Security Statement

Offshore Payroll Limited

1.  Protecting your data

We’re committed to the security of our customers’ data and provide multiple layers of protection for the personal and financial information you trust to Offshore Payroll. We empower you to achieve compliance with confidence and security infrastructure that keeps your data safe.

2.  You control access

As an Offshore Payroll customer you have the flexibility to invite unlimited users into your account to collaborate on your data, and the person that holds the subscription has control over who has access and what they are able to do. Our customer support staff cannot access your information unless you invite them to help. Please see our privacy policy for further information.

3. Protecting your sessions

The Offshore Payroll web application session will automatically time out after 30 minutes of inactivity. You will then need to log back in to gain access to your account. This is setup for your security, in case you forget to close your session and walk away from your computer.

4.  User authentication

We provide standard access to the Offshore Payroll web application through a login and password. In addition, we offer the option of using two-factor authentication. This provides a second layer of security for your Offshore Payroll account. It combines something you know (your user name and password) with something you have (an authentication app on your smartphone or tablet). This second layer of security is designed to prevent anyone but you from accessing your account even if they know your password.

5.  Password Security

The login for Offshore Payroll enforces a uniform password policy (guided by the National Institute of Standards and Technology).

6.  Network Protection

Offshore Payroll takes a “defence in depth” approach to protecting our systems and your data. Multiple layers of security controls protect access to and within our environment, including firewalls and network segregation. The application is multi-tenanted and therefore the customer data is segregated in an entirely separate database.

7.  Hosting Platform

Offshore Payroll outsources the hosting of its infrastructure to leading cloud infrastructure providers – Amazon Web Services (AWS) and is located within an EU data centre, currently Dublin.

8.  Secure data centres

Offshore Payroll’s servers are located within an enterprise-grade hosting facilities that employ robust physical security controls to prevent physical access to the servers they house. These controls include 24/7/365 monitoring and surveillance, on-site security staff and regular ongoing security audits. Business continuity and disaster recovery plans have been independently validated as part of AWS’s SOC 2 Type 2 and ISO 27001 certifications. Compliance documentation is publicly available at the AWS Cloud Compliance Page.

9. Data encryption

We encrypt all data that goes between you and Offshore Payroll using industry-standard TLS 1.3 (Transport Layer Security), protecting your personal and financial data. Back up media is encrypted at rest in Amazon Web Services. Your data is also encrypted when we transfer it between data centres for backup and replication.

10. Built to perform at scale

Offshore Payroll has been designed to grow with your business. Our high-performance servers, networks and infrastructure ensure we can deliver quality service to you and our numerous other users.

11. Constant updates and innovation

We’re constantly enhancing Offshore Payroll, delivering new features and performance improvements. Updates are delivered frequently, with the majority of them being delivered without interrupting our service and disrupting users.

12. Auditing

The Offshore Payroll app comes with a full auditing module to give you peace of mind on software use and to allow you to adhere to any internal compliance audits within your business.

13. Organisational Security

Security education and awareness training for staff, supplier risk management, onboarding and background checks for Offshore Payroll staff.

14. Compliance & Privacy

Offshore Payroll features many GDPR compliance features including a GDPR cleanse module making it easy to comply with data protection regulations. The data retention periods are set and managed by the account owner.

15. Cyber Essentials Plus Certified

Offshore Payroll is Cyber Essentials plus certified, demonstrating adherence to government-endorsed cybersecurity standards, providing you with added assurance of robust security measures and protection against common cyber threats.