Welcome to Powerforce Software Payroll Development Documentation
This documentation is to serve as a central repository of our internal processes and undertakings the company is commencing to conform with the security requirements of developing payroll software in the Australian market commencing July 1, 2018.
The documentation reflects the mode in which Powerforce payroll executes at present only
- The software (Powerforce) runs in a Windows NT Server self-hosted server environment in the customer's IT premises.
- The software will not be offered as a SaaS from Powerforce Software
- The software will not be hosted on Powerforce management services on behalf of any client
As a result of the ATO Single Touch Project commencement and integrity requirements, the company is undertaking to ensure that all company policy is document formally.
Whilst at present we are a micro-business, the issue remains that the company must demostrate a mature attitude of its obligations, to ensure that its clients are adequately secured from security breaches relating their use of the Powerforce Payroll module.
The content in this structure refers explicitly to the management and handing of employee data as it relates to payroll records management. No other Powerforce modules are impacted by this document.
New / Current Employee Undertakings
Whilst the company does have not had formal procedures or instruction on how to handle development processing, it is now important to understand that the business has a legal obligation to carry itself in a more circumspect mode.
The only employees that will be permitted to access the payroll and employee management code are those that have formally signed paperwork to confirm their understanding of the legal obligations that they work under
New employees will be access controlled from the github repository
- New employees will at this stage not be hired for the support of payroll. OuR current manpower requirements have served us well for the past 18 years, and we shall endeavour to more formally control source code access.
When the occassion arises that we do need to hire support staff for payroll module processing, it will be a formal requirement that new employees are backed with written references from previous employer organisations.
The company will maintain a register of issues relating to the payroll module using the inherent github controls.
- The github account is private and hence there is no access to the repository.
- The company will be using bitbucket as a parallel backup to the github repository.
Future Compliance Updates
As the STP ecosystem settles and future updates and procedures are communicated, the company must update these documents and also reflect the updates in the repository documentation.
It is a stated requirement under the terms of the ISO27001 self-assesment regime that the company undertakes to regularly review its compliance with the security requirements. This will be managed through the careful monitoring of the DPO bulletins