PlanPlus™ Online Security & Technology
Our application and infrastructure are designed to provide availability and security for even the most challenging of our customers’ needs.
PlanPlus Online our production equipment is located in the Amazon Web Services (AWS) at a secure facility with 24/7/365 physical security, biometrics, and picture identification, redundant electrical generators, redundant data center air conditioners, and backup equipment designed to keep servers continually up and running. The facilities and infrastructure comply with SOC2 and PCI compliance standards and are audited regularly.
Multiple firewalls and intrusion detection systems protect the network perimeter. In addition, PlanPlus Online monitors and analyzes firewall logs to proactively counter security threats.
PlanPlus Online utilizes industry standard best practice encryption to protect customer data and communications including SSL and encryption at rest.
Users require a valid username and password combination to access PlanPlus Online, all of which are encrypted via SSL while in transmission. Weak password choices are automatically declined for use. An encrypted session ID cookie uniquely identifies each user. Each session key is automatically scrambled and reestablished in the background at regular intervals for added security. Customers must accept shared responsibility for keeping passwords and authentication to individual accounts.
Internal Systems Security
Proprietary systems safeguards include network address translation, port redirection, IP masquerading, non-routable IP addressing schemes. Customers accept responsibility for setting up their internal permissions among their own users and within their own account.
PlanPlus Online’s robust application security model prevents one PlanPlus Online customer from accessing another’s data. This security model is reapplied with every request and enforced for the entire duration of a user session.
Reliability and Backup
All networking components, SSL accelerators, load balancers, Web servers, and application servers are arrayed in a redundant configuration. All customer data is stored on a primary database server that is clustered with a backup database server. All customer data is stored on storage that is mirrored across different locations. All customer data, up to the last committed transaction, is automatically backed up on a nightly basis. Backups are copied and transferred to multiple locations for redundancy daily. PlanPlus Online has disaster recovery plans in place.
Operating System Security
PlanPlus Online uses a minimal number of controlled access points to all production servers to enforce tight operating system-level security. All operating system accounts are protected with strong passwords, and production servers do not share a master password database. All operating systems are maintained at each vendor’s recommended patch levels for security and are hardened by disabling and/or removing any unnecessary users, protocols, and processes.
Whenever possible, database access is controlled at the operating system and database connection level. Access to production databases is limited, controlled, tracked and audited, and production databases do not share a master password database. All data entered by a customer into the PlanPlus Online application is owned by that customer.
Server Management Security
PlanPlus Online does not utilize any managed service providers for Production environments. The PlanPlus Online Systems Engineering team provides all system management, maintenance, monitoring, and backups. PlanPlus Online employees do not have direct access to the PlanPlus Online production equipment, except minimally where necessary for the completion of their job duties .