Beyond the Firewall: How Zenith Safeguards Client Data

The security of client data is paramount to plan success. Zenith’s commitment to security is led by our dedicated Privacy and Security team who is tasked creating a comprehensive security plan.

Following guidance by the Department of Labor and the National Institute of Standards and Technology (NIST), our in-house security team identifies potential threats and implements processes and tools for mitigating them. Privacy and Security team recommendations have led to significant investments in technology, including encryption and AI solutions that diminish threats to client data.

Zenith’s Privacy and Security team also tracks legislative changes, incorporating those changes into our processes, ensuring we are in full compliance with privacy and security legislation such as HIPAA and HITECH.

Zenith employs administrative, physical and technical controls across the enterprise.  From an administrative perspective, Zenith follows a well-documented security plan consisting of policies and procedures intended to secure sensitive information. For example, our Security team conducts employee education on cybersecurity as outlined in HIPAA. However, they take employee education beyond annual education, providing ongoing education for employees, identifying recent threats, and providing internal guidance to eliminate unauthorized access to our systems and client data.

From a physical security standpoint, Zenith ensures that access to our offices is secured with badge access, human barriers or other physical access controls.  Offices require two physical barriers before somebody can access areas where sensitive information is stored.  Even within the office, we take measures to protect access to workstations from unauthorized access or viewing by employing workstation timeouts and the positioning of displays.  We also have controls to manage devices and media by following chain of custody procedures as well as properly handling the disposal at the end of life for these items.

Zenith also ensures security of their systems and data through a variety of rigorous technical safeguards.   For example, we limit access to sensitive information following a minimum necessary and need-to-know basis by following stringent access controls.   We ensure that data is secured while it is in transit and at rest following best practice authentication and encryption standards. For example, we employ Multi Factor Authentication (MFA) across our network requiring users to provide two or more verification factors prior to gaining access.

To ensure the strength of our programs we perform regular penetration testing to rule out weaknesses in our systems. We also engage in annual SOC1 and SOC2 audits of our internal controls and security processes. Our policies and procedures are reviewed by the auditor as part of this process.

Further protection is provided to clients through investments in cyber security insurance coverage to protect clients and their participants in the event of a cyber security incident. For additional information regarding how we protect client data, contact your client service director.