How Aurion Secures Your Company Payroll

This blog is the second in our Security Series about how we keep your payroll and HR data secure and accessible.

Data security makes the digital world a reality. Despite breaches and hacks, we give our vital information to a third-party because we trust their system. This is especially true for payroll.

As one of Australia’s longest-running payroll and HR solution specialists, data security underpins our entire operation. We’ve set up our systems to encourage our customers and their end-users to observe data security best practice, and Aurion undergoes regular audits to certify the quality and security of our solutions.

Secure data handling
Onboarding new staff, when financial and personal identifying information is being exchanged, is a cyber security danger zone. Here are just some of the features and functions that secure your team’s personal data in Aurion.

To validate new staff, payroll administrators can access search tools to find and compare unique employee identifiers like TFNs, company IDs or an employment date range. This can be used to prevent the same person (maybe a previous hire returning to employment) gaining more than one profile.

Your team can also allocate security control to our Query Tool’s folders, restricting access to queries to certain employees. This can be very useful in Shared Services type environments.

Access and authentication
Our customers can choose to configure their own Aurion system with our stringent rules for internal passwords:

  • 10 characters minimum
  • 90-day expiry
  • Mix of upper and lower case, numerals and special characters.

Customers can use the 2.0 Lightweight Directory Access Protocol (LDAP) driver to connect to Aurion for a secure LDAP connection. We also keep your data confidential by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology. The latest version of Apache Tomcat (a “pure Java” HTTP web server environment) is available when installing or updating Aurion software using our automated installer, BELT.

Security features recently added to Aurion includes a security improvement to ensure URLs open web pages using default browsers without the need for a script in between. This enhances Aurion’s security architecture and helps to prevent any malicious interventions. Customers can install an anti-virus web app file that checks uploads and stops nasties.

Case study: Savills’ security focus
When Ingrid McDonald became Savills Australia and New Zealand National Payroll Manager more than two years ago, a renewed focus on security at Savills saw an audit of segregation of duties in payroll to ensure that no one person at Savills could create, process and finalise a pay by themselves.

Describing Savills secure payroll process, Ingrid says, “The HR department completes the initial stage of entering the biometrics data. We then step in and one member of the payroll team will add salary components, whilst another member will review this entry. As a final check it comes to me for approval. We all perform different tasks to keep that segregation tight.”

“Aurion was very accommodating in that we were able to put in differing levels of security,” she says. “You can really personalise Aurion to very specific requests from the business.”

Testing Aurion security
Aurion has been partnering with PwC for over five years to test the operating effectiveness of the Aurion Cloud Platform and Outsourced Payroll Services.

We maintain range of certifications for our payroll & HR solutions, so our customers have independent endorsement of its security. Aurion’s ISO27001 certification for an information security management system is mostly applicable to the Aurion cloud Platform, while our ASAE3402 accreditation for controls at a service organisation relates more to our outsourced payroll services.

CFOs and Quality Assurance Managers should appreciate the ASAE3402 Type 2 Standard. This accreditation shows that to ensure our customers’ data is secured, monitored and complete, and Aurion is using services that meet strict controls and standards.

Data security & privacy best practice
If you want to implement data security & privacy best practice in your life, your first port of call should be the Australian Cyber Security Centre (ACSC), which provides advice and information about how to protect you, your family and your business online. Organisations like yours should be able to:

  • Provide an easy and secure way for your employees to contact you with personal or payroll information. A secure self-service portal or mobile app works best (hint: don’t use email!)
  • Verify all personal and payroll information with your staff on a routine basis.
  • Make sure you comply with the Australian Privacy Principles, which outline when and how you should store employee information.

Find out more about our secure services: read the first blog in the Security Series – How Aurion Gives Staff A Secure Payroll Experience and an overview of new security features released in June 2020 – An Even More Secure Experience with Aurion.