SECURE YOUR EMPLOYEE DATA
we achieve the highest level of security by performing full security audits of our product and infrastructure regularly.
Our security practices have been evaluated as part of our SOC 2 Type I attestation.
Our multi-pronged approach to security ensures you are protected at all times. We adhere to industry standards for protecting your data, securing our web application, and processing all transactions. Policies have been create across the entire organization to ensure we offer the highest level of security.
ENCRYPTION SECURITY OVERVIEW
Your transmitted data is kept safe using the highest encryption standards available, including 256-bit SSL encryption. This is the same technology that banks use to keep your account information safe and all account information you provide, including passwords and personal information details, is protected using this technology
The sofware employs state of the art back-up and firewall technology to ensure that your information is always available, no matter what happens. Our system stores back-ups in multiple secure locations and is updated throughout the day, every day.
Our servers are hosted at Tier III, SSAE-16 and ISO 27001:2005 compliant facilities which are Safe Harbor Certified. Our facilities feature 24-hour manned security, biometric access control, video surveillance, and physical locks. The co-location facilities are powered by redundant power, each with UPS and backup generators. All systems, networked devices, and circuits are monitored by both onsite employees and the co-location providers.
SECURE at EVERY STEP
We are able to monitor and keep safe every aspect of our software. All access to data within the software is governed by access rights, authenticated by username and password and our instance administrator can define granular access privileges. We also follow secure credential storage best practices by storing passwords using the bcrypt (salted) hash function. Our security architecture ensures segregation of customer data and stricter access restrictions for the HR mobile app.
There are no official government or industry certifications for HIPAA compliance. In order to support HIPAA compliance, we have reviewed the HIPAA regulation and updated its product, policies and procedures to support customers around their need to be HIPAA compliant. The sofware product/platform meets the obligations required by HIPAA, however customers are also responsible for enforcing policies within their organizations to meet HIPAA compliance. Some of
embedded controls that are relevant to HIPAA include:
- Controls to provide reasonable assurance for defining and granting access to users permitted by the users entity.
- Controls to provide reasonable assurance that the user entity’s method for accessing the application is configured with proper logical security protocols
- Controls to provide reasonable assurance that user accounts and access permissions are correctly specified on an ongoing basis, including revoking accounts.
Getting Started with the EPIX-Xchange
Manage and automate HR and benefits enrollment
- Personnel records management
- Salary history
- Dependent management
- Emergency contacts
- License & certificates
- Job descriptions
- New hire and open enrollment
- Defined Contribution
- Decision support
- Medical, dental, vision
- Critical illness & accident
- Life & disability
- FSA, HSA & transit accounts
- EOI & COBRA support
- Online personnel notes
- Event transaction logs
- Track & approve employee changes
- Event based compliance triggers
- Customizable onboarding
- Document uploading for employees