Title Image

Data Protection

Our record keeping systems (Relius and Omni) are in an ASP environment with FIS – a leading global financial technology and services provider. We utilize the breadth and depth of FIS security programs (network, website, data storage and protection) in managing the environment including the participant and plan sponsor websites.

 

In addition, the FIS ASP environment provides segmented customer data as well as encryption in transit and rest. Multi-factor authentication is required for system access. All other tools used by the firm are maintained in the Microsoft Azure cloud, again utilizing the best security protocols and practices.

 

Access to participant data is restricted to those team members working on the plan. In addition, all employees go through quarterly training on security, confidentiality and understanding personally identifiable information requirements, and we have an information security policy that all our employees certify annually.

 

We take protecting our participants’ accounts and data very seriously. We work with our record keeping partner FIS on reviewing their periodic network penetration tests and perform quarterly reviews of our Azure cloud network security.

 

A few more points on security and data protection:

  • NWPS will never use participant data for any purpose other than providing recordkeeping and administration services.
  • We recently published our 2019 SOC1 and SOC2 reports with both reports demonstrating NWPS processes are in control and functioning appropriately. We recently deployed a third party software to further assist in fraud detection at the participant level. This tool provides confirmation of critical PII data including name, address, date of birth, social security number, email and phone numbers.
  • TLS encryption is in place, which ensures that emails are automatically encrypted when sent between the client domain and @nwpsbenefits.com.
  • Confirmation statements are mailed for all phone and web-based transactions to the participant’s home address (controlled via payroll, not NWPS website).
  • Transaction emails are sent automatically to the validated, primary email address on file once a phone or web-based transaction has been submitted.
  • Multi-Factor Authentication (MFA) is required for all inquiries and transactions.
  • We carry theft, cyber and E&O insurance at or above industry standards.
  • If a participant has money taken from their account through no fault of their own or their employer, we make them whole. That is our policy.

Data and plan fraud are an evolving threat landscape and NWPS is continuously improving our process and procedures to enhance security.