Skip to Main Content

Paycom Security Standards

Paycom’s single-database software employs comprehensive, in-depth and industry-proven standards and technologies to help protect and defend customer data and its privacy in our environment. As one of the few payroll processors with multiple ISO and SOC certifications, Paycom’s information security, privacy management, business continuity, and quality management systems and processes are formally audited and certified for compliance annually.

Data Protection Officer

7501 W Memorial Road,
Oklahoma City, OK 73142

legalnotices@paycomonline.com

800.580.4505

Security is vital

Both on- and off-site, our comprehensive security standards and technologies are formally audited and ISO- and SOC-certified. As a Tier IV data center, we take precautions to protect and secure data for you and your employees.

Security is vital

Both on- and off-site, our comprehensive security standards and technologies are formally audited and ISO- and SOC-certified. As a Tier IV data center, we take every precaution to protect and secure data for you and your employees.

Security overview

We understand security, availability and processing integrity of your business data is extremely important. We proactively monitor our IT environment and continuously evaluate our security practices, taking reasonable steps to maintain this trust and our security position.

Risk Mitigation

  • Risk management framework
  • Data integrity and confidentiality
  • Third-party management

Product Security

  • Role-based access controls
  • Audit logging and monitoring
  • Data security integrations
  • Multifactor authentication and SSO support
  • One-time passwords for high value changes

Reports

  • Penetration testing
  • SOC 1 report
  • SOC 2 report
  • SOC 3 report

Data Security

  • Access monitoring
  • Backups enabled
  • Encryption
  • Physical security
  • Tier IV data center

Application Security

  • Penetration testing
  • Credential management
  • Software development life cycle
  • Secure development training
  • Vulnerability and patch management
  • Web application firewall and bot detection

Access Control

  • Data access
  • Logging
  • Password security
  • Mobile device trust settings

Infrastructure

  • Anti-DDoS
  • Business resiliency and redundancy
  • Infrastructure security
  • Network time protocol
  • Separate production environment

Endpoint Security

  • Disk encryption
  • Endpoint detection and response
  • Threat detection

Network Security

  • Firewalls
  • Intrusion detection and prevention
  • Security information and event management
  • Traffic filtering and monitoring
  • Penetration testing

Corporate Security

  • Employee training
  • Incident response
  • Internal assessments
  • Penetration testing

Policies

  • Acceptable use policy
  • IT policies

24/7 Operations

24/7 operations

  • Joint security operations center
  • Security operations center
  • Network operations center

Your employees’ data and our mobile app

Paycom holds all confidential information in strict confidence. We take the same degree of care and caution to prevent its unauthorized disclosure as we do with our own, including measures required by applicable privacy laws.

To ensure security of your employees’ nonpublic personal information, data is encrypted while in transport and while in storage. Additionally, data entered through our application is not used for any purpose other than to provide our services. We do not share nonpublic personal data with any third parties unless it is necessary to provide services on behalf of our clients. Examples of these third parties include the IRS, state unemployment agencies, state income agencies, workers’ compensation auditors, 401(k) administrators and entities that participate in the NACHA program for funds transfer purposes.

FREQUENTLY ASKED QUESTIONS

Discover the ins and outs of Paycom’s security standards

  • Paycom provides the ability to limit access via IP address and device-allow lists to help ensure changes are only completed from trusted devices.
  • By requiring security questions be answered for first-time users and existing users logging in from a new computer, Paycom enhances the safety and integrity of login credentials and sensitive user profiles.
  • Paycom has committed to 256-bit encryption technology within our application to protect all information.

Paycom offers a two-step verification solution via text messaging. A token is sent out of band to the phone that the employee has registered in the system as part of the authentication process. We also offer SAML 2.0 (SSO) so clients can utilize a service like DUO. ​​

The Paycom application maintains an unchangeable audit trail that is not purged, and includes user ID, time and date, and IP stamps.

Validation Reports and Change Reports are provided.