People and Processes

From Who We Are to How We Work

Your business interests are at the heart of our security approach, and every Paylocity team member and our business processes focus on protecting the data you have entrusted to us.

We're Your First Line of Defense

Technology changes quickly today, and we stay ahead by building security into our products from the start, never bolting it on at the end as an afterthought.

Our mature Application Security Program aligns with the BSIMM framework and promotes security champions within our developer community. These trained experts work in our product teams and instill strong secure coding practices that reduce vulnerabilities and deliver secure web applications. We provide specific developer-focused security training that reinforces secure coding practices. We conduct static and dynamic scans, and internal and external penetration testing.

Paylocity Information Security professionals receive continued training and certifications from reputable organizations such as Information System Security Certification Consortium, Inc. (ISC2), the Information Systems Audit and Control Association (ISACA), and ECCouncil, among others. Our Security leaders and team members are accredited as Certified Information Systems Security Professionals (CISSPs) and with Global Information Assurance Certification (GIAC). Paylocity personnel also maintain relationships with security interest groups, such as the Open Web Application Security Project (OWASP), the Information Systems Security Association (ISSA) and InfraGard.

 

Security Before Day One

Our people are at the heart of a healthy security culture. We do background checks on every prospective Paylocity candidate before confirming their employment. Every Paylocity employee takes security training right from the start. We build it into our onboarding process to help raise awareness from Day One that securing your data is critical to everything we do.

Paylocity employees take annual security and privacy training to maintain our focus on protecting your interests. This mandatory training educates our employees on safe handling of sensitive information, appropriate response to a suspected data security breach, and awareness of security responsibilities. Our robust Security Awareness Program advances and promotes a healthy security awareness culture throughout the organization through supplemental education, training courses, videos, internal and external publications, and supporting activities.

 

Policies that Drive Practice

In addition to hiring great people and training them well, we maintain formal and documented information security policies that support how we work to protect your data. Our policies map to standard industry frameworks such as the National Institute of Standards and Technology (NIST), Committee of Sponsoring Organizations (COSO), and International Organization for Standardization (ISO) 27001, and establish structured governance, policies, standards, and controls. Our senior management formally reviews and approves policy deliverables on a periodic basis, as they do for policy updates and revisions.