Paycom Security Standards

Paycom’s single-database software employs comprehensive, in-depth and industry-proven standards and technologies to help protect and defend customer data and its privacy in our environment. As one of the few payroll processors with multiple ISO and SOC certifications, Paycom’s information security, privacy management, business continuity, and quality management systems and processes are formally audited and certified for compliance annually.

Data Protection Officer

7501 W Memorial Road,
Oklahoma City, OK 73142

legalnotices@paycomonline.com

800.580.4505

Security is vital

Both on- and off-site, our comprehensive security standards and technologies are formally audited and ISO- and SOC-certified. As a Tier IV data center, we take precautions to protect and secure data for you and your employees.

Learn more

Security is vital

Both on- and off-site, our comprehensive security standards and technologies are formally audited and ISO- and SOC-certified. As a Tier IV data center, we take every precaution to protect and secure data for you and your employees.

Learn more

Security overview

We understand security, availability and processing integrity of your business data is extremely important. We proactively monitor our IT environment and continuously evaluate our security practices, taking reasonable steps to maintain this trust and our security position.

Risk Mitigation

Risk management framework
Data integrity and confidentiality
Third-party management

Product Security

Role-based access controls
Audit logging and monitoring
Data security integrations
Multifactor authentication and SSO support
One-time passwords for high value changes

Reports

Penetration testing
SOC 1 report
SOC 2 report
SOC 3 report

Data Security

Access monitoring
Backups enabled
Encryption
Physical security
Tier IV data center

Application Security

Penetration testing
Credential management
Software development life cycle
Secure development training
Vulnerability and patch management
Web application firewall and bot detection

Access Control

Data access
Logging
Password security
Mobile device trust settings

Infrastructure

Anti-DDoS
Business resiliency and redundancy
Infrastructure security
Network time protocol
Separate production environment

Endpoint Security

Disk encryption
Endpoint detection and response
Threat detection

Network Security

Firewalls
Intrusion detection and prevention
Security information and event management
Traffic filtering and monitoring
Penetration testing

Corporate Security

Employee training
Incident response
Internal assessments
Penetration testing

Policies

Acceptable use policy
IT policies

24/7 Operations

24/7 operations

Joint security operations center
Security operations center
Network operations center

Your employees’ data and our mobile app

Paycom holds all confidential information in strict confidence. We take the same degree of care and caution to prevent its unauthorized disclosure as we do with our own, including measures required by applicable privacy laws.

To ensure security of your employees’ nonpublic personal information, data is encrypted while in transport and while in storage. Additionally, data entered through our application is not used for any purpose other than to provide our services. We do not share nonpublic personal data with any third parties unless it is necessary to provide services on behalf of our clients. Examples of these third parties include the IRS, state unemployment agencies, state income agencies, workers’ compensation auditors, 401(k) administrators and entities that participate in the NACHA program for funds transfer purposes.

Explore these resources for greater insight

How a Home and Business Security Company Upgraded Its Talent Acquisition

Case Study

Why HR and Payroll Security Matters

Blog

FREQUENTLY ASKED QUESTIONS

Discover the ins and outs of Paycom’s security standards

How does Paycom secure employee and payroll data?

Paycom provides the ability to limit access via IP address and device-allow lists to help ensure changes are only completed from trusted devices.
By requiring security questions be answered for first-time users and existing users logging in from a new computer, Paycom enhances the safety and integrity of login credentials and sensitive user profiles.
Paycom has committed to 256-bit encryption technology within our application to protect all information.

Does Paycom require multifactor authentication?

Paycom offers a two-step verification solution via text messaging. A token is sent out of band to the phone that the employee has registered in the system as part of the authentication process. We also offer SAML 2.0 (SSO) so clients can utilize a service like DUO.

Is there a user activity report to show changes and login attempts by user?

The Paycom application maintains an unchangeable audit trail that is not purged, and includes user ID, time and date, and IP stamps.

Is there a validation report to flag any issues with payroll data range, presence, format, etc.?

Validation Reports and Change Reports are provided.