Store and distribute all of your company’s documents in one place. From handbooks and agreements to benefits and compliance forms, you can store everything in one secure location.
Through Employee Navigators online employee directory, your entire team can easily stay connected with each other. Employee Navigator works with the nation’s leading insurance brokers and insurance carriers to provide companies of all sizes with modern benefits & HR software.
Employees can view and update their own information. They can request time off, make benefit elections, view company related documents, and even make life event changes.
With Employee Navigator, changes to employee information, such as addresses, promotions, and terminations will automatically update across the Employee Navigator platform. Say goodbye to dual entry.
The platform utilizes Rackspace as a subservice organization that provides datacenter and hardware co-location services for the Employee Navigator platform. The subservice organization provides security and environmental controls for the Employee Navigator platform. These controls include providing security equipment, recording and monitoring physical access to the Employee Navigator platform systems, as well as providing environmental controls including power, cooling, flood control, fire suppression and detection. Rackspace also provides the infrastructure supporting the application layer, including: physical and virtual network, storage, computing, operating system, and managed security services.
In an effort to provide the platform customers with a high level of comfort regarding the security of the data we are entrusted with, we recently successfully completed our first SOC2 Type II audit. A copy of the report can be provided upon request.
Employee Navigator follows a strict, formalized hiring practice verifying all potential new employees are qualified for the responsibilities of their job function. Employee Navigator conducts background checks, via a third-party vendor, on all new employees.
Access to any and all resources is tightly controlled and users are only granted access based on minimum level of access required to perform their role. Physical access to the data center and the infrastructure is managed by Rackspace and expressly prohibited.
Network Access is controlled based on an implicit “deny all” network access control strategy. Network access controls have been implemented at all layers of to allow only required traffic and deny all other network traffic. Perimeter firewall appliances control all ingress and egress network traffic to/from the datacenter and VPN appliances control access to the systems and internal resources. customers are only permitted to access their assigned application environment, and all other access is denied.
The platform technical configurations, supporting security and platform operational capabilities, and procedures provide the required tools and processes to capture and monitor system activity throughout. Key Employee Navigator components have auditing and logging facilities enabled and configured to capture system events, generate log files, and send log files to the centralized system information and event management software for correlation, analysis, and alerting. The data center managed security services team utilize a variety of security tools to identify and detect potential security threats and incidents, including but not limited to, firewall logs, VPN appliance logs, ID alerts, malware alerts, vulnerability assessments, and operating system event log files. These alerts and notifications are analyzed and security engineers respond as necessary 24 hours a day, 7 days a week.
The data center and hardware co-location provider provides daily backups of systems and data via disk to disk replication and backup techniques to an alternate disaster recovery site.
The application is data-driven and licensees are responsible for uploading and managing their own data within the application. Customers are able to upload their data via HTTPS. Data sent from Employee Navigator to carriers is sent via protocols they define. The protocols available include PGP email, File Transfer Protocol – Secure (FTPS), and Secure File Transfer Protocol (SFTP) providing encryption for all data in transit.
The team does not access data provided by licensees through administrative and support activities unless explicitly requested by the customer. Employee Navigator does not perform any data classification on behalf of licensees. All licensee data is classified equally as sensitive. Employee Navigator does not share customer data stored in Employee Navigator with external third-parties, unless requested by the customer or required by law.
In connection with efforts to adhere to and maintain a controls environment appropriate for services to entities that may have specific regulatory obligations as covered entities under the Health Insurance Portability and Accountability Act (HIPAA) as amended by the HITECH Act of 2009 (ARRA Title XIII), Employee Navigator has undertaken an internal review and will be documenting its controls environment as a potential Business Associate. Employee Navigator has undertaken, where appropriate, to provide and document its control environment to meet the substantive requirements of the security rules for clients concerned with these issues.
The documentation, is not a representation of a substantive policy statement for Employee Navigator but rather seeks to provide an overview of measures and processes that Employee Navigator has undertaken in efforts to conform its practices with requirements certain customers may desire in connection with the purchase of services. IT is not a health plan, covered entity, clearinghouse or governmental entity.