Technology changes quickly, and we stay ahead by building security into our products from the start, never bolting it on at the end as an afterthought.
Our mature Application Security Program aligns with the BSIMM framework and promotes security champions within our developer community. These trained experts work in our product teams and instill strong secure coding practices that reduce vulnerabilities and deliver secure web applications. We provide specific developer-focused security training that reinforces secure coding practices. We conduct static and dynamic scans, and internal and external penetration testing.
Paylocity Information Security professionals receive continued training and certifications from reputable organizations such as Information System Security Certification Consortium, Inc. (ISC2), the Information Systems Audit and Control Association (ISACA), and ECCouncil, among others. Our Security leaders and team members hold a variety of industry certifications, including but not limited to Certified Information Systems Security Professionals (CISSPs), Certified Information Privacy Professionals (CIPP), and Offensive Security Certified Professional (OSCP), along with a handful of different Global Information Assurance Certification (GIAC) certifications. Paylocity personnel also maintain relationships with security interest groups, such as the Open Web Application Security Project (OWASP), the Information Systems Security Association (ISSA), and InfraGard.