GLOBAL PAYROLL MAGAZINE
81
provides guidance on how to get these questions answered.
The end of each section of the toolkit has a convenient checklist so you can compare the assets and resources you already have to what ideally should be accessible and/or already in place. The Importance of Process and Data Mapping The toolkit stresses that Payroll operational best practices, such as Payroll process mapping and knowing what data is kept where (and the backups), can be instrumental in timely identifying Payroll functions that may be affected by a breach. Guidance is included on how this can be a big part of the remediation process. Process mapping also can help rule out areas that do not need attention after an incident, allowing teams to focus on the problem points. For example, a system compromise in one area of Payroll, such as timekeeping, may have no impact on the systems that employers use to calculate pay deductions and additions, or push payments out to employees. Putting It All Together: Training and Testing Sections of the toolkit are devoted to properly setting up a secure environment for Payroll information so the operation is more hardened against breaches and other system anomalies.
Information on steps taken to manage the variety of incidents is covered extensively. It needs to be recognized that procedures can be very different if, say, a company mobile phone has been lost, compared to a set of data in a file that has been allowed beyond the firewall, a credential compromise, or something more serious, like a full-on ransomware attack that halts processing. “The toolkit stresses that Payroll operational best practices, such as Payroll process mapping and knowing what data is kept where (and the backups), can be instrumental in timely identifying Payroll functions
that may be affected by a breach.”
Made with FlippingBook Ebook Creator