SOC 2 Type II Certification Verifies Worklio Service and Security Management

Worklio is a powerful Payroll Software and HRMS for small and mid-sized businesses with focus on providing extensive Security, expert Customer Service and Growth.

BRNO, Czech Republic — Worklio™, the powerful Payroll Software and HRMS that is bringing a state-of-the-art technology to the business community has received SOC 2 Type II certification for the effectiveness of its service and security.  

The SOC 2 Type II report enables customers to rest assured that Worklio has designed and implemented effective security controls. TayllorCox, an international certification company, verified compliance.  

“The SOC 2 examination process took several months and demonstrates our commitment to providing the most secure service to our customers,” said Zdenek Valach, the CIO of Worklio. “The audit serves to underscore the fact that we provide an industry-leading and highly secure cloud service in accordance with the most stringent standards, and that it is designed to enable companies to process payroll, HR and benefits data in the most secure manner.”  

System and Organization Controls (SOC) is defined by the American Institute of Certified Public Accountants (AICPA). Overall, the SOC 2 Type II report is designed to provide assurance for the effectiveness of controls implemented in a service organization. It verifies internationally accepted levels of compliance according to a comprehensive set of criteria, which include the security of the system; the processing integrity of the system; the availability of the system; the privacy of personal information; and the confidentiality of the information that is processed and maintained for customers. 

Worklio is a state-of-the-art Payroll and HRMS solution that bolsters all aspects of daily business. The Software-as-a-Service platform is built on the latest Microsoft® .Net and Microsoft® Azure SQL Server technology platform, designed and optimized for the Microsoft® Azure Cloud, and available 24 x 7 across all devices.  

Worklio also re-verified compliance with its ISO 27001 certification for information security management and its ISO 9001 certification for quality management.  

To see the Worklio software in action and learn how it can help streamline your business, email  

See What Worklio has NEXT

Worklio has a lot of projects in the works, including a revamped NEXT Dashboard, a streamlined system to organize Open Enrollment and empower employees with information to make educated elections, and a tool to automate repetitive tasks.

They are all in development. Check them out:

Worklio NEXT

The dashboard is getting an improved design and new features, like an Activity Feed.

Download the PDF for more information.

Benefits Enrollment

Make Benefit elections convenient for your employees by providing 24/7 access on desktop computers and through their mobile phones.

Download the PDF for more information.

Open Enrollment

Simultaneously and effectively manage the enrollment of multiple plans for an unlimited number of clients and employees.

Download the PDF for more information.

Workflow Automation

Reduce repetitive tasks, increase efficiency and empower your team members to focus on high-value items.

Download the PDF for more information.

And there is much more, including automated processes to handle Pennsylvania Local Income Taxes, a Marketplace with links to approved third-party providers and the Key Performance Indicators Dashboard for the Corporate Suite.

To see the software in action, send an email to or call 1 (727) 290-0044.

Worklio Security Exceeds Industry Standards

Security is an essential part of doing business in the online world and it is the foundation for the Worklio platform and day-to-day operations.

Worklio is a Software as a Service (SaaS) that was built on the latest Microsoft framework for web applications. It is designed specifically for the Microsoft Azure cloud — not an on-premises system that was installed in a virtual machine and called a “cloud”. Each instance is separated to protect each PEO company and its clients.

Worklio uses Microsoft Azure DevOps for code management and task management. It is the same system that Microsoft uses to protect Windows, Office and related software. The platform was designed from scratch to use all of the advantages of the Microsoft Azure Cloud, including the built-in security features. It is the latest technology to protect you and your data. In the worst case scenario, there are several options for a fast recovery because source codes and data are stored separately.

The Worklio team is highly skilled with years of experience in different areas of contemporary technology, including an email portal that has had millions of users and the antispyware app Spyware terminator that has been downloaded 400 million times.

Worklio maintains a system of continuous monitoring that exceeds the industry standard for security: 24×7, both in-house and from multiple independent locations.

Annually, Worklio renews its ISO 27001 certification for information security management and ISO 9001 certification for quality management. A comprehensive supervisory audit verified compliance in January 2021.

Some more specific highlights of the Worklio security system:

• Encryption
Worklio uses PCI-grade TLS-transfer encryption (HTTPS); the server is connected to customers with TLS 1.2 communication encryption. Azure SQL Transparent Data Encryption and Column Level Encryption are used for sensitive information (e.g., SSN, account numbers). Data is secured with multi-layered encryption with AES-256 and RSA 2048 bit keys, the highest standard available. Encryption keys are stored in an Azure Key Vault secure location and separate from connected data.

The Worklio platform is hosted in a cloud infrastructure that is secured at an off-site location.

All PEO environments are isolated so a problem in one does not affect others.

