Information security and business continuity
Our highest priority
There is nothing more important than the security of your employee data. It’s the foundation on which the employee experience is built, and it is the cornerstone of our business. We’re incredibly proud of our achievements in information security, and how OneHub, our infrastructure, our procedures and our people all adhere to the highest possible standard when it comes to protecting your data.
Since 2012, we have committed to ensuring the safety and security of the data that we hold and process. Our systems and datacentres store and transfer your data securely, maintained by consistent internal and external auditing, and continual reviews and renewals of our certifications. For our information security, we hold ISO 27001 certification.
Business continuity and disaster recovery (DR) play a huge part in our infrastructure and business planning, this guarantees that the service provided to our customers can maintain ongoing operations in the event of an incident. To ensure we can maintain our continuity and DR management, Benefex are certified to the ISO 22301 Business Continuity Management System.
System security
Our minimum standards have always met UK government assurance requirements for public-facing web applications, to ensure that we meet the security levels for the applications and infrastructure. All of Benefex's infrastructure is penetration-tested using a CHECK / CREST approved supplier to ensure continuation of the standards required for the National Cyber Security Centre (NCSC) Cyber Essentials certification. However, to ensure we meet these exacting standards, we additionally conduct penetration testing of the applications and infrastructure at least twice per annum and, where necessary, will conduct additional testing.
Compliance
We use CREST certified consultants to ensure that all aspects of our infrastructure, web application and mobile application are tested at least twice a year. Plus, any major changes are tested in addition to these regular checks.
As well as the penetration tests to maintain our certifications for ISO 27001 and 22301, Benefex are audited by a third party biannually to ensure we maintain or improve on the requirements for the International Standards. We conduct our own internal security and continuity audits biannually in between the third party audits to ensure employees and services are maintaining our security standards. We also enable our customers, where necessary, to conduct their own security assessments and penetration tests of the application.
Secure access
Your protection when accessing our OneHub products needs to be as secure as possible. This is why we support and thoroughly test the latest two versions of the most popular Evergreen web browsers on your internet-abled devices.
We also provide iOS apps for some of our OneHub products for the best experience with an up-to-date smartphone operating system.
Web browser support currently includes the latest two versions of Chrome, Edge (Chromium-based), Safari, and Firefox.
iOS and android version support can be found at the software manufacturers' websites.
Hosting
We’re proud to partner with Rackspace and Google to host and safeguard our data. These partnerships play a huge part in how we deliver truly global solutions, as their worldwide presence and 24/7 support network enable safe and secure implementation and recovery, wherever it’s needed. These solutions align with our customers’ expectations, our current capabilities and future growth aspirations, while supporting your compliance and legislative commitments in different territories.
Rackspace
Rackspace has a proven track record with 20+ years delivering hosting and managed service solutions across both private and public sector organisations worldwide, regularly featuring as Leaders in The Gartner Magic Quadrant year-on-year.
In utilising Rackspace’s services, we have exceptional logging capabilities, extensive support (with up to 15-minute response times), and wider access to local and industry experts. We operate two UK data centres for our OneHub | Benefits UK test and production applications.
Compliance includes: SOC 1, SOC 2, SOC 3, PCI-DSS, ISO 27001 & more.
Google Cloud Platform
Google Cloud Platform provides the fastest private global network using the same infrastructure as Google's own search engine, GSuite, Maps and many more best-in-class products with a proven track record for security, performance and reliability.
Our OneHub | Recognition & Reward and Home products leverage class-leading Google Cloud Platform functionality, allowing us to bring you the most advanced features to any device from any location with an internet connection.
Compliance includes: SOC 1, SOC 2, SOC 3, PCI-DSS, ISO 27001 & more.
ISO 27001
Our current certification includes controls from ISO27017 (cloud user security), registered through ISOQAR Certificate number 11106-ISN-001 which covers staff, systems and data held by Benefex. Benefex conducts six-monthly third-party audits and six-monthly internal audits. Our certification includes all the controls from ISO 27001 and ISO 27017 and ISO 27018
ISO 22301
Benefex have been certified for ISO 22301 since April 2016, and every year since we have maintained and improved our business continuity position. To ensure a sound and reliable Business Continuity Management System (BCMS), Benefex conduct six-monthly third-party audits and six-monthly internal audits. We are certified by Alcumus ISOQAR, Certificate number 11106-BCI-001, the ISO 22301 certification represents our employee benefits infrastructure, applications and all Benefex employees.
Cyber Essentials Check
This ensures that we meet the UK Government National Cyber Security Centre requirements for Cyber Essentials. We’ve been awarded the certificate annually since 2016.
Datacentres
Our Rackspace datacentres are ISO 27001, SSAE18 SOC 1,2 & 3, PCI DSS, ISO 9001 & 14001 certified. Our secondary datacentre is certified to ISO 27001 and ISO 9001 standards.
Google Cloud compliance standards include ISE Audit for Tier 1, ISO 27001/27017/27018, SOC 1/2/3, FIPS 140-2 Validated, EU Model Contract Clauses, GDPR, Privacy Shield.
