Payslip Team Focus

April 28, 2021 | 5 Mins Ralitsa Slavova

Name

Ralitsa Slavova

Title

Senior Project and Governance Manager

Location

Varna, Bulgaria

Protecting global clients

At Payslip, a large part of my role is documenting policies and procedures that provide crucial protection to both our global clients, ICP vendors and our own employee data. Information security and data protection have become very important parts of the sales process as potential clients want to learn in detail about our standards and commitment to data security.

My role at Payslip is to ensure that prospects, existing clients and all relevant stakeholders fully understand our approach and to explain to them how we prioritize the protection of data and information here at Payslip.

Due diligence and governance are a major priority for Payslip and our clients. I collaborate with colleagues to ensure all legal, information security and data protection standards are met by Payslip, clients and suppliers during the implementation and integration processes.

Rigorous information security and privacy management

Expectations around data security are understandably very high as both clients and employees have valid concerns around how their data is gathered, processed, stored and protected in digital cloud platforms.

It is my responsibility to ensure that the rigorous information security and privacy protection policies and procedures we have committed to, are followed consistently and in line with international standards.

I work with our clients and suppliers to create a wide range of due diligence documentation that ensures Payslip’s operations are being assessed against strict information security and data protection requirements.

I examine information security and privacy due diligence with all current and future suppliers to ensure all of our data processors have strong security and privacy. I also make sure all Payslip employees, contractors and relevant parties receive mandatory Information security and privacy training.

ISO Certification and why it matters

Payslip’s global payroll automation & integration platform is ISO 27001:2013 certified and this information security and privacy standard helps us prove our commitment to data management and security. Becoming certified was an important step for Payslip as a global company. 

In April 2021 we also received our ISO27701:2019 Privacy Information Management Systems Certification, the first international standard for privacy information management. It is an extension to ISO27001:2013 and it ensures Payslip is responsible and accountable for Personally Identifiable Information (PII), proving we know how to manage data and safeguard privacy. Both certifications are extremely important to our clients, employees and partners.

Now, it is about ensuring that we consistently meet the requirements outlined in these standards- there is an external audit every six months, and every company needs to be re-certified after three years – so it is an ongoing process that involves vigilance and consistent awareness. 

Payslip commits to regular and comprehensive internal audits as per an agreed Internal Audit Program.  In my role as Governance Manager, it is my responsibility to see they are planned, conducted, communicated and that any corrective actions needed are taken. I hold regular review meetings with our Information Security and Privacy Governance board to discuss any important developments, highlight risks, investigate issues and report on findings.

It is vital that Payslip as an organization continues to meet these standards as they represent an important validation of our security and privacy measures and prove that we meet and consistently maintain best practices. By achieving this, we are then in a position to fully reassure our clients that the necessary system capabilities are in place to help them manage their important payroll related data in a secure and compliant manner.

Security and Re-assurance

One of the things I like the most about my role here at Payslip is that I have the opportunity to speak directly to our clients and outline in detail our commitment to the highest standards when it comes to information security and data protection procedures. I enjoy educating clients on our internal practices and clarifying Payslip’s approach to governance.

I am the central point of contact for any clarifications they require, and I provide detailed information and analysis on our processes. Global payroll data contains sensitive data, so I consider it very important to highlight the strict measures we take to protect it at all times.

Clients take governance seriously and want to have detailed conversations with somebody who has very specific knowledge and is capable of answering their questions in detail. They will often have a list of specific data protection items to be answered and I am in the privileged position of being able to fully reassure them that our standards and practices exist to prioritize the protection of their data.

Payslip is a global organization with employees in multiple locations. They are also interested in data protection and appreciate any information I can give them that proves that Payslip operates a secure environment and also protects their rights as data subjects.

I am genuinely passionate about information security and enjoy my role as it allows me to meet client expectations, engage with our leadership team, drive customer satisfaction and create a company culture where data protection is understood, valued and prioritized- everybody benefits from this.

 

Subscribe to our Blog