Workforce Ready Security
|3 LEVELS OF SECURITY|
|Restricted Parking Outside Fenced Perimeter|
|24-Hour Guard Station at Entrance|
|Pan-Tilt-Zoom Cameras Monitor Facility|
|Only Pre-Approved Visitors|
|Biometric Access to Secure Areas|
|Redundant Power and Data Cables Encased in Armored Conduit|
|Multiple Backbone Providers|
|Variable Switch Load Balancing of Internet Traffic|
|2-Megawatt Diesel Backup Generator|
|Lampertz Vaults Impervious to Smoke, Water, Fire, and Electromagnetic Waves|
|Multiple Layer Intrusion Detection System|
|Hardened Operating Systems and Vulnerability Scanning|
Surrounded by an iron fence, the facility perimeter is equipped with pan-tilt-zoom (PTZ) surveillance cameras and a 24-hour guard station to monitor access. Only pre-approved visitors are granted access during normal business hours and may only access common meeting space. All parking for visitors is restricted to areas outside the fenced perimeter and employee access to the data center requires biometric identification.
All power and data lines are encased in armored conduit. Specially designed Lampertz vaults protect servers, network cabling, power sources, and related hardware against fire, smoke, water, moisture, and electromagnetic pulses. Vault doors are secured with biometric thumbprint readers and monitored by security cameras. Added security is achieved through a multiple-layer intrusion detection system consisting of custom firewall rule sets, private VLANs, and two layers of isolation.
Infrastructure Services Security
Kronos offers a hosting environment built upon a secure infrastructure, which undergoes examinations from an independent auditor in accordance with the AICPA's SSAE16 (i.e., SOC 1) and the American Institute of Certified Public Accountants' TSP Section 100a, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (i.e., SOC 2 and SOC 3) . For added security, Kronos staff utilize two-factor authentication when accessing the infrastructure. This authentication technology helps mitigate a number of security risks associated with logging into the infrastructure system.
Workforce Ready (WFR) cloud environment is located in a third party data center which also undergo an independent examination in accordance with the AICPA's Trust Service Principles. Colocation services consist of physical and environmental protection services. The facility perimeter is equipped with surveillance cameras and a 24-hour guard station to monitor access. Network traffic to VLANs in the WFR cloud environment is regulated via redundant, next generation firewalls that limit access to authorized management and customer traffic.
Kronos Management Access
Management access to the WFR Cloud is limited to authorized Kronos support staff and customer authorized integrations. The security architecture has been designed to control appropriate logical access to the WFR cloud environment to meet the Trust Services Criteria and Principles established by the AICPA. A centralized secure file transfer solution facilitates data transfers between the customer and WFR cloud environment. This solution provides for an encrypted transmission and logging of all files transferred into or out of a customer environment.
Customer Access and Application Configuration
Customers access the WFR cloud environment via encrypted SSL sessions. The Applications provide the customer with the ability to configure application security and logical access per the customer's business processes.
For further information, please refer to the Kronos SOC 3 report.