PlanPlus™ Online Security & Technology

Our Data Center was designed from the ground up to maintain and secure even the most challenging of our customer's needs.

Physical Security
PlanPlus Online production equipment is collocated in Fremont, CA at a secure facility with 24/7/365 physical security, palm print and picture identification, redundant electrical generators, redundant data center air conditioners, and backup equipment designed to keep servers continually up and running.

Perimeter Defense
Multiple firewalls and intrusion detection systems protect the network perimeter. In addition, PlanPlus Online monitors and analyzes firewall logs to proactively counter security threats.

Data Encryption
PlanPlus Online utilizes the strongest encryption products available to protect customer data and communications, including 128-bit VeriSign SSL Certification and 1024 Bit RSA public keys.

User Authentication
Users require a valid username and password combination to access PlanPlus Online, all of which are encrypted via SSL while in transmission. Weak password choices are automatically declined for use. An encrypted session ID cookie uniquely identifies each user. Each session key is automatically scrambled and reestablished in the background at regular intervals for added security.

Internal Systems Security
Proprietary systems safeguards include network address translation, port redirection, IP masquerading, non-routable IP addressing schemes.

Application Security
PlanPlus Online's robust application security model prevents one PlanPlus Online customer from accessing another's data. This security model is reapplied with every request and enforced for the entire duration of a user session.

Reliability and Backup
All networking components, SSL accelerators, load balancers, Web servers, and application servers are arrayed in a redundant configuration. All customer data is stored on a primary database server that is clustered with a backup database server. All customer data is stored on disk storage that is mirrored across different storage cabinets and controllers. All customer data, up to the last committed transaction, is automatically backed up to a primary tape library on a nightly basis. Backup tapes are immediately cloned to a second tape library to verify their integrity, and the clones are moved to secure, fire resistant off-site storage on a regular basis. PlanPlus Online has disaster recovery plans in place.

Operating System Security
PlanPlus Online uses a minimal number of access points to all production servers to enforce tight operating system-level security. All operating system accounts are protected with strong passwords, and production servers do not share a master password database. All operating systems are maintained at each vendor's recommended patch levels for security and are hardened by disabling and/or removing any unnecessary users, protocols, and processes.

Database Security:
Whenever possible, database access is controlled at the operating system and database connection level. Access to production databases is limited, and production databases do not share a master password database. All data entered by a customer into the PlanPlus Online application is owned by that customer.

Server Management Security
PlanPlus Online does not utilize any managed service providers. The PlanPlusOnline Systems Engineering team provides all system management, maintenance, monitoring, and backups. PlanPlusOnline employees do not have direct access to the PlanPlusOnline production equipment, except where necessary for system management, maintenance, monitoring, and backups.