PaySpace believes it is the first human capital management and payroll software service provider in Africa to receive the International ISO (International Organisation for Standardisation) 27001 certification for security and data protection.
Described by the ISO organisation as “the International Standard which has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system,” this certification means PaySpace has achieved a level of security certification that is recognised globally.
The ISO/IEC 27001 accreditation is a bespoke specification for information security management systems (ISMS) which are built off a framework of policies and procedures that include all legal, physical and technical controls involved in an organisation’s information risk management process.
“By achieving our ISO 27001 certification, we have set the benchmark locally and across the African continent for a true cloud based Payroll and HR solution,” says Warren van Wyk of PaySpace. “The ISO accreditation means we have delivered on a set amount of comprehensive information security control objectives that are independent, reasoned choices, formulated and signed off by more than 170 countries.
“For companies who have previously been concerned about changing HR and payroll software solutions due to online security concerns or various global data protection acts, the ISO certification assures users that the highest level of security methods and processes – internationally, are protecting their data.”
The review process required PaySpace to undergo an intensive six-month auditing process by an independent auditing firm before having to pass a phase one audit by the SABS (South African Bureau of Standards). PaySpace’s submission required them to successfully measure against all seven of the core areas of operation, namely: Context of the Organisation, Leadership, Planning, Support, Operation, Performance Evaluation and Improvement. Phase Two required a comprehensive end-to-end audit by the SABS against the seven core areas plus the 12 areas of system controls the organisation is required to have in place, which include (among others); Risk Assessment, Security Policy, Asset Management, Incident Management, Compliance and Business Continuity Management.
Only once all these requirements were met plus all necessary evaluating documentation received and approved, could PaySpace be awarded with the ISO 27001 certification.