Data Privacy and Security
As a leading provider of online services, J. J. Keller & Associates, Inc.® is committed to protecting the privacy, security, integrity and availability of your data by implementing appropriate, industry-recommended administrative, technical, and physical safeguards. The following outlines how we accomplish this.

J. J. Keller recognizes that while using our Prospera® service, employers will enter sensitive and confidential personal information and medical information ("Confidential Information") about employees. The only source of Confidential Information in Prospera® is the information entered by you, the employer. J. J. Keller has voluntarily developed and implemented security and privacy policies and procedures using the standards of HIPAA and HITECH as benchmarks. While we are not a "Business Associate" for purposes of an employer's use of our Prospera® service because employers are not "Covered Entities" when performing non-health-plan, HR functions, such as FMLA administration and tracking, we strive to voluntarily adhere to many of the security and privacy standards set forth in HIPAA and HITECH.

J. J. Keller is focused on the privacy and security of your data and Confidential Information you enter into Prospera®. We have implemented business practices to ensure data integrity and accessibility while you are a valid subscriber. J. J. Keller does not process, analyze, review, or manipulate your data or Confidential Information. J. J. Keller does not disclose your data or Confidential Information to any other party, except as directed by you or in the case of a valid administrative or judicial order. A limited number of authorized J. J. Keller staff may have incidental exposure to your data and/or Confidential Information while providing technical support services to you at your request.

Administrative Safeguards
J. J. Keller regularly examines its environment and administrative activities to identify potential security risks and evaluate the likelihood and impact of those risks on customers and customers' data. Appropriate safeguards are implemented to address or minimize any identified risks.

J. J. Keller's Technology Services – Human Resources team has a designated security official, who is responsible for developing and implementing its security policies and procedures.

Established policies and procedures allow your data to be accessed only by authorized personnel, and only when such access is necessary to perform their job duties.

All members of J. J. Keller's Technology Services – Human Resources team receive training on our security policies and procedures upon hire. Refresher training is conducted periodically or when procedures are updated. Team members are required to sign a confidentiality agreement where they agree to keep all customer data confidential and secure and only access and use such customer data as needed to perform necessary activities on behalf of J. J. Keller. No disclosure of information is made to others inside or outside of J. J. Keller except to accomplish such activities or as required by law.

If J. J. Keller becomes aware of a security breach that affects Prospera®, customers shall be notified and reasonable steps shall be taken to mitigate the breach and damage caused by the breach, in accordance with all applicable state and/or federal law.

Prospera® uses IBM and other third party service providers to conduct periodic audits of our security procedures and systems. The audits provide an additional check of our systems to ensure that system security is maintained at the highest level. If any third party service provider receives access to any customer data, that service provider must first agree to maintain the security, privacy and integrity of any customer data in the manner consistent with J. J. Keller's policies and procedures.

Physical Safeguards
Prospera® servers are located in a secure, state-of-the-art Internet hosting facility. The servers are monitored 24 hours a day, seven days a week for any signs of technical problems, malicious activity (including intrusion detection), and site availability. Access to the data on these servers is limited to a small group of authorized J. J. Keller staff only. Our hosting facility is SSAE 16 (replaces SAS 70) certified.

Prospera® utilizes a redundant server infrastructure with website traffic balanced across the infrastructure. In the event of a hardware failure, traffic will automatically be routed to another server.

Backups of all servers are created on a daily basis to protect your data in the unlikely event of a hardware failure. A stringent schedule of preventative maintenance is followed to minimize this risk. Backup files are encrypted and stored at a secure, offsite location. In addition, we maintain a fully functional backup site at another location to protect against data loss in the event of a physical disaster (fire, flood, etc.). The backup site servers are hosted by the same company as our primary servers and subject to the same security protections.

Workstations are required to be locked at all times when unattended. Sensitive customer information, when used to perform necessary job functions, is stored securely when not in use and appropriately disposed of after the necessary tasks have been completed.

Customer data is not allowed to leave J. J. Keller premises.

Technical Safeguards
User passwords are encrypted to prevent unauthorized access. The best way to secure your information is to protect your user name and password. Without your user name and password, another user cannot gain access to any of the records you have created in the Prospera® service. We strongly suggest that you change your password on a regular basis and keep it confidential at all times. As described in the Personal License for the Prospera® service, "You may not allow others to access Prospera® using your Personal License Password or User Name".

If you are a part of a group in Prospera®, the other members within your group will be able to view and/or edit the records in your company's account. Access to your group is controlled by your company Administrator.

System controls are in place preventing access to your Prospera® data, except for those J. J. Keller personnel who are specifically authorized as part of their job duties.

Prospera® utilizes several layers of data encryption. Data residing within the Prospera® database (data at rest) is encrypted utilizing 256 bit AES. Data transferred to the customer via the Prospera® web pages (data in motion) utilizes 128-bit SSL encryption. This is the level used by most banks and other sites where a secure environment is necessary.

Secure Sockets Layer (SSL) protects data transferred over http using encryption enabled by the Prospera® server's SSL Certificate. An SSL Certificate contains a public key and a private key. A public key is used to encrypt information and a private key is used to decipher it. When your browser points to Prospera® (a secured domain), SSL authenticates the server (Prospera®) and the client (your browser) and establishes an encryption method and a unique session key. This begins a secure session that guarantees message privacy and message integrity.

Our virus scanning software is updated on a daily basis to ensure that we have the highest protection available. All site traffic is scanned as it enters or leaves the site.

Remote Computer Access
With your permission, a member of our support team will use our live remote-assistance tool (GoToAssist™), to view your desktop and control of your mouse and keyboard to help resolve your technical issue. Once the session is closed, the GoToAssist™ access cookie is reoved and we no longer have access to your computer.

Copyright 2019 J. J. Keller & Associates, Inc. All rights reserved.