Paytools Security Statement
Controls, processes and precautions to maintain data confidentiality, integrity and availability
The protection, confidentiality and integrity of our customer's data and application infrastructure is very important. Our approach to information security will continually evolve to achieve the correct balance between service, security and efficiency, and keep up to date with advances in technology.
Paytools is ISO 27001 Compliant
At Paytools we take information security seriously. That is why we commit to complying to ISO 27001 for all our business operations.
ISO 27001 sets out the requirements of information security management system. It is part of the ISO 27000 family of international standards relating to information and cyber security and offers a comprehensive set of controls, based on best practice in information security.
Physical & Network Security
Paytool's physical infrastructure is hosted and managed on the users local machine. No data will be passed to the Paytool's team, or should ever leave the users hands. Paytool's is is dedicated to helping our customers be more secure when accessing our solutions. As PayRec is a desktop product, we recommend that our customers take action to ensure that their device and network are securely maintained. As the onus of the customer to prevent unauthorised access, we encourage them to take the following steps to protect themselves:
- Ensure your device is always up-to-date with the latest operating system release
- Make sure you never reuse a password for multiple account, always use a secure password to access your device (minimum 8-10 characters and a mix of numbers, letters and special characters), as well as update your passwords every few months
Paytools uses one inbound connection to an Encrypted google sheet, which allows us to manage customer subscriptions.
- PayRec cannot send any information externally, this is an inbound link only. This link can only be used to receive the CSV data available within the linked sheet
- This link is not critical to the trial period of PayRec, as this configuration is managed locally in the software
- Because the link is only required to communicate subscription updates, PayRec only needs to be connected to the internet when a subscription update is required (i.e. upgrading from 500 to 700 employees)
- All staff who have access to this inbound connection are direct employees of Paytools and are located in our offices in Melbourne, Australia
Privacy & Security
Paytools is committed to protecting all personal information received from a customer. Paytools will take commercially reasonable and appropriate technical and organisational measures to protect Customer’s information against unauthorised access, accidental loss or damage and unauthorised destruction.
The customer must recognise and agree that internet data transmission carries inherent security risks and that as a result Paytools cannot guarantee that any Content Customer stores or transmits through the Service will not be subject to malicious unauthorised access by others or that others will not gain unauthorised access to the Subscription Service.