Your employee data is safe and accessible at all times
Every component is handled to satisfy industry best practise requirements, including data storage, transmission, access, backup, monitoring, testing, and assessment of our security protocols.
Data Access and Data Privacy
Our ability to protect and maintain the integrity of your subscription data is essential to our success. Our priority is protecting your data, which requires a cross-functional strategy and a variety of small and large activities. Here is a summary of our privacy and security protocols’ main points.
Access restrictions for databases and data storage
Only three senior executives in the company have access to databases and data storages. Direct data access is not available to developers. Our developers can only access this data through independently created authentication gateways in any human readable form. The gateway includes a custom querying engine that masked sensitive information, throttled requests, and audited all data query operations.
Access to support personnel is restricted
To provide support, our priority method is to give you support via Teamviewer or Any screen sharing software which provides us web-based access to your system.
No local or onsite data storage
Paypeople uses cloud infrastructure from Microsoft Azure and Amazon AWS, each with its own private network. On our development and test environments, we don’t use any other local or on-premise infrastructure to store any client data.
Compliance with GDPR
In order to assist our users and clients in complying, Paypeople maintains compliance with the EU’s General Data Protection Regulation and maintains product features, organisational standards, and legal documentation.
Encryption in Transit
Sessions between you and your portal are encrypted in transit using 2,048-bit or better keys and TLS 1.0 or higher. TLS 1.2 or 1.3 will be used by users with modern browsers.
Firewalls for web applications and network firewalls
Paypeople uses several tools to monitor potential attacks, including a web application firewall and network-level firewalling. Furthermore, the Paypeople platform includes Distributed Denial of Service (DDoS) prevention defences to help protect your site and product access.
The lifecycle of software development (SDLC) Security
Paypeople employs static code analysis tools as well as human review processes to ensure consistency in our software development practises.Our Secure Coding practises adhere to OWASP recommendations.
Paypeople products are hosted by cloud infrastructure providers who, among other things, have SOC 2 Type II and ISO 27001 certifications. Among the certified safeguards are dedicated security personnel, strictly managed physical access control, and video surveillance.
The patch management process used by Paypeople a identifies and addresses missing patches within the product infrastructure. Server-level instrumentation ensures that tracked software packages are using the latest versions.
Response to security incidents
The security incident process flows and investigation data sources for Paypeople are pre-defined through routine practise sessions and exercises, and they are improved during investigation follow-ups. To make sure that the appropriate actions are taken at the appropriate times, we employ standard incident response process frameworks.
Penetration testing, vulnerability assessment, and audits
Paypeople often performs tests to look for vulnerabilities. We do scans for infrastructure vulnerabilities and static code analysis.
Testing for penetration
Several times a year, Paypeople a uses outside penetration testing companies to test its infrastructure and products.
Certification and external auditing
Paypeople performs external audits and certification on a regular basis.
Resilience and Accessibility
Paypeople uptime consistently exceeds 99.9%. All customer data is completely backed up to numerous internet replicas and additional snapshots.
Our product and operations teams use proprietary and industry-recognized solutions to monitor application, software, and infrastructure behaviour.
Redundancy in Data Centers
Paypeople keeps multiple failover instances running to avoid outages caused by single points of failure.
Paypeople has strong controls in place to recover data and application code as quickly as possible. When applied to data within the same geography, the Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are 30 seconds and 5 seconds, respectively. We have 45 days of point in time restoration, so we can restore any desired date and time within the last 45 days. When applied to data stored in different geographies, RPO and RTO are 12 hours and 1 hour, respectively, in the unlikely event of a natural disaster.