Data Security and Business Continuity
Protecting and securing your data from a world that is not always friendly

Our clients and partners entrust us with sensitive benefits and health care data. We safeguard this information in every possible way, with procedures in place for data protection, standards for people and processes, audited security measures for all related equipment and facilities, and well-proven software security mechanisms.

A proven, secure platform

PlanSource is an ISO 27001 certified, SSAE18 SOC 2 Type 2 audited technology platform and we are committed to the stability of our system and safety of your data. The foundation of our security approach is built around ISO 27001/2 standards. This includes following HIPAA, GDPR and state privacy guidelines, and SANS Top 20 Common Security Controls.

Access Controls

PlanSource uses industry standard controls to restrict access to sensitive systems such as servers, network devices and virtual machine infrastructure systems. Firewalls and IDS/IPS systems are used to protect access from the internet to internally hosted systems.

Physical Security

PlanSource has numerous physical security protocols in place in our offices and in our Tier III Data Centers, including biometric screening, stringent badge card access requirements, video cameras and state-of-the-art security alarms.

Network and Internet Security

As a cloud-based technology company, the internet is a critical resource for us. While it is an incredible tool for transmitting information, the internet also has numerous security issues and we have built our systems to be protected from threats.

Penetration Testing

PlanSource uses a third party to perform several different types of penetration testing during the course of a year. These include application penetration testing on the benefits system as well as regular network and systems penetration testing.

Business Continuity

We have designed our technology infrastructure to minimize the effects of natural disasters and have business continuity plans in place to ensure that our solutions continue to operate and your data is safe.

  • Primary data center located in Orlando, Florida in a Tier III data center
  • Disaster Recovery located in Salt Lake City, Utah in a Tier III data center
  • Salt Lake City Tier III data center is kept in a warm state


    • All data center facilities are equipped with redundant power grids, generators, UPSs and telecommunication trunks
    • Data replication between data centers ensures both centers have the same data
    • Redundant support centers in Orlando, Florida and Salt Lake City, Utah
    • Recovery time objective of 48 hours
    • Recovery point objective of 4 hours (or less)
    • Established and tested Disaster Recovery and Business Continuity Plans