Security Portal

Get access to this Security Portal
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Overview

This page overviews Netchex's security program and is your one-stop shop for all your due diligence and vendor management needs. At Netchex, we understand that data confidentiality, integrity, and availability are paramount to your business's success and continued growth. That is why we bake our Information Security Team's commitment to data security into every aspect of our services.

Call us at (877) 729-2661 or email at hello@netchexonline.com for more information on how to protect your employee data by choosing Netchex.

Compliance

SOC 1 Logo
SOC 1
SOC 2 Logo
SOC 2
Get access to this Security Portal
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access
Security Whitepaper
SOC 1
SOC 2
Financial Reports
Network Requirements
Vulnerability Assessment Report
Insurance Certificates
Master Services Agreement
Business Continuity Policy
General Incident Response Policy

Risk Profile

Data Access LevelRestricted
Critical DependenceYes
HostingMajor Cloud Provider

Product Security

Role-Based Access Control
Audit Logging
Data Security
See more

Reports

Network Requirements
Financial Reports
Vulnerability Assessment Report
See more

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Code Analysis
Secure Development Training
Vulnerability & Patch Management
See more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Corporate Security

Employee Training
HR Security

Policies

Business Continuity Policy
General Incident Response Policy

Security Grades

Qualys SSL Labs
Netchex Application
A

Trust Center Updates

Netchex SOC 1 for Oct 2021 through Sept 2022 is now available!

Compliance

Netchex completed its SOC 1 Type II audit for October 1, 2021, through September 30, 2022, audit period and is now available in the Netchex Security Portal.

Our SOC 1 reports on Netchex's controls relevant to User Entities' Internal Control over Financial Reporting (ICFR). Our SOC 1 report is Type 2, which reports on the controls design and operating effectiveness over 12 months.

Download Netchex SOC 1 Type II Report

Published at N/A

Netchex is not affected by the OpenSSL vulnerabilities CVE-2022-3602 and CVE-2022-3786.

Incidents

Netchex has completed its review and can confirm that no internal corporate systems are vulnerable to OpenSSL vulnerabilities CVE-2022-3602 and CVE-2022-3786.

Published at N/A

Netchex has completed a review of its application infrastructure to confirm that there are no instances of OpenSSL vulnerable to CVE-2022-3602 and CVE-2022-3786.

Additional technical details are below:

All Netchex users connect to the Netchex application through our Web Application Firewall (WAF), which uses BoringSSL instead of OpenSSL. Additionally, all other publicly exposed infrastructure has been reviewed and confirmed to be free of impacted versions of OpenSSL.

The Netchex security team has regularly scheduled scans for all other internal resources to confirm that there are no vulnerable versions of OpenSSL in its corporate environment. We will post an update early next week on the results of these scans.

Published at N/A*

Making Netchex Safe & Secure: What Does it Mean to be Cyber Ready?

General

A vendor that does not practice cyber readiness can directly impact your ability to conduct business and put your employees and customers at risk. Therefore, it is crucial to have a Benefits, HR, and Payroll partner you can trust.

Netchex is here to help by ensuring the data you entrust us with is safe and cyber ready, as well as provide you with free resources for your business to be cyber ready as well.

Read More: Making Netchex Safe & Secure: What Does it Mean to be Cyber Ready?

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.