Security and Privacy
At Plan Notice, we embed security and privacy into every aspect of our operations. Our goal is to facilitate exceptional communication for retirement plan participants while safeguarding their private information.
At Plan Notice, we embed security and privacy into every aspect of our operations. Our goal is to facilitate exceptional communication for retirement plan participants while safeguarding their private information.
To check on the system status click here.
At Plan Notice, we embed security and privacy into every aspect of our operations. Our goal is to facilitate exceptional communication for retirement plan participants while safeguarding their private information.
Access is strictly limited to personnel with a legitimate business need, adhering to the principle of least privilege.
Implementation of layered security controls for comprehensive protection.
Uniform application of security controls across all areas of the enterprise.
Continuous refinement of controls, enhancing effectiveness, auditability, and reducing operational friction.
Maintaining comprehensive cyber insurance to mitigate any financial risks from potential incidents.
Plan Notice is on track to complete its SOC 2 Type II attestation in 2024, with a commitment to uphold this certification. For the latest updates on our SOC 2 Type II status, please contact michael@plannotice.com.
We ensure the highest level of data protection; all sensitive customer data is encrypted both at rest and in transit. This encryption occurs before the data enters the database, making physical and logical database access insufficient to read sensitive information.
Plan Notice employs rigorous security protocols, including annual penetration testing to assess and fortify our systems. In our Secure Development Lifecycle (SDLC), we utilize a variety of scanning techniques such as Static Analysis (SAST), Software Composition Analysis (SCA), Malicious Dependency Scanning, Dynamic Analysis (DAST) of active applications, regular Network Vulnerability Scanning, and Continuous External Attack Surface Management (EASM) to preemptively identify and mitigate potential vulnerabilities.
Our enterprise security strategy involves centralized management of all corporate devices with advanced anti-malware protection, ensuring continuous monitoring. We maintain strict security protocols for vendor interactions and secure our remote access with robust VPN solutions and malware-blocking DNS servers, enhancing the overall security of our internet connections.
Employee and contractor security training is a cornerstone of our security posture. We provide comprehensive training upon onboarding and annually, supplemented by regular internal threat briefings to keep our team informed and vigilant against security risks.
If you have any security concerns or inquiries, please reach out to michael@plannotice.com. We are here to assist and address your concerns promptly.
