Attaché Software takes the security of your payroll and HR data seriously. Attaché has been approved by the Australian Taxation Office (ATO) as a Digital Service Provider, and as such we adopt industry best-practice procedures and comply with strict guidelines defined by the ATO.
A hybrid solution where you control system and data access
Attaché's Single Touch Payroll (STP) solution is hybrid, which means it has both desktop and cloud components, and thus provides the flexibility, functionality and convenience of a cloud-based system while maintaining your core payroll data on premise. Each payroll instance is kept separate at client level, ensuring there is a physical separation of data. The cloud component can be accessed only through a personalised individual URL, giving customers the flexibility to control who can access data, both in the cloud and on premise.
Only authorised users who have logged in can access the Attaché STP solution. Further, our STP solution has multi-factor authentication to comply with Level 3 of Australia's National e-Authentication Framework (NeAF). This means all STP submissions to the ATO are protected behind a login and password plus a verification code that can only be generated on an authenticated device by an authorised representative.
User access levels are configurable depending on your needs. For companies with multiple organisations, user access can be tailored to suit each dataset and organisation.
Secure data centres
All data is stored with disk-level encryption on Amazon Web Services (AWS) – one of only eight Australian Signals Directorate (ASD) certified cloud providers in Australia who are authorised to store sensitive government data. AWS uses servers physically located in Australia only, which means your data falls within the Australian legal system.
Attaché does not claim ownership of STP or any other payroll-related data stored on our cloud infrastructure, whereas many other cloud systems will claim they own the data. Your data is not accessible by Attaché development, sales or support staff.
We use Transport Layer Security (TLS), which is a more secure version of Secure Sockets Layer (SSL) as well as multi-layered verification.
Data is also encrypted in the database and payloads are encrypted prior to being securely transmitted, protecting the privacy of your data at all times. As an extra safeguard, all Attaché data on AWS is secured in certified ASD centres only and encrypted at rest to ensure your data is protected in all circumstances.
Multi-factor data binding between the local Attaché desktop payroll company (dataset) and the Attaché Online organisation has been implemented. Following this, we then use a three-way secure handshake protocol before transmitting any data between desktop and online.
Single Touch Payroll and security assurance
Attaché Software has attained ISO27001 certification to meet the ATO’s requirement that Digital Service Providers must be either ISO27001 or iRAP certified.
Backed by AWS's 99.99% uptime service level agreements, Attaché and your STP data is accessible whenever you need it.
Built to perform at scale
Our solution has been designed to work with your existing Attaché Payroll or other provider payroll product. We have our own connection to the ATO, thus reducing the need for additional providers and potential increased downtime risk.
Innovation, new functionality and performance improvements
We are constantly improving Attaché through new functionality and performance improvements. Product updates are released fortnightly and documented in our online change log, with as little disruption as possible to service levels or user experience.
We encourage feedback from our customers on what they like and what could be improved. Please contact Attaché.