Security and privacy
Security and privacy is important to us, as it is important to you. This page should give you everything you need to know about IRIS Every Payroll.
-
IRIS Every Payroll is hosted on the Microsoft Windows Azure platform.
-
Data is hosted in the UK, with the main data-centre located in the south of the UK.
-
We have a backup / fall back data-centre located in the west of the UK.
-
Physical protection is managed by Microsoft and our staff have no physical access.
-
All user passwords are 'Hashed and Salted'. Hashing means that we store encrypted passwords and therefore it is not possible for anyone to view an actual password on the database.
-
Passwords use 'salted bcrypt' with a high, adaptive round-count. Besides incorporating a salt to protect against 'rainbow table attacks', bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to 'brute-force search attacks' even with increasing computation power.
-
The only way a password can be reset is via a uniquely generated password reset email that is sent to the user.
-
Only the actual user of an account sets their password; not even the system administrator can set, view or change an individual user’s password.
-
As an additional measure, users can enable multi factor authentication. This is an extra, secure way to prove who you are.
-
Files are encrypted in transit using Secure Socket Layer (SSL) and The Advanced Encryption Standard (AES).
-
PDF's and payslips are stored separately from the main application data. This is to optimise the demand on the servers. This reduces the opportunity for any attack as a large number of requests don’t need to use the application data.
-
We run separate instances of Azure for development and the live product, with strict procedures and policies in place restricting access to the live instance.
-
This protects both customers and staff from accidental or unauthorized access.
Privacy Notice
The privacy notice aims to give you information on how IRIS Every Payrollcollects and processes your personal data through your use of this website, including any data you may provide to us by using our software to receive services as an employer employee, or a service provider to employers.
Neither our website or software are intended for children, as such we do not knowingly collect data relating to children.
It is important that you read the privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. The privacy notice supplements other notices and is not intended to override them.