People and Processes

From Who We Are to How We Work

Your business interests are at the heart of our security approach. Every Paylocity team member and our business processes focus on protecting the data you have entrusted to us.

We're Your First Line of Defense

Technology changes quickly, and we stay ahead by building security into our products from the start, never bolting it on at the end as an afterthought.

Our mature Application Security Program aligns with the BSIMM framework and promotes security champions within our developer community. These trained experts work in our product teams and instill strong secure coding practices that reduce vulnerabilities and deliver secure web applications. We provide specific developer-focused security training that reinforces secure coding practices. We conduct static and dynamic scans, and internal and external penetration testing.

Paylocity Information Security professionals receive continued training and certifications from reputable organizations such as Information System Security Certification Consortium, Inc. (ISC2), the Information Systems Audit and Control Association (ISACA), and ECCouncil, among others. Our Security leaders and team members hold a variety of industry certifications, including but not limited to Certified Information Systems Security Professionals (CISSPs), Certified Information Privacy Professionals (CIPP), and Offensive Security Certified Professional (OSCP), along with a handful of different Global Information Assurance Certification (GIAC) certifications. Paylocity personnel also maintain relationships with security interest groups, such as the Open Web Application Security Project (OWASP), the Information Systems Security Association (ISSA), and InfraGard.

Security Before Day One

Our people are at the heart of a healthy security culture. We do background checks on every prospective Paylocity candidate before confirming their employment. Every Paylocity employee takes security training right from the start, and we require 100% participation that is closely monitored by our Compliance team. From Day One, our onboarding process raises awareness that securing your data is critical to everything we do. 

Paylocity employees retake annual security and privacy training to maintain our focus on protecting your interests. This mandatory training educates our employees on safe handling of sensitive information, appropriate responses to a suspected data security breach, and awareness of security responsibilities. Our robust Security Awareness Program advances and promotes a healthy security awareness culture throughout the organization through supplemental education, training courses, videos, internal and external publications, and supporting activities. 

Policies that Drive Practice

In addition to hiring great people and training them well, we maintain formal and documented information security policies that support how we work to protect your data. Our policies map to standard industry frameworks such as the National Institute of Standards and Technology (NIST), Committee of Sponsoring Organizations (COSO), and International Organization for Standardization (ISO) 27001, and establish structured governance, policies, standards, and controls. Our senior management formally reviews and approves policy deliverables on a periodic basis, as they do for policy updates and revisions.