Security is the combination of availability, accessibility, integrity, confidentiality, authentication, authorization and auditability. This security policy explains how we continually endeavour to achieve this combination.
We aim to maintain permanent availability of our online services by using reliable hardware and communications, an uninterruptable power supply with generator backup, reliable software and extensive monitoring. Multiple firewalls are used to protect the web server from external and internal attacks. Extensive monitoring is in place to immediately alert us whenever a problem is encountered with the connectivity, the power supply, the web server or the web site itself. Every effort will be made to immediately rectify any situation that interrupts service.
Additionally, in the rare case when the database used by the web site becomes corrupted, it will be automatically replaced by the most recent backup. This will restore our online services within 15 minutes of any data corruption occurring. Any changes made by users of the website since the last backup will be retrieved and replayed so that no changes are lost. Off-site backups also occur every 15 minutes so that a secondary web server can take over from the primary web server in case a problem occurs that will take a long time to rectify.
In addition to technical accessibility, our web site also aims to be very quick and easy to use. The first thing that users see after logging in are links to download their recent payslips. All other functions are a single click away. There is a comprehensive user guide that can be downloaded by users to explain everything about the web site.
Our web site also aims to be helpful when users encounter problems. Every piece of information entered into the web site is verified to make sure that it looks valid. If it doesn’t, the user is presented with a clear and precise explanation of what valid data looks like. Many websites just state that the information is invalid without explaining what to do about it. By providing an explanation, users can fix the information immediately after a single mistake rather than after several attempts.
Our web server is under our physical control. There is no direct network connection between the web server and the internal payroll system. This protects our payroll system from the web server in case of a compromise of the web server. Transferring data between the web site system and the payroll system requires manual processes performed by the staff of Advance Payroll Services that can not be replicated by remote attackers.
The information that the web site presents to you is always an accurate reflection of your information in our payroll system. If your information needs to be changed, you or someone authorized by your company will change it. Changes will be propagated to our payroll system at the end of each day. There are mechanisms in place to prevent anyone but you or someone authorized by your company from changing your information. Even so, all changes to sensitive information such as bank account details will be checked personally before they are entered into the payroll system. This ensures the integrity of sensitive data in our internal payroll system.
The web site uses industry standard encryption for the transfer of all information between the user and the web site. This makes it extremely difficult for a third party to obtain any information when users interact with the web site.
Users of the web site are required to use a password that is known only to them. They are reminded of this every time they log in to the web site. Those that keep their password secret can rest assured that only they and others authorized by their company are able to see or change their information.
Access to the web site requires that users first supply their employee number, their name and their password. The web site enforces the use of reasonably strong passwords: 6 to 8 characters long, with at least one letter and at least one digit or punctuation character. Passwords are stored using four independent, secure one-way encryption algorithms (UNIX crypt, MD5, SHA1 and SHA2). Even if all four algorithms are discovered to be flawed, the combination of the four algorithms will remain secure. Users are required to never divulge their password to anyone under any circumstances. If users forget their passwords, their supervisor or administrator can reset their password for them.
The actions that an authenticated user is authorized to perform is controlled by their access level and by their company’s security policy relating to our web site.
There are four levels of access to the web site: Payee, Supervisor, Administrator and System Administrator. Payees may see and change their own information. Supervisors may see but not change the information of others. They may also set and reset the passwords of payees. Administrators may see and change the information of others and set and reset their passwords. Supervisors and administrators have a domain which controls whose information they may access. Every user belongs to a particular payline. A domain is a set of these paylines. System administrators can see and change the information of all users. They can also specify the security policy relating to the web site for all client companies. This lets each company control the types of information that their payees and supervisors can access. Only APS staff are system administrators.
Every action performed by every user is carefully verified to make sure that the user is authorized to perform the action. Every button click, list choice and text field is verified. Malicious users can modify web pages before submitting them to try to find a way to access functionality to which they have no rightful access. The checks that are performed render this method of attack harmless. The malicious user will be evicted from the website and the incident will be reported.
A detailed record of every action made by every user is recorded both in the web site’s own database and in a separate plain text file. The user’s apparent identity and internet address (IP address) are always recorded. Every successful login in recorded. Every unsuccessful login is recorded. Every button click, list choice and text field (except passwords) is recorded. Viewing data is recorded. Modifying data is recorded. This enables detailed reporting and auditing of all user activity. In addition, whenever an error is encountered by a user of the web site, we are immediately notified via email. We also receive regular reports summarising web site activity. We can audit events in great detail when necessary to investigate errors in the web site’s software or user interface design as well as to investigate attempts by malicious users to perform unauthorized actions.
If we decide to change the our security policy, we will post those changes here: http://advancepayroll.com.au/security