Canada Smart Plan is proud to provide our clients the convenience of being able to:
- Manage changes and updates to their own online account
- Paper free claiming – Submit claims receipts directly through their own online portal
- Enjoy direct funding of adjudicated claims reimbursement without having to fund an external account for this purpose.
- Direct deposit of claims reimbursement to the employee’s bank through the CSP client portal.
Our technology, coupled with our 24/7/365 live online client support, Canada Smart Plan allows the ultimate in client convenience and speed of processing and reimbursement, unequaled anywhere.
The Ultimate In Online Security
Canada Smart Plan (CSP) delivers state-of-the-art security to ensure that our customer data is always secure. At CSP, we know that security is crucial to you — that’s why security is our top priority.
Significant resources are devoted, to continually develop our world-class security infrastructure.
The result: unsurpassed security and privacy for our customers’ information.
Our technology provides the following:
- Experienced, professional engineers and security specialists dedicated to round-the-clock data and systems protection.
- Round the clock deployment of proven, up-to-date security patches, RPM updates and intrusion testing.
- Ongoing evaluation of emerging security developments and threats.
- Complete Redundancy through our entire online infrastructure.
- Total commitment to a secure, scalable, managed solution, providing the highest quality of world class security to our clients.
CSP is as secure as the leading online financial services companies, in fact we have many direct integrations with financial institutions where we have met and exceeded their rigorous standards.
Configured by experts and rigorously tested, our world-class security infrastructure includes proven, up-to-date firewall protection, intrusion detection systems, SSL encryption, and other security technologies, including proprietary products developed specifically for our customer interface.
Physical Security. Our Primary Server facility is in San Antonio, TX at the world renown Rackspace Data Center. It is a facility that provides 24-hour physical security, palm print and picture identification systems, redundant electrical generators, redundant data center air conditioners, and other backup equipment designed to keep servers continually up and running.
Perimeter Defense. The network perimeter is protected by multiple firewalls and monitored by intrusion detection systems — all sourced from industry-leading security vendors. In addition, CSP monitors and analyzes firewall logs to proactively identify security threats. CSP also contracts with a third-party security firm that proactively monitors our security configurations for changes, vulnerabilities, and errors and regularly conducts vulnerability threat assessments including penetration tests.
Internal Systems Security. Inside of the perimeter firewalls, the systems are safeguarded by network address translation, port redirection, IP masquerading, non-routable IP addressing schemes, and more. The specific details of these features are proprietary.
User Authentication. Users access CSP only with a valid username and password combination, which is encrypted via SSL while in transmission. Users are prevented from choosing weak or obvious passwords. An encrypted session ID cookie is used to uniquely identify each user. For added security, the session key is automatically scrambled and re-established in the background at regular intervals.
Data Encryption. CSP uses the strongest encryption products to protect customer data and communications, including 128-bit VeriSign SSL Certification and 1024-bit RSA public keys. The lock icon in the browser indicates that data is fully shielded from access while in transit.
Application Security. Our robust application security model prevents one CSP customer from accessing another’s data. This security model is reapplied with every request and enforced for the entire duration of a user session.
Database Security. Whenever possible, database access is controlled at the operating system and database connection level for additional security. Access to production databases is restricted to a limited number of points, and production databases do not share a master password database.
Operating System Security. CSP enforces tight operating system-level security by using a minimal number of access points to all production servers. We protect all operating system accounts with strong passwords, and production servers do not share a master password database. All operating systems are maintained at each vendor’s recommended patch levels for security and are hardened by disabling and/or removing any unnecessary users, protocols, and processes.
Reliability and Backup. All networking components, SSL accelerators, load balancers, Web servers, and application servers are configured in a redundant configuration. All customer data is stored on a database served by a database server cluster for redundancy. All customer data is stored on carrier-class disk storage using RAID disks and multiple data paths. All customer data, up to the last committed transaction, is automatically backed up to a primary tape library on a nightly basis. Backup tapes are immediately cloned to verify their integrity, and the clones are moved to secure, fire-resistant, off-site storage on a regular basis.
Server Management Security. All data entered into the CSP application by a customer is owned by that customer. CSP employees do not have direct access to the CSP production equipment, except where necessary for system management, maintenance, monitoring, and backups. The CSP systems engineering team provides all system management, maintenance, monitoring, and backups.
Disaster Recovery. CSP has an agreement in place with a third-party provider of availability services to provide access to a geographically remote disaster recovery facility — along with required hardware, software, and Internet connectivity — in the event our production facilities were to be rendered unavailable. CSP has disaster recovery plans in place and tests them regularly — in our QA environment on a quarterly basis and off-site with the third-party provider on an annual basis.