Company News

eBenefits Solutions Completes Type 1, SOC 2

Every day, hackers attack organizations and steal, corrupt, or even deny access to critical and valuable data maintained in their I.T. systems. These increasingly common occurrences, and their potentially devasting consequences, reinforce the importance of robust data protection policies, practices, and protocols. This includes working exclusively with vendors that take extra measures to safeguard private data, such as protected health information.

Completing a System and Organization Controls (SOC 2®) examination is one such measure best-in-class vendors take to keep data safe. The American Institute of CPAs sets these stringent standards, which make sure vendors have the appropriate controls in place to protect and secure data, while ensuring accessibility. As important as this is, not all benefits administration vendors complete a SOC 2 examination. 

Data protection takes priority
We help tens of thousands of individuals understand, select, and enroll in a broad array of benefit program offerings. This enormous responsibility requires us to collect and maintain voluminous amounts of highly sensitive personal data about these individuals.

Protecting and maintaining the integrity of this data takes precedence over everything else we do—everything. That’s why we recently underwent a SOC 2 examination by an independent third-party certified public accountant (CPA) firm.


On May 31, 2019, eBenefits completed its Type 1, SOC 2 examination. The Type 1, SOC 2 standards measure an organization’s ability to meet their clients’ performance expectations in five key operational categories:

  1. Security: Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to meet its objectives.
  2. Availability: Information and systems are available for operation and use to meet the entity’s objectives.
  3. Processing Integrity: System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.
  4. Confidentiality: Information designated as confidential is protected to meet the entity’s objectives.
  5. Privacy: Personal information is collected, used, retained, disclosed, and disposed to meet the entity’s objectives.

The frequency and sophistication of threats to the security and operational integrity of I.T. systems everywhere will increase. eBenefits’ completion of this exam underscores our ongoing commitment to protecting our clients’ data, which will always be our most important priority.