The Coronavirus and the possibility of quarantines are the most recent headline issues nowadays. It puts huge pressure on a company’s life and causes extreme challenges to keep the operation up and running while the COVID-d19 spreads around the world.
Payroll providers, whose services are critical, are facing the same challenges. Especially as clients’ employees must get their monthly salaries, no matter if there is a pandemic situation.
Not just the Coronavirus, but due to the nature of globalization, any major negative event spreads rapidly across the globe. Your consideration towards your payroll outsourcing provider should also take into account their preparedness and security commitments to mitigate and counterbalance the effects of any such events.
We identified 3 major areas:
1. Physical office space security and management to keep the privacy of physical data and restrictions to their access.
2. IT security commitments that ensure basic data security and general services quality.
3. Business Continuity Plan that includes the processes and rules of the operation in case of a disaster (e.g.: fire, flood, cyber-attack or a pandemic that puts severe barriers to the office’s work).
This post doesn’t intend to describe all details but would like to highlight the most important aspects as a thought-provoking exercise.
Physical Office Security
Payroll and the relevant personal data are some of the most confidential information for companies, there may be a lot of paper-based documents in most European countries, especially in the CEE.
Payroll outsourcing providers have a huge responsibility in handling this information.
What can we expect with regard to the physical office security from our payroll provider?
A couple of examples:
- Electronic access control to the office;
- Restriction of physical access to the client’s paper-based confidential information;
- Access control to the physical servers;
- UPS system to provide a continuous source of power and planned switching off the servers
- Asset management tools available to ensure hardware safety and also that the latest versions of the software are deployed;
- Regular training of security issues and preparedness for employees.
Just to reiterate that it is not a fully comprehensive list during the Coronavirus infection. Homeworking is considered by many companies, including payroll providers. This would require that quick solutions are in place for making sure protected assets can be used outside the office, data access is even more protected while the speed of data input-output is maintained, and all the necessary communication tools and platforms are available to mitigate the remoteness effect.
It needs a quick response management team with clear responsibilities and a streamlined decision-making process to ensure unexpected events are addressed appropriately.
Cyber security management is a crucial challenge in our modern world, and with more and more tools turning digital, it needs a sophisticated approach and technology from the payroll provider, as well.
- Policies and training to ensure the responsibility required from employees;
- Backup and redundancy management;
- Secure and encrypted channels for communication and data storage (GDPR proof data management);
- User role management, password policies;
- Implementation of authentication mechanisms;
- Vendor risk management, certified partners;
- Using anti-malware software;
Business Continuity Plan (BCP)
The above measures provide a general secured service provision.
But what if the disaster happens despite all these measures?
A professional payroll outsourcing service provider must have a proper business continuity plan which takes into account and analyzes potential impacts that can affect the business. It also has to embrace recovery procedures that need to be in place in case of a disaster.
What chapters must be included in a proper business continuity plan?
- Key business areas, critical functions, key employees, partners, subcontractors who are involved in the procedures, and their inputs;
- Communication plan including key contacts, the chain of communication, providing up to date information about employees’ and their organizational status;
- Scenarios for travelling or forced home office in case of emergency – ensure the required IT infrastructure to support remote access for employees and clients, as well;
- Alternative workplace for key employees;
- Procedures of knowledge transfer to key employees;
Besides the above:
- Keep the critical information isolated, protect hard copies, and create a backup strategy
- Share the best practices;
- Communicate and educate the employees and shareholders about the BCP and the relevant policies;
- Test and improve the instructions frequently from a practical standpoint.
To prepare and maintain a BCP is a serious task which needs dedicated management and employees onboard as testing and improving are ever-evolving task, especially that newer and newer threats keep appearing on the horizon.
Want to know more? Beyond the security issues, please read our article about how to choose the best payroll service provider.