TimeClock Plus 360° Security and Protection
to safeguard customers’ and your users’ sensitive data.
The TimeClock Plus v7 SaaS Environment
Our SaaS environment for TCP Cloud is hosted within industry-leading United States data centers. These secure facilities offer environmental protection, advanced network security, and both the processes and appliances to maintain the highest levels of data security.
Secure Data Centers
Applications are deployed to an N+1 standard to ensure sufficient capacity for traffic to be load-balanced to additional sites.
Secured Web Sessions
Personally identifiable information is encrypted in motion and at rest to guarantee maximum protection.
Backups and Deployments
Our certified security team performs continuous backups and adheres to strict recovery time and recovery point objectives.
While some customers may share certain resources, all customer databases are strictly segregated to prevent sharing of data.
TimeClock Plus v7 leverages multi-availability zones and auto-scaling groups to ensure high availability and limitless capacity.
About The TimeClock Plus Security Environment
Click a question below to learn more.
Resilience & Availability
Yes! TimeClock Plus’s availability is consistently above 99.9%. Customer data is 100% backed up and replicated to additional geographic regions. The only exception is for planned maintenance, which is communicated to customers in advance.
Your time tracking activities are as critical to us as they are to you. If there’s ever a customer-impacting situation, we will make you aware of it on our status page and will keep you continually updated.
Yes, 24x7x365! Our SaaS operations team monitors the service infrastructure and application behavior 24x7x365 using proprietary and industry-recognized solutions. Both manual and automated monitoring is employed to ensure the highest level of availability. Additionally, our service levels are backed by industry-leading cloud providers Amazon Web Services (AWS) and Rackspace.
Yes! Every part of the TimeClock Plus application is distributed across at least two data center availability zones. Databases, application servers, web servers, and load balancers as well as backend support services all contain multiple failover instances to prevent outage from single points of failure.
Always! Sessions between you and your database are always protected with SHA-256 in-transit encryption, advanced TLS 1.2 protocols, and SHA-256 encryption at rest. Data is encrypted between all devices – time clocks, web applications, and mobile apps.
Yes! TimeClock Plus prevents attacks with sophisticated monitoring and protections, including a high-grade web application firewall and tightly controlled network-level firewalling. In addition, TimeClock Plus’s Distributed Denial of Service (DDoS) prevention defenses protect both your site and access to your services from attack.
Yes! TimeClock Plus code is high quality from conception to deployment and has daily builds that are tested nightly against all known security threats. We leverage both automated, manual, and third-party analysis alongside human code review to ensure development best practices are implemented throughout our products. Once deployed, continuous penetration testing is used to ensure a high level of confidence in the protection of your data.
es! TimeClock Plus services are hosted with the world’s leading data center providers, Amazon Web Services (AWS) and Rackspace. Access to these data centers is strictly controlled and monitored by security staff, tight access control, and video surveillance. Our data center partners are SOC 2 Type II and ISO 27001 certified and provide N+1 redundancy to all power, network, and HVAC services.
Yes! The TimeClock Plus services infrastructure is distributed between multiple, distinct availability zones. We use multi-vendor diversity to ensure that a single failure does not negatively impact our full customer base.
Yes! Between our streamlined, agile approach to application delivery and our highly automated server infrastructure, TimeClock Plus quickly addresses new security issues as they arise. These technology and process structures allow TimeClock Plus to rapidly identify and mitigate new threats as they are identified.
Yes! TimeClock Plus uses enterprise-grade firewalling, routing, intrusion prevention, and behavior analytics capabilities to protect infrastructure and thwart attacks. Our industry-best hosting vendors also provide support in detecting and preventing attacks.
Yes! TimeClock Plus’s patch management process pushes security updates quickly and consistently. In most situations, patching is handled by deploying new server instances with the most up to date patches and de-provisioning out of date servers.
Yes! TimeClock Plus's incident response program is well documented and third-party audited. Incident process flows and investigation data sources are pre-defined and refined through root cause analysis and corrective action measures. We use standard incident response process structures to ensure that the right steps are taken at the right time, and we contract third-party incident response vendors to provide oversight. All incidents are reviewed by our Data Protection Officer.
Audits and Testing
Yes! We test for potential vulnerabilities continuously in all layers of the technology stack and nightly during development to prevent a security threat from ever reaching production. Dynamic application scans, static code analysis, and infrastructure vulnerability scans are run continually.
Yes! We contract third-party penetration testing firms each year to test the TimeClock Plus products and corporate infrastructure. We also utilize industry-respected penetration testing tools to continuously test our products and corporate infrastructure. We provide these reports to our auditors. All of our security programs are audited annually as part of our third-party SOC 2 Type II certification.
Thanks to TCP's superior functionality, all I had to do was set up my job codes and I was rolling.
Liberty Tax Service