Online Perk comes with numerous technological controls to ensure the safety and security of your employee, company and financial data.
Session timeout
Perk Online Payroll implements automatic session timeouts to protect users from accidentally exposing their private financial data due to an inactive session. After 20 minutes of inactivity, the user is automatically logged off and the user must re-authenticate. Sessions are also terminated when the user closes the browser window without explicitly logging out.
Account lockout
To protect customers from targeted attacks, multiple successive failed login attempts result in an automatic account lock-out. To unlock the account, customers must either reset their password and try again or contact their employer’s Human Resources department.
Self-service password resets
The self-service password reset feature is a convenient option for customers who forget their passwords.It is also an opportunity for malicious attackers. Perk Online Payroll balances convenience and security with a multi-step password reset wizard.
SSL/HTTPS
Perk Online payroll utilizes Secure Socket Layer/ Transport Layer Security (SSL/TLS) technology, thus protecting end-user against man-in-the-middle (MITM) and SSL session hijacking type attacks.
Online payroll is hosted on one of the best cloud computing providers that uses the following approaches to secure data
SSAE 16 and ISAE 3402
Successfully completed multiple SAS70 Type II audits, and now publishes a Service Organization Controls 1 (SOC 1) report, published under both the SSAE 16 and the ISAE 3402 professional standards.
FISMA Moderate level
Received authorization from the U.S. General Services Administration to operate at the FISMA Moderate level, and is also the platform for applications with Authorities to Operate (ATOs) under the Defense Information Assurance Certification and Accreditation Program (DIACAP).
ISO 27001 certification
Achieved ISO 27001 certification, and has been successfully validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS).
Secure services
Each of the services within the Cloud is architected to be secure and contains a number of capabilities that restrict unauthorized access or usage without sacrificing the flexibility that customers demand.
Physical Security
The infrastructure is housed in Controlled data centers throughout the world. Only legitimate and authorized personnel know the actual location of these data centers. The data centers are secured with a variety of physical controls to prevent unauthorized access.