Securing Your Data

Safeguarding You and Your Information

Our technology infrastructure and architecture are designed to keep disruptions to your business at bay. Our formal security program with regular testing helps us protect our clients' information as our top priority.

Infrastructure Security & Resilience

We host our solution using enterprise-class data centers to ensure both the physical security of your data and consistent product suite uptime. These data centers undergo a rigorous independent audit in accordance with the AICPA’s SSAE 18 standards to ensure compliance and safeguarding of client data. Co-location services consist of 24 hours a day, 7 days a week, 365 days a year physical and environmental protection services. 

We connect data centers to multiple independent Internet service providers. Redundant hardware is in place throughout the network infrastructure to ensure network traffic delivery. We protect the environment from hardware failure by utilizing load balancing, high availability, and clustering technologies.

Robust Underlying Security Technology

Your confidence in our ability to manage your critical business information and needs is important to us. We protect our client data with industry-accepted solutions and practices, including:

  • Deployment of Intrusion Prevention Systems (IPS) to detect and block malicious traffic

  • Web Application Firewalls (WAF) that protect our application from attacks

  • Network Firewalls

  • Security Information and Event Management (SIEM)

  • User and Entity Behavior Analytics (UEBA)

  • Endpoint Detection and Response (EDR) to protect our workstation and server population

  • Data Loss Prevention (DLP) at multiple layers of our dataflow stack

  • Regular Penetration Testing from both our internal teams and external providers

  • Multi-layered vulnerability management program to identify technical bugs within our product and infrastructure

  • Clients access our private-cloud SaaS environment via encrypted TLS sessions using unique user IDs. Our product suite provides configurable application security features and logical access based on the client’s business processes and needs. We encrypt sensitive client information both during transmission and at rest using industry-standard protocols.

Advanced Monitoring and Backup

Paylocity utilizes advanced monitoring technologies that leverage telemetry from multiple points of our applications and infrastructure. We employ an in-house team dedicated to responding to these security alerts, as well as a third-party provider for off-hours coverage and real-time escalation if needed.

Paylocity relies on a multi-tiered, redundant backup strategy to help ensure recovery of archived data. Backup procedures include daily snapshots of all critical client data to multiple catalog stores, review of daily backup logs, full monthly backups, and daily differential backups. We test backups regularly to ensure recovery reliability. We encrypt and securely transport offsite data backups to our secondary data center location.

Security Features Built into Our Product

Protecting your critical information is worth taking extra steps, and Paylocity has several built-in security features for your company to use. By default, your company administrators will need to utilize multi-factor authentication for standard system log-ins, as well as added layers of authentication when requesting changes involving sensitive data like tax documentation. Multi-factor authentication can be enabled for non-company administrators upon request.

From an authorization perspective, administrators are able to define fine-grained access across their user base to allow access to only areas of our suite that individuals need access to. We also log all activities within the platform so administrators can easily access for periodic review. For more information on how to enable any of these features and more, please reach out to us.