• Firewall
Worklio uses a web application firewall that supports IPS and DDoS protection. IP restrictions and firewall controls are at all database endpoints.

• Data
Worklio handles all data with care to maintain high standards and best practices, including certification attested to by HIPPA, PCI DSS and ISO 27001. Data is backed up regularly and stored in multiple secure locations throughout the United States. Night backups are retained for seven days. Point-in-time restore allows for the re-establishment of the database state to any minute in the preceding 35 days. The Worklio system and data span numerous physical locations, with N+1 or greater redundancy to establish resilience for all components.

• Ongoing Monitoring
Worklio maintains a system of continuous monitoring that exceeds the industry standard for security: 24×7, both in-house and from multiple independent locations. Third-party cybersecurity firms are used for security testing, scans and threat detection. There are regular reviews of the platform and the server environment, focusing on all levels of operation.

Open Web Application Security Project (OWASP) practices are followed for secure development procedures and to prevent most known attacks, including XSS, SQL injection and other types.

Worklio plans to hire an outside firm to do penetration testing in 2021 Q2.

• Security Built Into the Worklio Platform
Worklio has a layered system of access rights built into the platform to restrict the number of people who have access to client and employee information. All changes made by anyone on the platform – by administrators, employees and clients – are logged in an audit system so that all access and data alterations are available.

IP restrictions, two-factor authentication and a strong password policy are built into the Worklio platform and all are highly recommended to be activated by clients.

• Access Restrictions for Worklio Personnel
Worklio personnel — programmers, developers and support — have limited and controlled access. The build environment and the deployment of releases is handled only by Azure DevOps so no attacker can modify or inject malicious code into production binaries. Azure PaaS is used as the production environment to guarantee the latest server patches and the latest version for runtime frameworks. Development uses only the most recent supported version of .NET Core, and no obsolete environments.

All employees are subject to significant background checks and vetting to maintain a high level of integrity.

• Source-code-level Security
All builds and releases are run on dedicated computers with full automation. All source-code changes are logged and can be traced from/to build and released versions, and to each developer. Source code flows through three phases: Test > Staging > Production. All hotfixes are reviewed by senior developers through pull requests. Everything is covered with the same security that Microsoft uses to protect its own source code for Windows and Office.

• International Compliance
ISO 27001 audits verify Worklio security every year. The most recent comprehensive supervisory audit was completed in January 2021.

Worklio is also in the process of obtaining SOC 2 certification to further ensure the secure management and protection of data.

• Azure Uptime Guarantee
Worklio servers are hosted in the cloud by Microsoft Azure. The Azure Cloud has an uptime guarantee of 99.95%. The long-time average based on our Service Level Agreement conditions, which excludes non-office hours when releases are made, is 99.99%.

For more information about Worklio Security policies, contact Worklio at

Worklio Is Ready To Help You

As the United States continues to fight to slow the spread of COVID-19, Worklio is constantly monitoring the situation to stay on top of the legislative developments in order to help our customers and their clients deal with the ongoing changes to federal regulations.

Hotfix releases continue to be made. Forthcoming legislative changes are being addressed in real time to provide customers and their clients with solutions as quickly as possible.

Worklio understands the uncertainty that the battle against the spread of the coronavirus has caused. We are available and we will do everything we can to help you navigate these truly unique circumstances that affect us all.

Most importantly, know that Worklio is here to support our customers and their clients and the many worksite employees who make business happen in the United States.

California Moving to Online-only Payments for Child Support

California, which has close to 40 million residents, is the most populous state and possibly the most complex when it comes to Payroll and Human Resources.

The “Eureka!” state has many laws and regulations to safeguard employers and employees. Almost every aspect of the workplace is covered, including meal and rest periods, vacation policies, itemized wage statements and final paycheck requirements.

Continue reading “California Moving to Online-only Payments for Child Support”

Do Your Due Diligence: Department of Labor Boosted Civil Penalties for Inflation

Need another reminder for why you need to dot every “i” and cross every “t”? Here it is: the Department of Labor increased its civil penalties.

Pretty much every violation has been adjusted for inflation, including failures to comply with the Occupational Safety and Health Act (OSHA), the Fair Labor Standards Act (FLSA), the Family & Medical Leave Act (FMLA), the different versions of the Immigration & Nationality Act and the Migrant and Seasonal Agricultural Worker Protection Act (MSPA).

Continue reading “Do Your Due Diligence: Department of Labor Boosted Civil Penalties for Inflation”

You All Set With the New From W-4?

Form W-4 has been redesigned and updated. But many companies are still using paper copies when they could onboard employees electronically. What does your company do?


One of the first documents that new-hire employees fill out when they get on the job and one of the documents that should be updated every year is the Form W-4. For more than three decades, it has remained largely unchanged.

Not any more.

