Helping to keep your plan secure
Keeping retirement plan and participant data secure is a mission-critical priority at John Hancock. As the threats to cybersecurity become more sophisticated, so do our efforts to help keep your plan safe.
We're committed to adherence to recognized international technology and security standards.
ISO 27001 certified company compliant1
Sarbanes-Oxley compliant
AICPA SOC 1 Type 2 and SOC 2 Type 2 compliant
Multi-tiered approach
Timeline
-
1
Our technology has multiple layers of security protocols and systems.
-
2
At the global level, Manulife Financial provides risk execution, which focuses on network intrusion detection and prevention, domain-level access provisioning, firewall configuration, and management at the perimeter.
-
3
John Hancock risk management provides a divisional risk profile that examines policies and procedures, vendor risk management, and risk assessment.
-
4
At John Hancock, we focus on application management, cybersecurity, identity access management, regulatory compliance, and participant behavior.
Technology infrastructure
Secure, resilient, and redundant
Our recordkeeping platform uses the IBM data center, which is ISO 27001 certified and delivers increased security protection surrounding our data, disaster recovery protocols, and business redundancy.
Round-the-clock physical security
Encryption of all data in transit between IBM’s data center and John Hancock
Layered firewalls
Application logging and monitoring
Automated backup controls
Load balancing
Currency patching
Disaster recovery site outside the geographic region
Front-end security
Measures to help protect data at the front line
At John Hancock, we have additional safeguards through application management, cybersecurity measures, identity access management, regulatory compliance, and encouraging safe participant online behavior. Our enterprise information security program has comprehensive round-the-clock business resiliency and disaster recovery, and we monitor web traffic for fraudulent third-party access and the presence of certain malicious software.
At the front end of a web transaction: multifactor authentication and risk scores
We use multifactor, risk-based account authentication that analyzes more than 100 factors in real-time and assigns a risk score determined by device and behavior profiling.
- Device profiling analyzes the device being used to access our website or mobile application.
- Behavior profiling looks at the record of typical activity for a user.
At the front end of a phone call: phoneprinting
Pindrop analyzes 147 factors in real time and assigns a risk score. Phoneprinting looks at factors that include:
- Geographic location
- Call type (e.g., landline or mobile)
- Unique phone
- Noise clarity, background noise, and packet loss
Operational safeguards
Supporting technology with process
Technology solutions aren’t enough—we’ve also implemented processes and procedures that help to secure our network and data.
Daily monitoring of participant accounts for suspicious activity
Temporary hold on participant accounts when suspected fraudulent activity is detected
A cooling period policy, so that no withdrawal or loan requests are paid by ACH for a period of time after registering on the participant website. This ensures that the participant has time to receive notice of the registration and transaction request.
As part of our efforts to keep participant accounts safe and secure, John Hancock offers a Cybersecurity Guarantee
Under the Cybersecurity Guarantee, John Hancock will, subject to certain conditions, compensate participants for unauthorized transfers of cash out of covered accounts1 occurring through no fault of their own by reimbursing the amount of any cash included in such an unauthorized transfer.
Learn more about our Signature platform
Engaging your participants in the power of their plan
We provide participants with personalized guidance to help them create a plan to meet their unique financial and retirement goals.
Building your plan
With five decades of retirement plan experience, we know how to get your plan up and running quickly so your employees can start saving.
Selecting and monitoring investments
Whether you want to do it yourself or get help, we've got tools and services to help you select and monitor your plan's investment lineup.
Managing your plan
You'll have the fiduciary support and plan management tools you need to help you mitigate your risk and fulfill your duties.
Financial professionals—want to learn more about John Hancock Signature?
Find your local John Hancock representativeGroup annuity contracts and recordkeeping agreements are issued by John Hancock Life Insurance Company (U.S.A.), Boston, MA (not licensed in New York), and John Hancock Life Insurance Company of New York, Valhalla, NY. Product features and availability may differ by state. Each entity makes available a platform of investment alternatives to sponsors or administrators of retirement plans without regard to the individualized needs of any plan. Unless otherwise specifically stated in writing, neither entity is undertaking to provide impartial investment advice or give advice in a fiduciary capacity. Securities are offered through John Hancock Distributors LLC, member FINRA, SIPC.