Keeping sensitive and personal data secure is our priority
You can’t get much more sensitive and personal data than the data used for payroll. The security and confidentiality of this data, when being handled by a third party, is often one of the biggest worries a company has when looking to outsource payroll.
The need for a water-tight framework of policies and procedures that include all legal, physical and logical controls is essential as part of the information risk management processes.
We are committed to ensuring that all information is safeguarded from loss, unauthorised access or misuse and have chosen to implement an Information Security Management System (ISMS) which uses ISO27001:2013 as a framework for protecting the information it holds.
The framework has been designed to maintain Confidentiality, Integrity and Availability of information assets and provide effective risk management.
Achieving certification to ISO27001 demonstrates that Dataplan is following information security best practices, and delivers an independent, expert assessment of whether our data is adequately protected.
ISAE3402 External Audit
As part of our framework of policies and procedures, Dataplan undertakes an ISAE 3402 Type 2 Service Organisation Control report.
This is undertaken by external, independent auditors and is designed to give the users of Service Organisations, our clients, assurance over the design, implementation and operating effectiveness of the internal controls.
We have an internal GDPR compliance framework to ensure that, as a service provider, we meet all our GDPR compliance obligations. This assurance framework incorporates many of the areas covered in our ISO27001 certification. We also create a Data Processing Agreement for each of our customers where we run through the key aspects of how we work and manage personally identifiable data.
You need to be confident that whatever happens, we are able to meet your payroll deadlines and pay your staff on time.
Our backup system is second to none in the payroll field and in the event of a disaster such as fire, flood, or power failure we can be up and running within three hours.