Effective
Date: October
01, 2020
Last Updated: February 01, 2024
PayrollPRO.PH values the security and privacy of
client data. To deliver reliable and secure payroll and HRIS services,
PayrollPRO.PH relies exclusively on trusted hosting providers.
PayrollPRO.PH does not engage third-party
sub-processors for any form of data processing. All personal and
payroll-related data are managed directly by PayrollPRO.PH and hosted exclusively on trusted
providers, namely DigitalOcean, Microsoft Azure, and Google Workspace. These
providers are certified under internationally recognized security standards
(ISO/IEC 27001, SOC 2, GDPR frameworks) and implement strong safeguards such as
data encryption, access controls, and regular security audits to ensure the
confidentiality, integrity, and availability of client data.
PayrollPRO.PH currently
engages the following hosting providers:
·
Role: Primary cloud hosting and
infrastructure provider for application servers and data storage.
·
Security
Standards:
o
ISO/IEC
27001 certified
o
SOC
2 Type II compliant
o
GDPR-aligned
security framework
o
Data
encryption in transit and at rest
·
Role: SSO authentication, Cloud backup and
disaster recovery hosting provider.
·
Security
Standards:
o
ISO/IEC
27001, ISO/IEC 27018 certified
o
SOC
1, SOC 2, and SOC 3 compliant
o
CSA
STAR certified
o
Encryption
and advanced threat protection
·
Role: Secure communication and productivity
platform used for internal and client correspondence (e.g., email, document
sharing, SSO).
·
Security
Standards:
o
ISO/IEC
27001, ISO/IEC 27017, ISO/IEC 27018 certified
o
SOC
2 Type II compliant
o
GDPR-compliant
infrastructure
o
Multi-factor
authentication and encryption in transit and at rest
·
Role: Domain registry and hosting provider
for *.ph domains used by PayrollPro.ph.
·
Security
Standards:
Operates under ICANN and PH regulatory requirements with industry-standard
security practices.
·
Safeguards: Domain management security, DNS
protection, and registry-level safeguards to prevent unauthorized domain access
or hijacking.
All hosting providers engaged
by PayrollPRO.PH:
·
Comply
with international security
standards and certifications
(ISO/IEC 27001, SOC 2, GDPR frameworks).
·
Implement
data encryption at rest
and in transit.
·
Maintain
strict access control
and monitoring systems.
·
Undergo
regular third-party audits
and vulnerability testing.
PayrollPRO.PH remains fully accountable for the protection of client and
employee data. Hosting providers serve only as infrastructure providers and do
not access or use payroll data for any other purpose.
PayrollPRO.PH will update
this disclosure if additional hosting providers are engaged or if material
changes occur in hosting arrangements. Clients will be notified in advance of
any significant changes.