Kronos Private Cloud (KPC) Security
Infrastructure Services Security
Kronos offers a hosting environment built upon a secure infrastructure, which undergoes examinations from an independent auditor in accordance with the AICPA's SSAE16 (i.e., SOC 1) and the American Institute of Certified Public Accountants' TSP Section 100a, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (i.e., SOC 2 and SOC 3). For added security, Kronos staff utilize two-factor authentication when accessing the infrastructure. This authentication technology helps mitigate a number of security risks associated with logging into the infrastructure system.
The Kronos Private Cloud (KPC) is located in a third-party data center which also undergoes an independent examination in accordance with the AICPA's SSAE16 standard. Colocation services consist of physical and environmental protection services. The facility perimeter is equipped with surveillance cameras and a 24-hour guard station to monitor access. Network traffic to VLANs in the KPC is regulated via redundant, next generation firewalls that limit access to authorized management and customer traffic.
Kronos Management Access
Management access to the KPC is limited to authorized Kronos support staff and customer authorized integrations. The security architecture has been designed to control appropriate logical access to the KPC to meet the Trust Services Criteria and Principles established by the AICPA. A centralized secure file transfer solution facilitates data transfers between the customer and KPC. This solution provides for an encrypted transmission and logging of all files transferred into or out of a customer environment.
Customer Access and Application Configuration
Customers access the KPC via encrypted SSL sessions. The Applications provide the customer with the ability to configure application security and logical access per the customer's business processes.
For further information, please refer to the Kronos SOC 3 report.
Workforce Ready Reliability
Reliability, Backup/Disaster Recovery
Workforce Ready® is hosted in both our primary data center and separate disaster recovery facility, ensuring both the physical security of the data and a consistent uptime for applications. Our data centers undergo several certifications and complete a number of rigorous audits to ensure compliance and safeguarding of data.
The Kronos security program for Workforce Ready achieves the American Institute of Certified Public Accountants TSP Section 100a, Trust Service Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality and Privacy (i.e. SOC 2 and SOC 3 reports).
Kronos hosts and manages Workforce Ready in a private cloud deployed in an AICPA AT101 SOC2-compliant data center with multi-level physical and logical security features, including:
- Intrusion Prevention System (IPS)/Intrusion Detection System (IDS)
- Secure Transmission Sessions
- Virtual Code Authentication
- Best-Practice Coding
- Penetration Testing
- Vulnerability Scanning
- Antivirus Software
- Patch Management
- Risk Assessment
- Security Incident Management
Workforce Ready leverages multiple levels of backup and failover protection, including a standby backup database and 24-hour behind backup at the primary data center as well as an off-site disaster recovery backup database. A full database backup is done weekly, with incremental backups running daily.
At Kronos, we understand that SaaS offerings must be backed by a world-class technology that customers can count on day in and day out. That's why the Workforce Ready cloud infrastructure environment features a true multi-tenant architecture that provides system uptime and built-in redundancy. As a result, your organization can rely on secure, continuous access to the Workforce Ready application as well as the associated integrations to obtain the high-quality information needed for effective workforce management that drives competitive advantage and bottom-line results.
Customers access the WFR cloud environment via encrypted TLS sessions using unique user IDs. The application provides the customer with the ability to configure application security and logical access per the customer's business processes including options for multi-factor authentication. For further information, please refer to the Kronos SOC 3 report.