Information security and business continuity
Our highest priority
There is nothing more important than the security of your employee data. It’s the foundation on which the employee experience is built, and it is the cornerstone of our business. We’re incredibly proud of our achievements in information security, and how OneHub, our infrastructure, our procedures and our people all adhere to the highest possible standard when it comes to protecting your data.
Since 2012, we have committed to ensuring the safety and security of the data that we hold and process. Our systems and datacentres store and transfer your data securely, maintained by consistent internal and external auditing, and continual reviews and renewals of our certifications. For our information security, we hold ISO 27001 certification.
Business continuity and disaster recovery (DR) play a huge part in our infrastructure and business planning, this guarantees that the service provided to our customers can maintain ongoing operations in the event of an incident. To ensure we can maintain our continuity and DR management, Benefex are certified to the ISO 22301 Business Continuity Management System.
Our minimum standards have always met UK government assurance requirements for public-facing web applications, to ensure that we meet the security levels for the applications and infrastructure. All of Benefex's infrastructure is penetration-tested using a CHECK / CREST approved supplier to ensure continuation of the standards required for the National Cyber Security Centre (NCSC) Cyber Essentials certification. However, to ensure we meet these exacting standards, we additionally conduct penetration testing of the applications and infrastructure at least twice per annum and, where necessary, will conduct additional testing.
Audits & checks
We use CREST certified consultants to ensure that all aspects of our infrastructure, web application and mobile application are tested at least twice a year. Plus, any major changes are tested in addition to these regular checks.
As well as the penetration tests to maintain our certifications for ISO 27001 and 22301, Benefex are audited by a third party biannually to ensure we maintain or improve on the requirements for the International Standards. We conduct our own internal security and continuity audits biannually in between the third party audits to ensure employees and services are maintaining our security standards. We also enable our customers, where necessary, to conduct their own security assessments and penetration tests of the application.
Our data centres
We’re proud to partner with Rackspace to host and safeguard our data. Rackspace has a proven track record with 20+ years delivering hosting and managed service solutions across both private and public sector organisations worldwide, regularly featuring as Leaders in The Gartner Magic Quadrant year-on-year. This solution aligns to our customers’ expectations, our current capabilities and future growth aspirations, whilst supporting your compliance and legislative commitments in different territories.
This partnership plays a huge part in how we deliver truly global solutions, as their worldwide datacenters and 24/7 support network enable safe and secure implementation and recovery, wherever it’s needed. In utilising Rackspace’s services, we have exceptional logging capabilities, extensive support (with up to 15-minute response times), and wider access to local and industry experts. We operate two datacentres with the currently, and all sites are linked directly for continuity as well as having external connectivity. The Benefex Production, UAT and QA are all located in the Rackspace environment with the environments being logically separated by domain.
Google Cloud Platform
Our OneHub | Recognition & Reward and Home products are built with cloud scalability in mind to bring together the people in your organisation from around the world.
Google Cloud Platform provides the fastest private global network using the same infrastructure as Google's own search engine, GSuite, Maps and many more best-in-class products with a proven track record for security, performance and reliability.
Our OneHub | Recognition & Reward and Home products leverage class-leading Google Cloud Platform functionality, allowing us to bring you the most advanced features to any device from any location with an internet connection.
Our current certification includes controls from ISO27017 (cloud user security), registered through ISOQAR Certificate number 11106-ISN-001 which covers staff, systems and data held by Benefex. We’ve been ISO 27001 certified since June 2013 and are now in our third certification period - valid until April 2022 - with six-monthly third-party audits.
This is registered through ISOQAR certificate no 11106-BCI-001. This covers our business infrastructure and services. Our current certification is valid until April 2022 with annual third-party audits.
Cyber Essentials Check
This ensures that we meet the UK Government National Cyber Security Centre requirements for Cyber Essentials. We’ve been awarded the certificate annually since 2016.
Our Rackspace datacentres are ISO 27001, SSAE18 SOC 1,2 & 3, PCI DSS, ISO 9001 & 14001 certified. Our secondary datacentre is certified to ISO 27001 and ISO 9001 standards.