Our Top Priority - The Families We Serve

 

As a result, we invest annually in state-of-the-art information protection technologies and operating processes to meet ongoing regulatory and compliance objectives, to protect our clients’ data. Our industry-leading investment in emerging technology and robust cybersecurity programs stems from a passion to see our clients succeed.
 

Cybersecurity:

• Program based upon the Department of Commerce, National Institute of Standards and Technology (NIST) directives and guidance
• Formally documented and practiced
• Risk assessments conducted in real time, internally, externally and between interconnected hybrid relationships
• Vulnerability management occurs in real time, with third-party annual audit of security controls
• Workforce cybersecurity awareness training conducted annually
• Simulated phishing campaigns are conducted throughout the year on a reoccuring basis
• Program administered by a full-time, certified cybersecurity team, with real-time and automated incident response capabilities
• Third-party SOC Audits are conducted annually
• Comprehensive Records Retention and Destruction Policy

Oversight of HIPAA Compliance

We maintain policies and procedures consistent with HIPAA as amended by HITECH 164.308(a)(1)(ii)(A), SOC1, ISO 27001 and NIST 800-66; governing information Security and Privacy.
 

Internal Compliance Team:

Compliance & Privacy Officer: 
Patricia Kuchenreuther, AIRC (Associate, Insurance Regulatory Compliance) CHP (Certified HIPAA Professional)

Chief Information Security Officer: 
Randall Zigabarra CISA – (Certified Information Systems Auditor), CISM – (Certified Information Security Manager), CISSP – (Certified Information Systems Security Professional)

Principal industry groups driving our HIPAA Security and Audit compliance:

• The International Information System Security Certification Consortium (ISC)²
• The Information Systems Audit and Control Association (ISACA)
• The National Institute of Standards and Technology

 

Principal industry groups we belong to:

• Society of Professional Benefit Administrators (SPBA)
• International Foundation of Employee Benefit Plans (IFEBP)

​

Disaster Recovery and Business Continuity

The continuation of our services following a disaster or service disruption is critical to the success of both the company and, more importantly, the service delivery for our client Trusts. Business Continuity Planning with integrated Disaster Recovery Planning is maintained and administered by the Chief Information Security Officer.
 

Contact to Learn More

 

Submit a Request For a Proposal

 

Submit a request for additional information by filling out the form, CLICK HERE.