SmartBen’s mission is to modernize benefit administration and employee self-service by delivering a "smart" information platform that empowers HR and employees to be true consumers of benefits.
If you are having display problems, try switching to a different browser. For best viewing, use the most recent version of a browser. Free upgrades are available at the following sites:
To maximize all features of the SmartBen system members must have a supported browser and certain files require Adobe Acrobat Reader to view or print PDFs. SmartBen also uses the Adobe Flash Plug-In to view help tutorials and plan storyboards. If you do not currently have access to the Adobe Flash Plug-In, you can download the plug-in, which is publicly accessible via the Adobe Web Site.
For our users' security, SmartBen monitors the number of attempts that are made with a username consecutively without success. Once the number of allowable unsuccessful login attempts for an account is exceeded, the account will be locked for the user's protection. If you get a message after a login attempt which reads: “Sorry...Your employee account has been locked.”, please contact your HR Administrator. Your HR department will need to reset/unlock your account in order for you to log in. For security verification reasons, SmartBen is not authorized to give passwords or unlock employee accounts. Your HR department will have access to your account and can provide you with assistance with this process.
Note: The message may also appear if HR has locked all accounts for site maintenance, and may not be reflective of too many unsuccessful password attempts.
Terminated Employees: Employees with termination dates will automatically be locked out of the system with the following system message: “Sorry...Your employee status has been set to terminated.”
SmartBen provides a password recovery tool for those employees who have a valid OFFICE email in the SmartBen system. Not all companies populate this field upon company creation, so this feature may not be active for your account. If it is active, SmartBen will email your password to your valid office email account once you supply your username. If you use this password recovery, SmartBen recommends that you change your password once you enter the system since this secure information has been transmitted via email. If you do not receive an email with your password information, you may not have a valid office email in SmartBen and you should contact your HR administrator for assistance.
Note: Not all companies have office email, nor do all companies allow employee management of passwords.
SmartBen is committed to providing state-of-the-art security for our clients' sensitive data. We protect your company and employee data by using multiple levels of security protection. Our security platform includes application security, host security, encryption during transmission, and physical barriers to our server environment. Our security methods ensure that your critical data and information is more secure than if it were kept on-premises or in an office. This protection starts with a wide range of physical security features for the servers that host the SmartBen application and data. The hosting facility provides 24x7 security monitoring by on-premises security officers, continuous video camera surveillance, electronic motion sensors, security breach alarms, and biometric access and exit sensors. Access to the servers is strictly limited to authorized SmartBen personnel..
Physical security of the servers is only half of the battle. SmartBen also uses comprehensive measures to protect our clients' data during transmission over the Internet. Access to the site requires a unique username and password. Once the user has successfully authenticated their identity and requests information, data transfers between the client and server are protected by 128-bit Secure Socket Layer (SSL) encryption. SSL creates a secured connection between our web servers and the user's browser, which eliminates unauthorized access to transmitted data and received data.
The data is hosted behind a dedicated firewall cluster for traffic load balancing and high availability in the event of a system failure. The firewall only permits designated traffic to access the SmartBen servers. Unauthorized system access is proactively monitored and attack definitions updated at multiple daily intervals providing protection against attacks and OWASP threats. Furthermore, the SmartBen system is also protected by a Unified Threat Management (UTM) System that is monitored 24x7. This system eliminates network-based attacks and intruders at the firewall as a third level of defense. SmartBen’s fourth level of defense is the deployment of an application firewall which monitors web traffic at the application level and monitors against attack vectors.
SmartBen encrypts all data on its network of servers in addition to external offsite database backups using strong 256-bit encryption. Hard drive encryption as well as an encrypted email system is maintained on all desktop and laptop systems to meet the highest security and HIPAA standards. Each of these elements combines to form the highest level of security available, while providing our customers with ease of system use.
Our data facilities, in addition to the SmartBen system itself, have successfully completed the SSAE 16 Type II audits (formally SAS 70). These audits were performed by independent auditing firms. SmartBen is dedicated to security at a level that meets or exceeds the highest industry and regulatory standards.
SSAE 16, developed by the Auditing Standards Board ("ASB") of the American Institute of Certified Public Accountants ("AICPA"), replaces the Statement on Auditing Standards No. 70 ("SAS 70"), which was the standard used for reviewing the control processes of service organizations for nearly two decades. SSAE 16 has been created to address some of the limitations of SAS 70 Type II audits for technology service providers.
A SSAE 16 examination is widely recognized, because it represents that a service organization has been through a thorough evaluation of their control activities as they relate to an audit of the financial statements of its customers. A Type II report not only includes the service organization's system description, but also includes detailed testing of the design and operating effectiveness of the service organization's controls.