Privacy & Cybersecurity


Ensuring round the clock security of Fund and Participant data

Our Top Priority - The Families We Serve

 

As a result, we invest annually in state-of-the-art information protection technologies and operating processes to meet ongoing regulatory and compliance objectives, to protect our clients’ data. Our industry-leading investment in emerging technology and robust cybersecurity programs stems from a passion to see our clients succeed.
 

Cybersecurity:

  • Program based upon the Department of Commerce, National Institute of Standards and Technology (NIST) directives and guidance
  • Formally documented and practiced
  • Risk assessments conducted in real time, internally, externally and between interconnected hybrid relationships
  • Vulnerability management occurs in real time, with third-party annual audit of security controls
  • Workforce cybersecurity awareness training conducted annually
  • Simulated phishing campaigns are conducted throughout the year on a reoccuring basis
  • Program administered by a full-time, certified cybersecurity team, with real-time and automated incident response capabilities
  • Third-party SOC Audits are conducted annually
  • Comprehensive Records Retention and Destruction Policy

Oversight of HIPAA Compliance


We maintain policies and procedures consistent with HIPAA as amended by HITECH 164.308(a)(1)(ii)(A), SOC1, ISO 27001 and NIST 800-66; governing information Security and Privacy.

Principal industry groups driving our HIPAA Security and Audit compliance:

  • The International Information System Security Certification Consortium (ISC)²
  • The Information Systems Audit and Control Association (ISACA)
  • The National Institute of Standards and Technology
 

Principal industry groups we belong to:

  • Society of Professional Benefit Administrators (SPBA)
  • International Foundation of Employee Benefit Plans (IFEBP)

Disaster Recovery and Business Continuity


The continuation of our services following a disaster or service disruption is critical to the success of both the company and, more importantly, the service delivery for our client Trusts. Business Continuity Planning with integrated Disaster Recovery Planning is maintained and administered by the Chief Information Security Officer.
 

Offsite Backup and Redundant Recovery Capabilities:

  • Documented Business Continuity and Disaster Recovery Plan Programs
  • Multiple full backups ensure no data is lost
  • Annual and Adhoc exercises are conducted to affirm redundant capabilities
  • All data is also stored offsite to ensure data can easily be restored in the event of a disaster

 


Zenith American Solutions' dedicated resources ensure the highest level of attention to compliance with regulatory requirements and preparedness when it comes to privacy, security and disaster recovery.


 

Subscribe to Our Blog - BenefitTalk


Our national reach and breadth of services, supported by our many leading accredited industry experts, allows us to be well educated on recent industry news, updates, regulatory changes, trends, and best practices. To support our ongoing commitment to our clients, we offer these tidbits of helpful information and industry insight through our blog and you have the option to sign up to receive each new update, Benefit Talk.