21 September 2022

BM Connect and Paycircle – Security Q&A

BM Connect is proud to partner with cloud-based payroll provider, Paycircle, which is fully automated and offers our clients a first-class service with transformational productivity tools to streamline payroll processes, harness the power of automation, remove unnecessary admin, empower teams, reduce errors and enable collaborative workflows and bulk processing.

But how secure is Paycircle and what measures are in place to protect my business? 

What information security-specific certifications does Paycircle hold?

Paycircle achieved ISO 27001 certification in May 2022. Additionally, in 2021. They also completed Cyber Essentials certification – a Government-backed scheme which evidences their commitment to safeguarding sensitive and personal information.

What restrictions are applied to passwords for users accessing the Paycircle application?

The following restrictions apply:

  • minimum length 12 characters
  • at least one number
  • at least one upper case letter
  • at least one lower case letter
  • at least one special character

Optionally, a password expiration policy can be invoked to force a change every 90 days, with restrictions on the re-use of previous passwords.

However, passwords are only a small factor in our authentication regime. Paycircle also offers:

  • IP whitelisting (restrict access locations)
  • 2FA solution (using SMS or app)
  • SSO integration (use your organisation’s own authentication)

Does Paycircle support Single Sign-On (SSO)?

Yes. Whilst Paycircle’s own highly-optimised authentication/authorisation framework is entirely sufficient, they recognise that increasingly many organisations wish to use SSO in order to simplify their operation across multiple cloud-based services. To that end, Paycircle offers solutions implementing the OIDC protocol (currently AAD and OKTA).

What security measures do you have in place for people logging into Paycircle?

Two-factor authentication (2FA) is a security process in which users provide two different authentication factors to verify themselves. This process protects both the individual user and your data stored in the Paycircle system.

Can one restrict team members from logging in from outside our offices?

IP whitelisting functionality is available in the application for limiting and controlling access to users in trusted locations only. We control the IP addresses that define your extended network from where users are allowed to log in.

How is the service monitored, what security logs are kept and for how long and can they be requested?

Paycircle utilises a security and event management (SIEM) application. Each and every API call is logged and available for audit. Security logs are kept indefinitely and can be requested anytime.

What mitigation is in place for DOS/DDOS, Ransomware and Phishing attacks?

Paycircle’s cloud platform has sophisticated traffic monitoring and automatic resource scalability to cope with regular or irregular load increases. They can also reassign their IP address range in response to a targeted attack. Ransomware is not applicable due to the nature of the architecture.

Paycircle has simulated phishing attacks on their own team by third party security specialists to identify any weaknesses and as an internal education process.

Do you undertake penetration testing by a qualified third party?

Yes. It is Paycircle’s policy to independently and regularly verify that their own systems are secure. They engage appropriately qualified agencies to perform penetration testing on a semi-annual basis and when releasing significant platform updates. Where remedial action is recommended it is completed immediately.

Find out more about how BM Connect in partnership with Paycircle can help your business improve payroll efficiency and future-proof your payroll function securely and scalably. Enquire today.

Media Contact

For more information please contact

More News

Understanding the Impact of the Autumn Budget 2024 on SMBs: A Detailed Guide
Understanding the Impact of the Autumn Budget 2024 on SMBs: A Detailed Guide The Autumn Budget 2024 has intro... Read More
Autumn Budget 2024: Impact on HR and Strategic Adjustments for Economic Stability
The Autumn Budget 2024, presented by Chancellor Rachel Reeves, marks a significant shift with its focus on econo... Read More
Autumn Budget 2024: Impact on the Hospitality, Retail, and Leisure Sector
The hospitality, retail, and leisure sector faces several significant changes due to the Autumn Budget 2024, par... Read More
Simplify Your PAYE Payments with Direct Debits
Managing payroll is a crucial yet complex task for employers, especially when it comes to ensuring that PAYE (Pa... Read More

Sign up for our newsletter and stay up
to date with the latest news & updates