Keeping your data secure and available
Keeping your data secure and available is the most important thing we do for our customers, our employees and our shareholders.
Security by Design
The design of our platform, infrastructure, business and operational processes as well as employee selection are all undertaken with data security in mind. As a young organization, we are fortunate to not have legacy systems to protect, habits to break and processes to re-engineer to ensure data security. Instead, our model is based on state-of-the-art technology and best practices.
Information Security Management System (ISMS)
Our ISMS is based on the ISO27001 (2013) framework laying out our policies and procedures with respect to all aspects of Information Security. These are fully integrated with our risk management, asset monitoring, and incident management systems to give us real time vision of our assets and potential exposures.
First Line of Defence
Our people are HR and Payroll industry veterans with keen awareness of how critical information security is for our business success. We retain expert advisors who support us on information security policy design, procedure design, as well as ongoing training to ensure that our team is up to date with best practices and continually reflecting this in our ISMS.
Business
Continuity
World-Class Hosting
Payzaar hosts with Microsoft Azure in the European Union, Azure is a SOC 1 Type I and SOC Type II certified hosting service supporting hundreds of thousands of organizations worldwide. 90% of Fortune 500 companies use Microsoft Azure. This provides us with strong physical and logical security as well as business resilience capabilities.
High Availability
We operate a fully redundant infrastructure across several data centers and automatically back up our environments every day to remote and secure secondary recovery sites. We guarantee system availability of 99.5% or better.
Information
Security
Access
Control
Access to production systems is strictly controlled, all access is logged and audited in line with our access control and change management policies contained within our ISMS. Development, test and production are fully segregated.
Application Security
Features
- Two factor authentication, strong passwords, and configurable password lengths
- Idle session duration settings
- Deterrents for brute force attacks
- Encryption for all data in transit and at rest
- Role-based security to ensure that you grant the correct level of access to the right individuals within your organization.
3rd Party
Testing
We partner with the renowned British Standards Institute’s Cybersecurity and Information Resilience unit to perform penetration testing on our systems to independently verify our infrastructure and software.
We also retain a Certified Ethical Hacker to probe our platform and infrastructure, and we employ continuous vulnerability scanning to identify risks in real time.
Data Privacy
We host our environments in the European Union and do not transfer your data out of the European Union to other third-party hosting providers.
The only people that will move your data are your employees during the normal course of their work. We are governed by Irish and EU data protection legislation and are compliant with GDPR Regulations, effective May 2018.