Hosting Services Security

At Kronos, data security is a top priority. Our Chief Information Security Officer is the designated management representative responsible for implementing policies and procedures to protect and safeguard our customers’ workforce data. Security programs described below are  for customers hosted in the Kronos Private Cloud (KPC), Workforce Dimensions and Workforce Ready environments.

KPC Security

Kronos offers a hosting environment built upon a secure infrastructure, which undergoes examinations from an independent auditor in accordance with the AICPA's SSAE18 (i.e. SOC 1) and the American Institute of Certified Public Accountants' TSP Section 100a, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality and Privacy (i.e. SOC 2 and SOC 3).

KPC is located in third-party data centres which also undergo an independent examination in accordance with the AICPA's SSAE18 SOC 1 and SOC 2 standard as well as ISO 27001.  Colocation services consist of physical and environmental protection services. The facility perimeter is equipped with surveillance cameras and a 24-hour guard station to monitor access. Network traffic to VLANs in the KPC is regulated via redundant, next generation firewalls that limit access to authorised management and customer traffic.

Management access to the KPC is limited to authorised Kronos support staff and customer authorised integrations. The security architecture has been designed to control appropriate logical access to the KPC using two-factor authentication when accessing the infrastructure. This authentication technology helps mitigate a number of security risks associated with logging into the infrastructure. A centralised secure file transfer solution facilitates data transfers between the customer and KPC. This solution provides for an encrypted transmission and logging of all files transferred into or out of a customer environment.

Customers access the KPC via encrypted TLS sessions. The Kronos applications provide the customer with the ability to configure application security and logical access per the customer's business processes. The KPC leverages backup and failover protection, including regular database backups to an offsite location. A full database backup is done weekly, with incremental backups running daily. Backups are sampled to validate restore capabilities.

The Kronos Private Cloud is designed to host a variety of applications, including Workforce Central, Workforce TeleStaff, TeleTime IP, Enterprise Archive, Extensions for Healthcare (EHC) and the FMSI suite of products.

For further information, please refer to the Kronos Private Cloud SOC 3 report and FMSI SOC 3 report.

Workforce Ready Security

At Kronos, we understand that SaaS offerings must be backed by a world-class technology that customers can count on day in and day out. That's why the Workforce Ready cloud infrastructure environment features an architecture that provides system uptime and built-in redundancy. As a result, your organisation can rely on secure, continuous access to the Workforce Ready application as well as the associated integrations to obtain the high-quality information needed for effective workforce management that drives competitive advantage and bottom-line results.

The Kronos security program for Workforce Ready undergoes examinations from an independent auditor in accordance with the AICPA's SSAE18 (i.e. SOC 1) and the American Institute of Certified Public Accountants' TSP Section 100a, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality and Privacy (i.e. SOC 2 and SOC 3).

Kronos hosts and manages Workforce Ready in a private cloud deployed in Dulles, Virginia; Phoenix, Arizona; Amsterdam, the Netherlands; and London, United Kingdom. The datacentres achieve the following compliance certifications:

  • SOC 1
  • SOC 2
  • ISO27001

Workforce Ready leverages multiple levels of backup and failover protection, including a standby backup database and 24-hour behind backup at the primary data centre as well as an off-site disaster recovery backup database. A full database backup is done weekly, with incremental backups running daily.

Customers access the WFR cloud environment via encrypted TLS sessions using unique user IDs. The application provides the customer with the ability to configure application security and logical access per the customer's business processes, including options for multi-factor authentication.

For further information, please refer to the Workforce Ready SOC 3 report.

Workforce Dimensions Security

The Kronos security program for Workforce Dimensions undergoes examinations from an independent auditor in accordance with the AICPA's SSAE18 (i.e. SOC 1) and the American Institute of Certified Public Accountants' TSP Section 100a, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality and Privacy (i.e. SOC 2 and SOC 3).

Workforce Dimensions is hosted in the Google Cloud Platform (GCP) in numerous geographies deployed to meet customer needs. GCP provides high availability, physical protections and environmental protections to Workforce Dimensions. The GCP achieves the American Institute of Certified Public Accountants TSP Section 100a, Trust Service Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality and Privacy (i.e. SOC 2 report) and several ISO certifications (ISO 27001, ISO 27017 and ISO 27018). Network traffic is regulated via redundant, next generation firewalls that limit access to authorised management and customer traffic.

Workforce Dimensions leverages backup and failover protection, including redundancy in database design and regular database backups. Backups are sampled to validate restore capabilities.

Customers access Workforce Dimensions via encrypted TLS sessions using unique user IDs. The application provides the customer with the ability to configure application security and logical access per the customer's business processes including options for multi-factor authentication.

For further information, please refer to the Workforce Dimensions SOC 3 report.