SmartBen’s mission is to modernize benefit administration and employee self-service by delivering a "smart" information platform that empowers HR and employees to be true benefit consumers.
For optimal performance, using the most recent version of a browser is recommended. Please visit the following sites to check for available upgrades:
To maximize the SmartBen experience, a supported browser must be used. Additionally, certain files may require Adobe Acrobat Reader to view or print PDF files. If you need to install Adobe Acrobat Reader, you can download it at the Adobe site below:
For security purposes, SmartBen monitors the number of consecutive unsuccessful login attempts made with a single username. Once the number of allowable attempts has been exceeded, the account will be temporarily locked. If you have repeatedly tried to log in unsuccessfully and feel you may be using incorrect credentials, please contact your HR administrator who can assist you with resetting your password.
Please note that access to SmartBen is discontinued upon employment termination.
SmartBen provides a password recovery tool for employees who have a valid email address in the system. The password recovery tool prompts a user for username and birth date. Upon validation, an email with a link to reset the account password will be sent to the user’s email address. If you attempt to utilize the password recovery tool but do not receive an email, you may not have a valid email address in the system. In this case, please contact your HR administrator for assistance.
SmartBen is committed to providing state-of-the-art security for our clients' sensitive data. We protect your company and employee data by using multiple levels of security protection. Our security platform includes application security, host security, encryption during transmission, and physical barriers to our server environment. Our security methods ensure that your critical data and information is more secure than if it were kept on-premises or in an office. This protection starts with a wide range of physical security features for the servers that host the SmartBen application and data. The hosting facility provides 24x7 security monitoring by on-premises security officers, continuous video camera surveillance, electronic motion sensors, security breach alarms, and biometric access and exit sensors. Access to the servers is strictly limited to authorized SmartBen personnel.
Physical security of the servers is only half of the battle. SmartBen also uses comprehensive measures to protect our clients' data during transmission over the Internet. Access to the site requires a unique username and password. Once the user has successfully authenticated their identity and requests information, data transfers between the client and server are protected by 128-bit Secure Socket Layer (SSL) encryption. SSL creates a secured connection between our web servers and the user's browser, which eliminates unauthorized access to transmitted data and received data.
The data is hosted behind a dedicated firewall cluster for traffic load balancing and high availability in the event of a system failure. The firewall only permits designated traffic to access the SmartBen servers. Unauthorized system access is proactively monitored and attack definitions updated at multiple daily intervals providing protection against attacks and OWASP threats. Furthermore, the SmartBen system is also protected by a Unified Threat Management (UTM) System that is monitored 24x7. This system eliminates network-based attacks and intruders at the firewall as a third level of defense. SmartBen’s fourth level of defense is the deployment of an application firewall which monitors web traffic at the application level and monitors against attack vectors.
SmartBen encrypts all data on its network of servers in addition to external offsite database backups using strong 256-bit encryption. Hard drive encryption as well as an encrypted email system is maintained on all desktop and laptop systems to meet the highest security and HIPAA standards. Each of these elements combines to form the highest level of security available, while providing our customers with ease of system use.
Our data facilities, in addition to the SmartBen system itself, have successfully completed the SSAE 16 Type II audits (formally SAS 70). These audits were performed by independent auditing firms. SmartBen is dedicated to security at a level that meets or exceeds the highest industry and regulatory standards.
SSAE 16, developed by the Auditing Standards Board ("ASB") of the American Institute of Certified Public Accountants ("AICPA"), replaces the Statement on Auditing Standards No. 70 ("SAS 70"), which was the standard used for reviewing the control processes of service organizations for nearly two decades. SSAE 16 has been created to address some of the limitations of SAS 70 Type II audits for technology service providers.
A SSAE 16 examination is widely recognized, because it represents that a service organization has been through a thorough evaluation of their control activities as they relate to an audit of the financial statements of its customers. A Type II report not only includes the service organization's system description, but also includes detailed testing of the design and operating effectiveness of the service organization's controls.