blank
Need to Chat?
Have questions or need help finding some info?
Chat Now
TimeClock Plus Data Security
TimeClock Plus Data Security

Our Cloud Environment

Our SaaS environment for TCP Cloud is hosted within United States based data centers with network security, firewall, encrypted web sessions/data transmission/storage, load balancing, and tiered service. These are secure facilities that offer environmental protection, with server specialists providing server maintenance and scheduled backups.

blank

  • Secure SOC 2/ISO 27001/NIST/CSA certified data centers as well as GDPR compliant
  • 24x7x365 availability and monitoring (>= 99.9 SLA outside of maintenance windows)
  • Encrypted and secured web sessions
  • Highly protected personally identifiable information using strong encryption at rest mechanisms
  • Daily managed backups and Multi-AZ deployments
  • Multi-tenant Architecture
  • Disaster recovery RPO and RTO of 24 hours

Infrastructure

The physical structures, IT, and other hardware (for example, facilities, computers, equipment, mobile devices, and telecommunications networks)

DMI’s production infrastructure is located at Rackspace US, Inc. (“Rackspace”) data centers and Amazon Web Services, Inc. (“AWS”) data centers within the AWS Elastic Cloud Compute (EC2) environment. Both data centers provide high availability and infrastructure resilience by distributing the production infrastructure across multiple geographical locations within the United States.

DMI’s customer data reside within dedicated and encrypted databases located at Rackspace and AWS data centres in the continental United States. Additionally, DMI provides internal and external users a web application front-end that is accessible via the Internet.

Software

The application programs and IT system software that supports application programs (operating systems, middleware, and utilities). DMI’s development and quality assurance (QA) environment is hosted and maintained by DMI at the San Angelo, Texas, facility. The environments are logically and physically segmented from the production environment. Customer data is not permitted to be migrated into the development or QA environment without explicit approval by the customer via signed special service agreement for troubleshooting purposes. Confidential or sensitive information is purged from the dataset before the customer data is migrated into lower environments. Change management policies and procedures are documented and contain procedures regarding separation of duties, authorization, development, testing, and approval prior to implementation.

People

The personnel involved in the governance, operation and use of our systems (developers, operators, entity users, vendor personnel, and managers) at DMI includes, but is not limited to, the following:

  • Executive management.
  • Human resources (HR)
  • Development and system operations
  • Network administrators
  • Cybersecurity

Procedures

The automated and manual procedures DMI has in place to help ensure that customer security confidentiality and availability commitments are met. DMI’s security, confidentiality and availability commitments to user entities are documented and communicated to customers via customer contracts, mutual nondisclosure agreements, and e-mail correspondences.

Data

Transaction streams, files, databases, tables, and output used or processed by a system; Data stored within the TimeClock Plus SaaS system is inclusive of customer data, system configurations and files. Data is input into the system by the customer via the TimeClock Plus SaaS web application and maintained within customer specific databases. Customer data utilized for the TimeClock Plus SaaS system includes personally identifiable information, as well as, data related to time and attendance (e.g. employee clock records and manager information). Customer data is considered confidential and restricted, and accessible only by the customer and authorized internal support personnel. Output reports are accessible via the TimeClock Plus web application upon successful authentication into the application.

Accountability

DMI’s management philosophy and operating style encompass a broad range of characteristics. Such characteristics include management’s approach to monitoring business risks; management’s conservative attitude and actions toward information processing, financial reporting, and personnel. Management meetings are held frequently to address issues as they are brought to management’s attention.

Security, Surveillance, and Protection

Standard security and confidentiality commitments include, but are not limited to, the following:

  • Maintaining a data security program that includes reasonable and appropriate technical, organizational, and security measures to protect against the destruction, loss, unavailability, unauthorized access or alteration of confidential customer data.
  • Regular security audits of the environment.
  • Conducting employee information security awareness training and performing background checks at the time of hire.
  • Implementing industry standard firewall appliances and firewall rules to restrict access to its application and systems inside the data center network.
  • Implementing standard information security measures and controls designed to protect information at rest (AES 192 or 256) and in transit (TLS 1.1, 1.2).
  • Maintaining customer data confidential and not to disclose information to any unauthorized parties without written consent and to notify customers should there be a breach of their data.
  • 24x7 threat monitoring and protection including both passive and active IDS and IPS deployments as well as continuous network and systems data feeds and analysis.

Redundancy

DMI monitors the daily business and operational activities, including the internal control environment, as a routine part of business. DMI has implemented a set of network and application tools for monitoring the production environment and production support systems. The fundamental Availability goal for the SaaS environment to provide an SLA of 99.9 (Historically it has been higher) outside of maintenance windows and if database loss occurs provide a recovery time objective of 24 hours and a recovery point objective of 24 hours. To achieve higher level of availability in our most critical systems we rely on Multi-AZ data deployments and high resiliency storage services for data back-ups. System and environmental impacting events are communicated to our customers via our Status site as well as relevant maintenance notices.

Compliance

TimeClock Plus SaaS is SOC 2 Type I and Type II compliant under the AICPA trust principles of Security, Confidentiality, and Availability which are tested and certified yearly by a third party audit firm. We have also undergone the process of becoming PrivacyShield self-certified. In addition, our data service partners Rackspace and AWS maintain certifications across a wide spectrum of industries and governing bodies.

Want to Learn More? Request a Demo Today!Contact a Repblank
TimeClock Plus Homepage