Security is fundamental to Worklio and built into both the platform and day-to-day operations.
Security
Security is foundational to Worklio. The platform is built on Microsoft Azure, monitored 24×7, and supported by Azure DevOps-based development and deployment practices designed to protect every partner company, client, and worker.
Security
Security is fundamental to Worklio and built into both the platform and day-to-day operations.
Worklio is a Software as a Service (SaaS) platform built on Microsoft's modern web application stack and designed specifically for Microsoft Azure.
Each environment is isolated to protect every partner company, its clients, and its workers.
Worklio uses Microsoft Azure DevOps for source control, build pipelines, and task management, the same family of tooling Microsoft relies on for products such as Windows and Office.
The platform was built specifically for Azure so it can take advantage of native cloud security controls, resilient infrastructure, and recovery options. Source code and customer data are stored separately to support stronger operational safeguards.
The Worklio team brings experience building high-scale software products, including consumer applications used by millions of people.
Quality Management
Worklio maintains ISO 9001 and ISO 27001 certifications and SOC 2 Type 2 controls through recurring audits and independent reviews.
SOC 2 Type 2 certification adds another layer of independent validation for the secure management and protection of customer data.
Security, availability, and confidentiality trust services criteria.
Global standard for information security management systems.
Global standard for protecting personal data in the cloud.
Global standard for quality management systems.
All builds and releases run through automated pipelines on dedicated infrastructure. Source-code changes are logged and traceable to individual developers, builds, and production releases. Code moves through test, staging, and production environments, and hotfixes are reviewed by senior developers through pull requests. The process is protected by the same Azure DevOps platform Microsoft uses for its own source code.
Worklio uses HTTPS with TLS to encrypt data in transit between customers and the platform.
Azure SQL Transparent Data Encryption and column-level encryption protect sensitive information such as Social Security numbers and bank account data.
Data is protected with layered encryption, including AES-256 and RSA 2048-bit keys. Encryption keys are stored separately in Azure Key Vault.
Worklio runs on secured cloud infrastructure with isolated partner environments, a web application firewall, IPS and DDoS protection, IP restrictions, and firewall controls at database endpoints.
Ongoing monitoring
Worklio maintains continuous security monitoring 24×7, both in-house and from multiple independent locations.
Third-party cybersecurity firms perform security testing, scanning, and threat detection.
The platform and server environment are reviewed regularly across all operational layers.
Worklio follows OWASP secure-development practices to help prevent common attacks, including XSS and SQL injection.
Outside firms handle scans, threat detection, and penetration testing to validate the platform on an ongoing basis.
Billion
in payroll and taxes paid
Million
ACH transactions
Million
W-2s / 1099s processed
Million
employees paid
Access
Worklio uses layered access controls throughout the platform to limit who can view client and employee information.
Changes made by administrators, employees, and clients are logged in an audit trail so access and data updates can be reviewed.
The platform supports IP restrictions, two-factor authentication, and strong password policies, and these controls are strongly recommended for client environments.
Worklio personnel, including developers, engineers, and support staff, have limited and controlled access. Build and release deployment is handled through Azure DevOps to reduce the risk of unauthorized code changes in production.
Azure PaaS is used in production to keep server patches and runtime frameworks current. Development uses supported .NET versions, and employees go through background checks and vetting.
Worklio handles data according to high standards and established best practices, with controls aligned to frameworks such as HIPAA, PCI DSS, and ISO 27001.
Data is backed up regularly and stored in multiple secure locations throughout the United States. Nightly backups are retained for seven days.
Point-in-time restore enables recovery of database state to any minute within the previous 35 days. Worklio systems and data span multiple physical locations with N+1 or greater redundancy across components.
Worklio servers are hosted on Microsoft Azure, which carries a 99.95% uptime guarantee.
Worklio's long-term average uptime under its Service Level Agreement conditions, excluding planned off-hours releases, is 99.99%.
