Security by Design
The design of our platform, infrastructure, business and operational processes as well as employee selection are all undertaken with data security to the fore. As a new organisation are fortunate that we do not have legacy systems to protect, habits to break and processes to re-engineer to ensure data security. Instead our model is based on state-of-the-art technology and best practices.
Information Security Management System (ISMS)
Our ISMS is based on the ISO27001 (2013) framework laying out our policies and procedures with respect to all aspects of Information Security. These are then integrated with our risk management asset monitoring and incident management systems to give us real time view our assets and potential exposures.
First Line of Defence
Our people are HR and Payroll industry veterans with keen awareness of how critical information security is for our business success. We have industry experts advising us on our information security policies and procedures as well as providing training to ensure that our team is up to date with best practice and continually reflecting this in our ISMS.
Payzaar hosts with Microsoft Azure in the European Union, Azure is an ISO 27001 certified hosting service supporting hundreds of thousands of organisations, worldwide 90% of Fortune 500 companies use Microsoft Azure. This provides us with strong physical and logical security as well as business resilience capabilities. Learn more…
We operate a fully redundant infrastructure across several data centres and automatically back up our environments every day to remote and secure secondary recovery sites. We guarantee system availability of 99.5% or better.
Access to production systems are strictly controlled, all access is logged and audited in line with our access control and change management policies contained within our ISMS. Development, test and production are fully segregated.
- Two factor authentication strong passwords and configurable password lengths
- Idle session duration settings
- Deterrents for brute force attacks
- Encryption for all data in transit and at rest
- Our security is role based to ensure that you grant the correct level of access to the right individuals with your organisation.
We partner with the renown British Standards Institute’s Cybersecurity and Information Resilience unit to perform penetration testing on our systems to independently verify our infrastructure and software.
We have separately retained a Certified Ethical Hacker to probe our platform and infrastructure and we employ continuous vulnerability scanning to identify risks in real time.
We host our environments in the European Union and do not transfer your data out of the European Union to other third-party hosting providers.
The only people that will move your data is your employees during the normal course of their work. We are governed by Irish and EU data protection legislation and compliant with GDPR Regulations, effective May 2018.