System and Organizational Controls (SOC) Reporting
Benefitfocus completes the Service Organization Control (SOC) audit annually, which includes SOC I and SOC II Type 2 reviews. Certification to SOC I and SOC II standards ensure that Benefitfocus:
• Demonstrates ability to consistently provide services and information security that meet client service levels and applicable statutory & global regulatory requirements.
• Safeguards valuable, sensitive and confidential company and client information through security controls.
• Has established, documented, and is maintained as a means of ensuring that its services, processes and personnel, conform to specified requirements and to foster an environment of continual improvement and security.
• Demonstrates Leadership’s commitment to maintaining information security, high service levels and processing quality to customers.
SOC 1: Benefitplace, Benefitplace Enrollment, and Benefitplace Exchange, Benefitplace Billing, Benefit Catalog, IA classic, and Health Insights.
SOC 2: Benefitplace, Benefitplace Enrollment, and Benefitplace Exchange, Benefitplace Billing, and Benefit Catalog
SOC 2: IA Classic
Benefitfocus workforce members will complete security and privacy education annually and certify each year that they will comply with Benefitfocus’ ethical business code of conduct, confidentiality, and security policies, as set out in Benefitfocus’ Business Conduct Guidelines. Additional policy and process training will be provided to associates granted administrative access to service and data components that is specific to their role within Benefitfocus’ operation and support as required to maintain compliance and certifications.