TimeClock Plus 360° Security and Protection

to safeguard customers’ and your users’ sensitive data.

  View A Free Demo Video

SaaS Environment and Security

Our SaaS environment for TCP Cloud is hosted within industry-leading United States data centers. These secure facilities offer environmental protection, advanced network security, and both the processes and appliances to maintain the highest levels of data security.
TimeClock Plus SaaS Security
click image to enlarge

Secure Data Centers

TimeClock Plus v7 is hosted in SOC 2/ISO 27001/NIST/CSA/FedRAMP certified data centers with 24/7 monitoring.

99.9%+ SLA

Applications are deployed to an N+1 standard to ensure sufficient capacity for traffic to be load-balanced to additional sites.

Secured Web Sessions

Personally identifiable information is encrypted in motion and at rest to guarantee maximum protection.

Backups and Deployments

Our certified security team performs continuous backups and adheres to strict recovery time and recovery point objectives.

Multi-Tenant Architecture

While some customers may share certain resources, all customer databases are strictly segregated to prevent sharing of data.

Multi-Availability Zones

TimeClock Plus v7 leverages multi-availability zones and auto-scaling groups to ensure high availability and limitless capacity.

Download the TimeClock Plus Security Overview

Our Security Overview, Global Data Privacy Policy, and SOC 3 Report offer a comprehensive review of our security programs.

About The TimeClock Plus Security Environment

Click a question below to learn more.
Resilience & Availability

Resilience & Availability

Yes! TimeClock Plus’s availability is consistently above 99.9%. Customer data is 100% backed up and replicated to additional geographic regions. The only exception is for planned maintenance, which is communicated to customers in advance.
Your time tracking activities are as critical to us as they are to you. If there’s ever a customer-impacting situation, we will make you aware of it on our status page and will keep you continually updated.
Yes, 24x7x365! Our SaaS operations team monitors the service infrastructure and application behavior 24x7x365 using proprietary and industry-recognized solutions. Both manual and automated monitoring is employed to ensure the highest level of availability. Additionally, our service levels are backed by industry-leading cloud providers Amazon Web Services (AWS) and Rackspace.
Yes! Every part of the TimeClock Plus application is distributed across at least two data center availability zones. Databases, application servers, web servers, and load balancers as well as backend support services all contain multiple failover instances to prevent outage from single points of failure.
Application Security

Application Security

Always! Sessions between you and your database are always protected with SHA-256 in-transit encryption, advanced TLS 1.2 protocols, and SHA-256 encryption at rest. Data is encrypted between all devices – time clocks, web applications, and mobile apps.
Yes! TimeClock Plus prevents attacks with sophisticated monitoring and protections, including a high-grade web application firewall and tightly controlled network-level firewalling. In addition, TimeClock Plus’s Distributed Denial of Service (DDoS) prevention defenses protect both your site and access to your services from attack.
Yes! TimeClock Plus code is high quality from conception to deployment and has daily builds that are tested nightly against all known security threats. We leverage both automated, manual, and third-party analysis alongside human code review to ensure development best practices are implemented throughout our products. Once deployed, continuous penetration testing is used to ensure a high level of confidence in the protection of your data.
Datacenter Protections

Datacenter Protections

Yes! TimeClock Plus services are hosted with the world’s leading data center providers, Amazon Web Services (AWS) and Rackspace. Access to these data centers is strictly controlled and monitored by security staff, tight access control, and video surveillance. Our data center partners are SOC 2 Type II and ISO 27001 certified and provide N+1 redundancy to all power, network, and HVAC services.
Yes! The TimeClock Plus services infrastructure is distributed between multiple, distinct availability zones. We use multi-vendor diversity to ensure that a single failure does not negatively impact our full customer base.
Software Security

Software Security

Yes! Between our streamlined, agile approach to application delivery and our highly automated server infrastructure, TimeClock Plus quickly addresses new security issues as they arise. These technology and process structures allow TimeClock Plus to rapidly identify and mitigate new threats as they are identified.
Yes! TimeClock Plus uses enterprise-grade firewalling, routing, intrusion prevention, and behavior analytics capabilities to protect infrastructure and thwart attacks. Our industry-best hosting vendors also provide support in detecting and preventing attacks.
Yes! TimeClock Plus’s patch management process pushes security updates quickly and consistently. In most situations, patching is handled by deploying new server instances with the most up to date patches and de-provisioning out of date servers.
Yes! TimeClock Plus's incident response program is well documented and third-party audited. Incident process flows and investigation data sources are pre-defined and refined through root cause analysis and corrective action measures. We use standard incident response process structures to ensure that the right steps are taken at the right time, and we contract third-party incident response vendors to provide oversight. All incidents are reviewed by our Data Protection Officer.
Audits and Testing

Audits and Testing

Yes! We test for potential vulnerabilities continuously in all layers of the technology stack and nightly during development to prevent a security threat from ever reaching production. Dynamic application scans, static code analysis, and infrastructure vulnerability scans are run continually.
Yes! We contract third-party penetration testing firms each year to test the TimeClock Plus products and corporate infrastructure. We also utilize industry-respected penetration testing tools to continuously test our products and corporate infrastructure. We provide these reports to our auditors. All of our security programs are audited annually as part of our third-party SOC 2 Type II certification.
Many are available for download in our Resource Library! TimeClock Plus has third-party certified its compliance with the EU-U.S. Privacy Shield framework (GDPR) and maintains Skyhigh Enterprise-Ready certification for enterprise privacy. Additionally, our SOC 3 report, Security Overview, and Global Data Privacy Policy are available for download. Our SOC 2 Type II report is available to customers with a signed NDA. Our data center providers maintain ISO 27001, SOC 2 Type II, and many other certifications which can be downloaded on their website.
AICPA SOC 2 for Service Organizations
AICPA SOC 2 Compliance

SOC 2 compliance is a component of the American Institute of CPAs (AICPA)'s Service Organization Control reporting platform. Its goal is to make sure that systems are set up so they assure security, availability, processing integrity, confidentiality, and privacy of customer data.

Skyhigh Enterprise Ready
Skyhigh Enterprise-Ready

Bestowed on cloud services that fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.

Privacy Shield Certified
Privacy Shield Certified

The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

Amazon Web Services Technology Partner
APN Technology Partners

APN Technology Partners provide software solutions that are either hosted on, or integrated with, the AWS platform. APN Technology Partners include Independent Software Vendors (ISVs), SaaS, PaaS, Developer Tools, Management and Security Vendors.

Biometric Time Clock from TimeClock Plus

The TimeClock Plus Biometric Time Clock

Our biometric time clocks conform to all existing data privacy laws and combined with the biometric management tools in TimeClock Plus v7, will help you to maintain compliance, making it the best fingerprint time clock system.

It's easy to use; I love that I can easily check to see when I clocked in or out, and that I can see how many hours I've worked over the course of the week.

Service Quality & Operations Manager

Broadway Cab

Go To Top