SSL) SHA256-2048 RSA certificates are used to protect data during transfer, both inside and outside our network. SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. We have partnered with Thawte and Digicert to ensure our SSL Certificates meet the highest level of security and trust possible.
- Transparent Data Encryption (TDE) is used on all Databases.The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module.
- Advanced Threat Protection and Edge Security. Next-generation security appliances are in place with a comprehensive suite of advanced protection including IPS, ATP, Sandboxing, Dual AV, Web and App Control, Anti-phishing, and a full-featured Web Application Firewall. These security systems automatically respond to incidents by instantly identifying and isolating infected systems until they can be cleaned up.
- Internal system monitoring using automated user behavior analysis and risk mitigation. Internal auditing systems give a bird’s eye view of risks allowing us to control and mitigate IT risks by continuously monitoring our systems including Real-time remediation such as blocking IPs, changing privileges, disabling accounts, blocking devices, or killing applications.
- Internal security controls protect your data from unauthorized access. Access to business systems is limited to only personnel assigned to your account and only at a level necessary to assist you and manage your account. Also, we conduct audits of our staff and procedures to ensure that security protocols to protect your data are followed.
- Security and HIPAA training requirements. Staff members complete regular security and HIPAA security training. These sessions reinforce our security first approach to protecting your data.