Payspace, a mid-scale online cloud payroll and human capital management software company recently completed a certification process that, while perhaps little known in SA, has put them into the big leagues.
In 2015, the Payspace team began working towards an internationally accredited ISO 27001 certification which are security management standards. This means the highest level of security methods and processes are being used to protect data including financial information, intellectual property and information entrusted to an organisation by third parties.
In the cloud services market that is becoming more competitive, security has become one of the best ways a business can differentiate itself in the eyes of customers and suppliers. This is where the ISO 27001 certification comes in.
Those with security win
To understand the real value of the ISO 27001 certification you would have to consider the space that Payspace is playing in.
The advent of cloud changed payroll and HR services – shifting it away from traditional licensed software to cloud-based systems that allows data and services to be accessed remotely which has seen businesses enjoy greater mobility and increased functionality.
However, cloud has also meant that organisations that hold a large amount of confidential client data, like Payspace – had to get serious about their security management if they are to keep their client’s data safe, especially relevant for South African businesses as the country ranks amongst the top five countries most at risk for cyber-attacks in Africa, with Egypt, Kenya, Tunisia and Botswana following. And if they are to comply with the stringent requirements of data protection acts in the various African countries, along with similar pieces of legislation in the US and Europe.
Ahead of the curve
Perhaps the biggest benefit of ISO 27001, aside from increased security is that it means Payspace is POPI compliant and that there is consistency in the delivery of a service or product, says Warren van Wyk who together with Bruce van Wyk, Clyde van Wyk and George Karageorgiades launched Payspace in 2000.
The business, which has a footprint in 37 African countries and services over 41 000 clients globally, has always been a little ahead of the curve boasting numerous industry firsts, namely: online user community and support, cloud analytics and African legislative module among others.
SME South Africa speaks to Warren about the impact of the certification on their business and why security is becoming a huge advantage in the marketplace.
How the certification makes us globally competitive
Acquiring this certification has been well received by our clients, setting us in a league of our own. Clients appreciate that we can confidently state that their company information is secure on our platform.
By achieving the ISO 27001 certification, we have set the benchmark locally and across the African continent for a true cloud based Payroll and HR solution.
For companies who are concerned about having their sensitive data managed by a third party due to online security concerns or various global data protection acts, the ISO 27001 certification assures users that the highest level of security methods and processes – internationally, are protecting their data.
A ISO 27001 certification is accessible to all businesses
Any business regardless of size or sector can become ISO 27001 certified in South Africa through the SABS. An accreditation such as this offers numerous advantages; building brand recognition and customer confidence, meeting compliance requirements, reducing running costs, and offers access to new opportunities and markets.
I would most certainly recommend this certification if you are a service provider. While cybercrime is on the rise, providing customers with assurances that their data is secure, creates a huge advantage in the marketplace.
It was critical to get buy in from all parties involved
Becoming ISO 27110 certified was an objective our entire directorial team had envisioned for the company. Our team understands the value this accreditation offers the business and our clients, and has gladly adapted to the standards that needed to be met.
We had to undergo a certification audit
We were required to undergo an intensive six month auditing process by an independent auditing firm before having to pass a phase one audit by the SABS (South African Bureau of Standards).
Seven of the core areas of the operation are measured namely: context of the organisation, leadership, planning, support, operation, performance evaluation and improvement, in which PaySpace was required to attest to successfully.
Phase Two, which was audited solely by the SABS, required a comprehensive end-to-end investigation between the seven core areas, plus 12 areas of system controls the organisation is required to have in place, which include (among others); risk assessment, security policy, asset management, incident management, compliance and business continuity management. Once PaySpace met and exceeded all these requirements and provided the necessary evaluation documentation, we were awarded the ISO 27001 certification.
The ISO 27001 certification is a dynamic process that is subjected to annual surveillance audits and full recertification every three years – ensuring the information security management system (ISMS) continues to deliver its due diligence.