PaySpace has become the first human capital management and payroll software service provider in Africa to receive the International ISO (International Organisation for Standardisation) 27001 certification for security and data protection.
Described by the ISO organisation itself as, “The International Standard which has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system,” this certification means PaySpace has achieved a level of security certification that is recognised globally and is the only African based true Cloud solution to do so.
The ISO/IEC 27001 accreditation is a bespoke specification for information security management systems (ISMS) which are built off a framework of policies and procedures that include all legal, physical and technical controls involved in an organisation’s information risk management process.
With security being one of the biggest concerns globally as well as the need to comply with the stringent requirements of data protection acts in the various African countries along with similar pieces of legislation in the US and Europe, third party assurance by an Internationally accredited facility like ISO means that security measures PaySpace has undertaken meet the required standards regarding the handling and protection of employee personal information – not only within the PaySpace application but across the entire organisation. The ISO 27001 certification is a dynamic process that is subjected to annual surveillance audits and full recertification every three years – proof that the ISMS continues to deliver its due diligence and offers independent proof of its adequacy and ongoing process improvements.
“By achieving our ISO 27001 certification, we have set the benchmark locally and across the African continent for a true cloud based Payroll and HR solution,” says Warren van Wyk of PaySpace. “The ISO accreditation means we have delivered on a set amount of comprehensive information security control objectives that are independent, reasoned choices, formulated and signed off by more than 170 countries.” Van Wyk continues, “For companies who have previously been concerned about changing HR and payroll software solutions due to online security concerns or various global data protection acts, the ISO certification assures users that the highest level of security methods and processes – internationally, are protecting their data.”
The review process required PaySpace to undergo an intensive six month auditing process by an independent auditing firm before having to pass a phase one audit by the SABS (South African Bureau of Standards). PaySpace’s submission required them to successfully measure against all seven of the core areas of operation namely; Context of the Organisation, Leadership, Planning, Support, Operation, Performance Evaluation and Improvement. Phase Two required a comprehensive end-to-end audit by the SABS against the seven core areas plus the 12 areas of system controls the organisation is required to have in place, which include (among others); Risk Assessment, Security Policy, Asset Management, Incident Management, Compliance and Business Continuity Management. Only once all these requirements were met plus all necessary evaluating documentation received and approved, could PaySpace be awarded with the ISO 27001 certification.