PlanPlus™ Online Security & Technology
Our Data Center was designed from the ground up to maintain and secure even the most challenging of our customers’ needs.
PlanPlus Online our production equipment is located in the Amazon Web Services (AWS) at a secure facility with 24/7/365 physical security, biometrics, and picture identification, redundant electrical generators, redundant data center air conditioners, and backup equipment designed to keep servers continually up and running.
Multiple firewalls and intrusion detection systems protect the network perimeter. In addition, PlanPlus Online monitors and analyzes firewall logs to proactively counter security threats.
PlanPlus Online utilizes the strongest encryption products available to protect customer data and communications, including 128-bit VeriSign SSL Certification and 1024 Bit RSA public keys.
Users require a valid username and password combination to access PlanPlus Online, all of which are encrypted via SSL while in transmission. Weak password choices are automatically declined for use. An encrypted session ID cookie uniquely identifies each user. Each session key is automatically scrambled and reestablished in the background at regular intervals for added security.
Internal Systems Security
Proprietary systems safeguards include network address translation, port redirection, IP masquerading, non-routable IP addressing schemes.
PlanPlus Online’s robust application security model prevents one PlanPlus Online customer from accessing another’s data. This security model is reapplied with every request and enforced for the entire duration of a user session.
Reliability and Backup
All networking components, SSL accelerators, load balancers, Web servers, and application servers are arrayed in a redundant configuration. All customer data is stored on a primary database server that is clustered with a backup database server. All customer data is stored on disk storage that is mirrored across different storage cabinets and controllers. All customer data, up to the last committed transaction, is automatically backed up to a primary tape library on a nightly basis. Backup tapes are immediately cloned to a second tape library to verify their integrity, and the clones are moved to secure, fire resistant off-site storage on a regular basis. PlanPlus Online has disaster recovery plans in place.
Operating System Security
PlanPlus Online uses a minimal number of access points to all production servers to enforce tight operating system-level security. All operating system accounts are protected with strong passwords, and production servers do not share a master password database. All operating systems are maintained at each vendor’s recommended patch levels for security and are hardened by disabling and/or removing any unnecessary users, protocols, and processes.
Whenever possible, database access is controlled at the operating system and database connection level. Access to production databases is limited, and production databases do not share a master password database. All data entered by a customer into the PlanPlus Online application is owned by that customer.
Server Management Security
PlanPlus Online does not utilize any managed service providers. The PlanPlus Online Systems Engineering team provides all system management, maintenance, monitoring, and backups. PlanPlus Online employees do not have direct access to the PlanPlus Online production equipment, except where necessary for system management, maintenance, monitoring, and backups.