Last Updated: 20-06-2024
Adlabs Consultancy Solutions Pty Ltd (behalf of PayBell Payroll) (“Company”, “we”, “our”, “us”) is committed to ensuring the security of your data. This Security Policy outlines the security measures and practices we implement to protect your information when you use our Software as a Service (SaaS) payroll application (“Service”).
- Organizational security
Adlabs Consultancy Solutions Pty Ltd (behalf of PayBell Payroll) (“Company”, “we”, “our”, “us”) is dedicated to maintaining the highest security standards to protect the data of our clients and users. This Organizational Security Policy outlines our commitment to security and the measures we take to safeguard our Software as a Service (SaaS) payroll application (“Service”).
- Employee background checks
Each employee undergoes a process of background verification. We do this to verify their criminal records, previous employment records if any, and educational background. Until this check is performed, the employee is not assigned tasks that may pose risks to users.
- Employee Training and Policies
Security Awareness Training: All employees undergo regular security awareness training to ensure they understand and adhere to our security policies and best practices.
Confidentiality Agreements: Employees are required to sign confidentiality agreements and adhere to strict data protection policies to prevent unauthorized disclosure of sensitive information.
- Dedicated security and privacy teams
We have dedicated security and privacy teams that implement and manage our security and privacy programs. They constantly monitor our networks to detect suspicious activity. They provide security consulting services and guidance to our engineering teams.
- Device Security
All employees and contractors are adhering to the following device security protocols:
-
- Approved Devices: Only company-approved devices may be used to access company systems and data. Personal devices are not permitted unless explicitly authorized and secured according to company policies.
- Access Controls: Devices must be protected by strong passwords or biometric authentication. Passwords must be changed regularly and must comply with our password policy.
- Software Updates: All devices must have up-to-date operating systems and applications. Automatic updates should be enabled to ensure timely installation of security patches.
- Antivirus and Anti-Malware: Devices must have approved antivirus and anti-malware software installed and active at all times. Regular scans should be performed to detect and remove any malicious software.
- Physical Security
At Development Center
We control access to our resources (buildings, infrastructure and facilities), where accessing includes consumption, entry, and utilization, with the help of access cards. We provide employees, contractors, vendors, and visitors with different access cards that only allow access strictly specific to the purpose of their entrance into the premises. Human Resource (HR) team establishes and maintains the purposes specific to roles. We maintain access logs to spot and address anomalies.
We monitor all entry and exit movements throughout our premises in all our Development Center and offices through CCTV cameras deployed according to local regulations. Back-up footage is available up to a certain period, depending on the requirements for that location.
At Data Centers
At our Data Centers, a co-location provider takes responsibility of the building, cooling, power, and physical security, while we provide the servers and storage. Access to the Data Centers is restricted to a small group of authorized personnel.
- Infrastructure Security
We implement rigorous network and infrastructure security measures to safeguard our SaaS payroll application and ensure the protection of our clients’ data. Our security framework includes the following key components:
- Data Encryption: All communication between users and our Service is encrypted using TLS to protect data in transit, to prevent unauthorized access and ensure data integrity during transmission.
- Firewalls and Intrusion Detection: Firewalls and intrusion detection/prevention systems are deployed to protect our networks from unauthorized access and attacks.
- Monitoring: Network traffic is monitored continuously for suspicious activity.
- Secure Development Practices
-
- Our development team follows secure coding practices and undergoes regular training on security best practices.
- Code reviews and security testing are conducted for all applications before deployment.
Incident Management
We have a detailed incident response plan in place to address security incidents promptly and effectively.
The plan includes procedures for identifying, containing, and mitigating security breaches, as well as notifying affected parties and regulatory authorities, if necessary.
Incident Reporting
All employees and contractors are required to report security incidents immediately to the Security Management Team.
Incidents are logged, investigated, and remediated in accordance with our incident response procedures.
- Data Security
Secure by design
We adhere to the principle of “Secure by Design” to ensure that security is integrated into every stage of the software development lifecycle. This approach guarantees that our SaaS payroll application is built with security as a foundational component rather than an afterthought.
Data Separation
Each client’s data is logically separated in our multi-tenant environment. This ensures that data for different clients is segregated and cannot be accessed by unauthorized parties. You are the owner of your data; we do not share your data with any third parties without your consent.
Data retention and deletion
We hold your data as long as you use our service. Once your account gets inactive (either through service expiry or termination) your data will get deleted from our servers during the next clean-up that occurs once every 6 months. In case your unpaid account being inactive for a continuous period of 180 days, we reserve the right to terminate it after giving you prior notice.
Backup Policy
We make daily incremental backups and full server backup on weekly basis. We store them in tar.gz format. All backed up data are retained for a period of three months. If a customer requests data recovery within the retention period, we will restore their data and provide secure access to it. The timeline for data restoration depends on the size of the data and the complexity involved.
To ensure the safety of the backed-up data, we use a redundant array of independent disks (RAID) in the backup servers.
Security practices form Customers end
- Use unique and strong password and keep it safe. Also change them periodically.
- Use Multi Factor Authentication
- Use updated OS, Browser versions, software etc.
- Use Antivirus software
- Be cautious about phishing and malware threats by looking out for familiar emails, websites, and links that may exploit your sensitive information by impersonating Adalbs/PayBell or other service providers you trust.
Conclusion
We remain dedicated to maintaining the highest standards of data security to earn and preserve your trust in our services. Security is a continuous mission for us.