Guideline account passwords are encrypted salted and hashed numerous times when they are stored in the database. Industry-standard authentication practices are utilized, including SSL. Single sign-on payroll providers are also integrated with Guideline to offer a streamlined sign-on experience.
Guideline gives sponsors complete control over who can see and who can modify plan and participant information.
Guideline operates based on a system of user roles and access permissions. Sponsors can add third party administrators, even administrators/bookkeepers that may have access to many disparate Guideline plans.
Guideline’s database infrastructure is encrypted before data insertion and secondarily at rest. When whole-database encryption is not desired, very high granularity is available to protect more specific information: user accounts, specific identifiable data, and even the values of specific fields can be encrypted separately. The encryption system is configured to pass the strictest PCI, and state privacy laws.
Guideline utilizes Web Application Firewalls to ensure data is validated and scrubbed before entry into the database. Security scans are performed weekly and on a deploy-centric basis. The system tests that user-entered data and even the form fields themselves match expected formats and values.
Guideline protects against brute-force password attacks by limiting the number of login attempts from a single source over a predefined period of time. Failed login attempts are logged and visible via our in-house response dashboard. Guideline can also be configured to allow administrators to ban individual IP addresses and address ranges.
Guideline includes features that address all of the Open Web Application Security Project’s top ten security risks — a list of the most commonly seen risks in practice. We prevent and test for all risks on an ongoing basis.