Data Security, Privacy & Compliance
Stay secure with Payslip
Payslip’s platform delivers complete security, compliance, and governance for your global payroll.
Payslip is committed to the absolute information security, protection, and privacy of the data in our platform.
The Payslip platform has the most rigorous levels of security and auditing built into every layer of its technology, and we revisit our information security and data protection policies and practices routinely to ensure they adhere to the highest and most up-to-the-minute standards.
CONFIDENTIALITY
INTEGRITY
AVAILABILITY
Payslip enables our clients to operate in a secure environment with all communication occurring within the platform.
Choose our secure multi-tenant environment, or upgrade to a Virtual Private Cloud (VPC). Payslip’s workflows, integrations, and hyper automation deliver a comprehensive global payroll management process, while providing full compliance with information security and privacy standards and a secure gateway, zero trust data store, and governance engine that you can trust.
Accreditation and Certification
Payslip has achieved accredited certification with the following globally-recognized standards for security and data protection.
ISO27001
ISO/IEC 27001:2013 (also known as ISO27001) is the international standard that sets out the best practice for an ISMS (information security management system). Read more here.
ISO27701
ISO/IEC 27701:2019 (also known as ISO27701) is an extension to ISO/IEC 27001 for privacy information management. Read more here.
Type 1 SOC 1
System and Organization Controls (SOC) is a suite of accreditations from AICPA. SOC 1 assesses an organisations’ ICFR (internal control over financial reporting). Read more here.
GDPR
Our ISO certification includes full GDPR compliance. Read more here.
Type 2 SOC 1, and SOC 2 certification are on our roadmap.
Data security
Payslip uses a wide range of technologies and practices to defend personal data from unauthorized access or malicious attacks and exploitation of data. The Payslip platform is designed to protect and preserve data integrity, ensuring that data is accurate and reliable.
Physical security
Payslip uses highly-secure AWS data centers to host its SaaS platform.
Access Control
The Payslip platform uses a Zero Trust approach to ensure privacy and security of data. We operate on the Principle of Least Privilege (POLP) and Role-based Access Control (RBAC) to restrict user access to the bare minimum.
Authentication
Payslip supports Single Sign-On (SSO) with Security Assertion Markup Language (SAML).
Smart Data Governance
Payslip’s support for role-based access enables you to restrict what your users can see and the actions they can perform.
Data Encryption
All data on Payslip is obfuscated and encrypted using the strongest and most robust encryption standards.
Network traffic to and from the Payslip platform across public internet is protected by Transport Layer Security (TLS). TLS defends against data tampering and eavesdropping.
Workflow-Aware Architecture
Payslip helps our partners manage and protect personal data without sacrificing usability.
Zero Touch
Payslip’s Zero Touch approach protects data on our platform. Manual intervention by users is replaced by automation and integrations that perform ingestion and validation of data.
Advanced Data Control
As a global payroll platform, Payslip is designed to be audit-ready, providing a comprehensive set of reports on activity.
Availability
The Payslip platform is highly available. Our Business Continuity policy and plan ensures minimal disruption to your business in the event of a disaster. The Payslip platform is made subject to regular recovery testing.
Payslip data is backed up continuously. The backups are archived in a secure vault and cannot be edited in any way.
Smart Data Governance
Payslip’s support for role-based access enables you to restrict what your users can see and the actions they can perform.
Data Privacy
Data privacy is the proper handling, processing, storage and usage of personal identifiable information (PII). Payslip is committed to the absolute protection and privacy of PII data.
Data Retention
Payslip will retain the Client data as per the terms agreed in the MSA. The data retention solely depends on the legal requirements of the relevant countries and Payslip takes the instructions from the Client and Client ICP’s as their In-country experts.
Data isolation
Payslip has a responsibility to ensure no tenant can ever access data belonging to another tenant. To isolate tenant data, every tenant on Payslip is on a completely separate schema.
GDPR
Our ISO certification includes full GDPR compliance.
Payslip and Data Protection
We have designed Payslip from the start to be a Global Payroll control platform, so we are very aware that you will be hosting your employee or data subjects PII data on our platform.
We have designed with:
- the best industry standards for information security and data protection
- built in controls and within the platform and around the platform to secure your data
