07 June 2023

Phase 3.png





Payroll management is a business-critical operation that ensures everyone gets paid on time, that they get paid the right amount, taxes are correctly managed, and employee records are accurate and up to date.

And whilst most organisations will have some sort of contingency planning in place for other areas of the business, such as potential supplier issues, IT meltdowns or shifting market dynamics, not all have firm plans for if payroll can’t be executed correctly.

And it’s one thing if that’s due to a banking delay or software glitch, it’s a whole other thing when that disruption is due to a cyber attack.

When the worst happens - a critical danger to sensitive data

Data breaches and cyber attacks happen all the time. It makes the news when it hits a payroll company or department because of the sensitivity of the data which the hackers may have gained access to.

Employee data including bank details, date of birth, government ID numbers and addresses are all required to run payroll. It’s why security is one of the most critical factors when choosing the right payroll software or provider.

To prevent loss of data and secure a threat, often the only solution is to shut down and contain the zone in which the breach has taken place. Whilst this will help limit the scale of the potential breach, it also leaves payroll departments unable to carry out their functions.

The need for robust payroll contingencies

When was the last time you assessed the security of your payroll delivery and assessed your contingency plans? If you’re racking your brains to try and remember, then it was too long ago.

Conducting regular security and procedural reviews takes time and effort - but the time required to conduct the review is far less costly than having to deal with a breach should the worst happen - both in terms of financial outlay to solve the issue, and the negative press associated with the attack.

Creating a payroll contingency plan also covers an organisation for any outage to payroll systems, including:

  • Natural and manmade disasters

  • Power or network outages

  • IT crashes or data losses

  • Loss of access

  • Cyber, phishing and ransomware attacks

And as we know, the most successful organisations will always hope for the best - but are fully prepared for the worst to happen.

What does a payroll contingency plan look like?

A payroll contingency plan deals with a series of ‘what ifs?’. What would happen if our bank goes offline, or our account is frozen? What would you do if your payroll system provider went bust overnight? And what would your protocol be if your system was hacked?

Think disastrously. What’s the worst that could happen? Play out the scenario, and list the steps the organisation needs to take if it does.

The first and most important line of defence for organisations of any size is to back everything up, from data and documents to login credentials. Payroll information should be securely stored in more than one location, and potentially locally saved if your system is cloud-based too.

Your contingency planning should also include how payments can be made if payroll access is limited, or indeed, access to funds is shut off because of a banking issue. Are there other sources of funding you can draw from if your main payroll pot is unavailable? And can your payroll system link into different sources of cash to settle payroll?

Your contingency plan can also include mitigation factors, such as ensuring payroll systems are up to date, that data storage is in compliance with the latest legislation, and that no one has access to the system that no longer needs it - including employees who have just left or external consultants. How often will you make these checks, who does them, and how is a record of these mitigations being carried out documented?

How secure is your payroll delivery?

The requirement for watertight data security in payroll is one of the reasons why companies outsource to a managed payroll company - but things can still go wrong.

Phase 3 is an award-winning outsourced payroll provider that takes data security incredibly seriously, as well as contingency planning.

We hold accreditations for Cyber Essentials, ISO27001 for Information Security and ISO9001 for Quality Management - on-top of being nominated for CIPP’s Payroll Provider of the Year for two years running and named winner in 2021.

If you’re interested in moving your payroll processes to a specialist provider, then learn how we can support your organisation here.

For support with your existing payroll processes, including analysing current system performance and security, our system review and health check service will help you to identify areas of concern, as well as room for improvement.

Website: https://phase3.co.uk/

Email: [email protected]

Telephone: +44 (0) 800 321 3032