Privacy & Cybersecurity

Ensuring round the clock security of Fund and Participant data

Our Top Priority - The Families We Serve

As a result, we invest annually in state-of-the-art information protection technologies and operating processes to meet ongoing regulatory and compliance objectives, to protect our clients’ data. Our industry-leading investment in emerging technology and robust cybersecurity programs stems from a passion to see our clients succeed.

Cybersecurity:

Program based upon the Department of Commerce, National Institute of Standards and Technology (NIST) directives and guidance
Formally documented and practiced
Risk assessments conducted in real time, internally, externally and between interconnected hybrid relationships
Vulnerability management occurs in real time, with third-party annual audit of security controls
Workforce cybersecurity awareness training conducted annually
Simulated phishing campaigns are conducted throughout the year on a reoccuring basis
Program administered by a full-time, certified cybersecurity team, with real-time and automated incident response capabilities
Third-party SOC Audits are conducted annually
Comprehensive Records Retention and Destruction Policy

Oversight of HIPAA Compliance

We maintain policies and procedures consistent with HIPAA as amended by HITECH 164.308(a)(1)(ii)(A), SOC1, ISO 27001 and NIST 800-66; governing information Security and Privacy.

Principal industry groups driving our HIPAA Security and Audit compliance:

The International Information System Security Certification Consortium (ISC)²
The Information Systems Audit and Control Association (ISACA)
The National Institute of Standards and Technology

Principal industry groups we belong to:

Society of Professional Benefit Administrators (SPBA)
International Foundation of Employee Benefit Plans (IFEBP)

Disaster Recovery and Business Continuity

The continuation of our services following a disaster or service disruption is critical to the success of both the company and, more importantly, the service delivery for our client Trusts. Business Continuity Planning with integrated Disaster Recovery Planning is maintained and administered by the Chief Information Security Officer.

Offsite Backup and Redundant Recovery Capabilities:

Documented Business Continuity and Disaster Recovery Plan Programs
Multiple full backups ensure no data is lost
Annual and Adhoc exercises are conducted to affirm redundant capabilities
All data is also stored offsite to ensure data can easily be restored in the event of a disaster

Zenith American Solutions' dedicated resources ensure the highest level of attention to compliance with regulatory requirements and preparedness when it comes to privacy, security and disaster recovery.

Subscribe to Our Blog - BenefitTalk

Our national reach and breadth of services, supported by our many leading accredited industry experts, allows us to be well educated on recent industry news, updates, regulatory changes, trends, and best practices. To support our ongoing commitment to our clients, we offer these tidbits of helpful information and industry insight through our blog and you have the option to sign up to receive each new update, Benefit Talk.