Frequently asked questions


Which cloud platform is Paycircle hosted on
Are the servers in the UK?
What advantages does putting our operation in the cloud give us?


What security measures do you have in place for people logging into Paycircle?
Can a bureau restrict team members from logging in from outside of a bureau’s offices?
How is access managed for people joining or leaving a bureau?
How do you protect permissions and privilege access rights?
How will data be transferred between your network and our bureau’s network?
How is data secured in transit and at rest?
How will our bureau’s data be separated from other bureau’s data?
How is the separation of traffic for multi-clients handled?
Which security company do you use to vet the overall security of the applications, networks and physical location that store, process or transmit our data?
What mitigation is in place for a DoS/DDoS, Ransomware and Phishing attacks?
Is your system able to connect to a cloud based ID management system so that access can be managed via our bureau’s Active Directory?
How is the service monitored, what security logs are kept and for how long and can they be requested?
Does Paycircle hold any information security specific certifications?

Backups and Disaster Recovery

How often is our data backed up?
How long is the retention period and can this period be extended or reduced?
What about specific payroll and pension compliance data?
Can ad-hoc back-ups be requested?
What is the recovery period of restoring a back-up from request to available data?
Are backup files periodically restored as a test to verify they are usable?

Data Protection, Regulation and Privacy

Has your technology or company had any known data breaches?
Please confirm your ability to report any data breaches in respect of employee or client data after becoming aware of such a breach.
Who would have access to our bureau’s data within your company or any external party?
What is your legal basis for holding and processing personal data?
Do you require your own team to complete mandatory data protection training, at least annually, as part of acknowledging and enforcing ongoing data protection obligations?
Does Paycircle provide ongoing data protection awareness to their own team members? (i.e. through newsletters, emails, seminars and briefings etc.)
Does Paycircle follow any data protection specific codes of conduct?
Please confirm your policy on deleting personal data.
Does Paycircle share data with any third party?
Does Paycircle have a current disaster recovery plan for recovering our bureau’s data?
Does Paycircle periodically test its disaster recovery plan?