Security
Your security is our pledge.
PSIber Payroll
Cloud-Based Technology
Reporting
HR
The Journey
PSIber Solutions (Pty) Ltd started the journey of attaining its full ISO 27001 certification in 2017 and is well on track to have this certification completed by mid-2018.
The Process
The first step in the process was to enhance existing, and where necessary, implement new methods, and then to conduct an initial ISAE3402 readiness assessment audit. This project was successful, and the outcome of this project was then used as the foundation for the implementation of appropriate methodologies, policies, and procedures for full ISO 27001 accreditation.
What is ISO 27001?
The ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS), such as the PSIber technology system and platform. An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes. This would include, but not be limited to, the further securitization of data, the solidity of the methods and methodologies used for the development of robust and secure software, and in the South African context, the implementation, and management of the critical components of the Protection of Personal Information Act (POPI).
Our next move...
Once the ISO certification process has been completed (estimated for Q2 2018) the company will embark on attaining an even higher level of certification being a SOC2 certification, which is planned for completion by mid-2019.
Main Accomplishments
- IIS Hardening
- SQL Hardening
- TomEE Hardening
- Web Application Firewall
- CMS Vulnerability Scan/Assessment
- Implementation of the UAM system (User Account Management)
- Solution and Infrastructure Document (SDLC)Backups to local
- Run/Maintain (Risk mitigation mechanism for DR purposes)
- Technology Implementation and Management Document Adherence to POPI policies and procedures
- 7 Monthly Audits – 6 Passes / 1 Fail
- SuperUser Upgrades – policies, procedures, and monitoring
- Self-Assessment
- Self-Declaration
- External Audit – Various listed international clients
- External Audit – Our infrastructure and hosting supplier
Benefits of PSIber Technology
PSIber’s Technology will be the only PAYROLL/HCM system on the African Continent that will be both ISO and SOC2 Compliant.
This gives us the ability to maintain relationships with larger (listed) clients who require these certifications to do business.
The opportunity for us to sell our tech to small to large businesses will increase and simplify the application process.
While the initial cost of the upgrades (2018 / 2019) will be high, the long-term rewards (ROI) will be visible.
The PSIber Hosted (Cloud-Based) Service, which is available to all clients and partners, is hosted at Vox Telecoms (Vox) and provides users with a secure environment, taking advantage of some of the most modern methods and technologies available in the world today. Our disaster recovery solution is being deployed from Internet Solutions (IS) and is a vital portion of our infrastructure.
The services available through the hosted solution include facilities for:
clients which require access to PSIber’s general environment via the public internet – i.e. at www.psiberworks.com. In this instance clients log in to a single database with access to their specific data through the use of unique company codes, user numbers and passwords.
clients which require a specific instance of the PSIberWORKS application where only their data is stored – i.e. at www.psiberworks.com/clientname. This facility also includes client-specific branding of the application. The service can be accessed via the public internet or through the clients VPN using the PSIber TLS certificate to ensure the security of data transfer regardless of client-specific branding.
Clients which require their own hardware & database but which is housed in the PSIber environment for confidentiality and security reasons – i.e. www.psiberworks.com/clientname. This option also includes client-specific branding and can be accessed via the public internet or via the client VPN.
Due to the confidentiality/sensitivity of the data held in the payroll / HR files appropriate security measures, e.g. firewalls and database security, line monitoring etc., have all been instituted to ensure that only authorised access is allowed. Data encryption methodologies have also been deployed within the application to further enhance the security of the application and associated data files.