TECHNOLOGY: SECURITY    

Ensuring Data Security and Integrity

From our start serving the financial services industry, our highest priority has been the security and integrity of our web-based solutions. All data transferred between the client and our applications are encrypted using Secure Sockets Layer (SSL). For additional security, each caller must first acquire a session ID by passing a valid site token, username, and password. The session ID expires after a specified period and is required for all subsequent calls to our database. Requests for session IDs must come from a specific computer IP address or IP address range.

By providing a secure channel through which the application can communicate with the Record Keeping Database provider, rather than retrieving and processing participant data at a central location, SmartPlan avoids both the security risks and resource demands typically associated with other web-based financial management applications. When a participant signs in to your SSL-encrypted session, a unique key pair is created between the participant's computer and the RKD. In addition to being the only way to decrypt any data transferred between the participant and the RKD, both the key pair and the data itself are only alive while the participant's session is active.

While the session is active, SmartPlan uses the key pair and the RKD's API to transfer information and instructions between the participant and the RKD in the form of encrypted XML files. Only data pertaining to the participant who created the key pair can be accessed during the session. Once the session is terminated, the keys and any XML data associated with them are destroyed, and no record of the key pair or any of the XML data used during it is retained in the SmartPlan application or database, or on the participant's system.

Looking for more information about our data security protocols? Please contact us.