You are currently visiting LifeWorks.com, would you like to visit a LifeWorks regional site?

close

Security Overview – EAP CMS

Protecting customer data is always a priority at LifeWorks. Our success as a business relies on the security of customer data stored with us. As a company, we use the LifeWorks platform ourselves for user analytics and engagement. This document mentions steps we take to ensure security, privacy and confidentiality of customer data.

1. Incoming data security

All data collected and stored as part of the EAP service is provided by Individual Participants and saved by Case Managers in LifeWorks Employee Assistance Program (EAP) Case Management System (CMS).

2. Incoming request logging

All incoming requests are logged and stored on persistent storage for analysis and audit. Alerts have been created based on predetermined thresholds or triggers, as well as intelligent analyses alerts on behavior that deviates from standard practices. Logs are purged periodically based on industry retention best practices.

3. User data security

Data is dispersed across different systems to segregate data that may be identifiable from data that may contain sensitive information. This helps us with disclosure mitigation in the event of a breach, data access expediency, redundancy, and recoverability. At rest and in transit encryption is used throughout. Backups are encrypted and segregated in the same manner.

Databases are located in the EU, USA, and/or Canada. Sensitive Data is stored in the respective region of the participant.

Users own all rights to their data and can request a copy of the information LifeWorks has on them on LifeWorks systems.

LifeWorks does not sell customer data.

5. Running systems

Advanced threat protection and intrusion detection modules are used in each of the environments for enhanced monitoring, logging, auditing, as well as, detective and preventive mechanisms.

6. Datacenter security

Datacenters maintain geo-diverse location for extended redundancy and high availability. LifeWorks has deployed application and environmental controls that ensure that Confidentiality, Integrity, and availability of their environment and infrastructure. Access to datacenter and services is strictly monitored and controlled via badge, biometric, and on-site security. All Datacenters where production data is housed maintain industry standard compliance certifications such has SSAE 16\18 and ISO.

7. Team

At LifeWorks, our Engineering, InfoSec, and I.T. teams are experienced and bring many years of operational experience running secure and scalable services.

The security and confidentiality of your data is core to our success as a business and we will continue to be proactive, vigilant and diligent in ensuring its safety.

If you notice something unusual in your information, have a question or a suggestion please e-mail us at support@LifeWorks.com.

Security Overview – Rewards & Recognition Platform

Protecting customer data is always a priority at LifeWorks. Our success as a business relies on the security of customer data stored with us. As a company, we use the LifeWorks platform ourselves for user analytics and engagement. This document mentions steps we take to ensure security, privacy and confidentiality of customer data.

1. Incoming data security

All data collection endpoints support SSL \ TLS 1.1 and TLS 1.2 encryption protocols with SHA256 certificates and at least 2048 bit hashes. This allows devices with varied support to securely connect to the LifeWorks application.

We log all authentication attempts to the application, and have password and lockout policies to mitigate common password threats.

2. Incoming request logging

All incoming requests are logged and stored on persistent storage for analysis and audit. Logs are purged periodically based on industry retention best practices.

3. User data security

User data is stored and encrypted at rest. Data is dispersed across a number of databases and volumes for redundancy, recoverability, and expedient access.

Users own all rights to their data and can request a copy of the information LifeWorks has on them on LifeWorks systems. LifeWorks provides role based administration access to client’s representative so that they can configure their employees’ login and passwords settings.

LifeWorks does not sell customer data.

5. Running systems and Applications

LifeWorks uses battle tested open source software to power its application stack. We scan our applications monthly for flaws and vulnerabilities and patch critical findings within 24h hours of discovery. Moreover, we scan our codebase for vulnerabilities and common flaws that identify (at least) the current OWASP top ten findings prior to any release going live. In addition, we destroy and rebuild nodes that power public facing endpoints every few days and auto scale services on demand. This ensures we don’t have configuration drift in production.

6. Datacenter security

Amazon Web Services is our hosting provider. They maintain data­centers that are fully compliant with a range of certifications which allow finance, healthcare and government data to be stored in their data­centers. A full list of compliance and more information along with certification is available at  https://aws.amazon.com/compliance/.

Shared responsibility with Amazon means we focus on application and data security while physical security is managed by them.

7. Team

At LifeWorks, our Engineering, InfoSec, and I.T. teams are experienced and bring many years of operational experience running secure and scalable services.

The security and confidentiality of your data is core to our success as a business and we will continue to be proactive, vigilant and diligent in ensuring its safety.

If you notice something unusual in your information, have a question or a suggestion please e-mail us at support@LifeWorks.com.

Make your employees feel loved