Securing Your Data

Safeguarding You and Your Information

Our technology infrastructure and architecture are designed to keep disruptions to your business at bay. Our formal security program with regular testing helps us protect our clients' information as our top priority.

High Availability and Redundancy

We use enterprise-class data centers to ensure both the physical security of your data and consistent product suite uptime. These data centers undergo a rigorous independent audit in accordance with the AICPA’s SSAE 18 standard to ensure compliance and safeguarding of client data. Co-location services consist of 24 hours a day, 7 days a week, 365 days a year physical and environmental protection services.

We connect data centers to multiple independent Internet service providers. Redundant hardware is in place throughout the network infrastructure to ensure network traffic delivery. We protect the environment from hardware failure by utilizing load balancing and clustering technologies.


Underlying Security Technology

Your confidence in our ability to manage your critical business information and needs is important to us. We protect our client data with industry-accepted solutions and practices, including:

  • Intrusion Prevention System (IPS)
  • Intrusion Detection System (IDS)
  • Web Application Firewalls (WAF)
  • Network Firewalls
  • Security Information and Event Management (SIEM)
  • Virus and Malware Detection
  • Data Loss Prevention (DLP)
  • Penetration Testing
  • Vulnerability Scanning
  • Dynamic Application Security Testing (DAST)
  • Static Application Security Testing (SAST)

Clients access our private-cloud SaaS environment via encrypted TLS sessions using unique user IDs. Our product suite provides configurable application security features and logical access based on the client’s business processes and needs. We encrypt sensitive client information both during transmission and at rest using industry standard protocols.


Monitoring and Backup

Paylocity utilizes advanced monitoring technologies on all levels of our applications and infrastructure. This includes integrated 24/7 on-call paging systems to ensure real-time alerting and response of any issues.

Paylocity relies on a multi-tiered, redundant backup strategy to help ensure recovery of archived data. Backup procedures include daily snapshots of all critical client data to multiple catalog stores, review of daily backup logs, full monthly backups, and daily differential backups. We test backups regularly to ensure recovery reliability. We encrypt and securely transport offsite data backups to our secondary data center location.


Disaster Recovery Protocols

Paylocity maintains, reviews, and tests our disaster recovery plan to be well-prepared for potential disasters. At a high level, we prepare to coordinate key personnel, restore critical infrastructure systems, data, application functions, and conduct post-failover validation. Not only do we regularly review the results of disaster recovery testing activities, we refine and revise our plans as needed to improve our preparedness.


Security Features Built into Our Product

Protecting your critical information is worth taking extra steps and Paylocity has several built-in security features for your company to use. Your Company Administrators will utilize multi-factor authentication for standard system log-ins, as well as step-up authorization when they request changes involving sensitive data such as tax documentation. For more information on available security features, please reach out to Paylocity.