This year, the W-4 has gone through a significant update to make the withholding system more accurate and more transparent. As the IRS says, it will “ensure (a) smooth taxpayer experience.”

Continue reading “You All Set With the New From W-4?”

The Whole Story of Making a PEO/ASO Move

Whenever you make a big decision it is best to weigh the positives and negatives. Outsourcing your company to a Professional Employer Organization (PEO) or an Administrative Services Organization (ASO) would qualify as a big decision.

So which way does the scale tilt?

Every business is different so every situation is unique. For the positives, click here for a blog post with general information about about PEOs and ASOs and click here for a blog post with more specific benefits about using PEOs and ASOs.

For the negatives, read on because there are some potential rough spots that should be clearly understood prior to hiring a PEO or an ASO.


Some Loss of Control

The person who runs the company makes the final decisions. Often that person also wants to make all of the decisions. Outsourcing is, by definition, the delegation of a significant portion of the daily operations of a company. Even though supreme authority is maintained by the client company, it is not always easy to relinquish the day-to-day control.


Possible Insurance Alterations

One of the biggest strengths that PEOs and ASOs bring to the table is also a weakness. Economies of scale lead to good deals on health insurance, but that could mean that there may be carrier changes. Some companies choose to handle their health insurance separately to keep consistency. Also, savings are passed on to the clients, but there may be extra fees that cut into it.


Pricing Schemes

PEOs and ASOs use two basic pricing models: an itemized plan and a flat fee. Once a client has gone through the time and energy of partnering with an outsourcing company, it may be difficult to adjust when business success justifies a change. The flat fee model, which can take up to 10 percent of salaries, may not make sense when your success results in quickly rising salaries. Paying for individual aspects of an HR outsourcing company would be more predictable and not subject to salary fluctuations. Of course, often services are bundled, joining valuable and unimportant aspects together.


Reduced Personal Contact

The fact of the matter is that many problems will not be resolved face to face. Information websites, automated emails and phone calls are the more likely forms of communication. Response time will be longer than walking to the HR department down the hall to ask a question.


Reduced HR Intangibles

There is some value in having Human Resources on site. The department is often tasked with spreading holiday cheer and establishing relationships in the local community. Of course, using an outsourcing company does not mean that local HR cannot exist.


No On-Site Crisis Help

Times of crisis or chaos will, perhaps, be made more complicated. HR is where complaints — legal or otherwise — are officially lodged. Writing an email about sexual harassment is not the same as closing the office door and telling a real person about it.


Sharing Sensitive Data

Because business is so competitive, some companies may be justifiably wary about sharing payroll data and information about internal mechanisms. Outsourcing companies appreciate this concern and have high-level security with proper certification to prove it.


If you can live with these points and if the positives outweigh the negatives, then check out PEOs and ASOs.

Worklio is a software company that works hand in hand with PEOs and ASOs, providing the modern technology that leads to success.

Starting a New Era with a PEO or ASO

There are hundreds of Professional Employer Organizations (PEOs) that take on all Payroll, Benefits and HR responsibilities, and there are hundreds of Administrative Services Organizations (ASOs) that handle parts of a company’s day-to-day workload.

A PEO or an ASO could help any company immensely.

However, every change comes with an inherent risk. Would it be worth the trouble to outsource your Payroll, Benefits and HR? Just how difficult would it be for a company to make the switch to a PEO or an ASO?

The glib answer: It’s easy.

The honest answer: Corporate and personal data is sensitive so an unprofessional migration would not be appropriate.

For more detailed information about the benefits of PEOs and ASOs, go to the following comprehensive blog post. Below is a rundown of some of the steps that such a change would involve.


The Migration Process

The actual nuts and bolts of outsourcing a small business are not complicated: Payroll, Benefits and HR are simply taken care of by an outside company instead of a fellow employee on the other side of the open-space office.

Nevertheless, the first time through any process has bumps. Fortunately, PEOs and ASOs have gone through the process of setting up new companies many times before.

There is a lot of data that needs to migrate. Each company has a lot of facts and figures and official paperwork, starting with the simple (e.g., physical and mailing addresses, email addresses, phone numbers) and progressing to the complex (e.g., Workers’ Compensation, Job Codes, General Ledger). The number of employees needs to be established. An allowance for growth should be prepared, and a naming scheme designed. A billing structure needs to be set up. Archives for older documents need to be established. Relationships need to be created and/or adjusted with insurance companies and benefit providers. COBRA needs to be set up. Contractors need to be introduced into the system. Simply establishing the initial automated emails will be time consuming. And this is just a quick, general list.

In the long run, everything will be more efficient, but the short run will require some adjustment.

Each employee is involved in the change, too, from providing personal information to learning to use new software. Each employee needs to add their own data, and some of it is sensitive. Addresses, email addresses, phone numbers are still there, but there is also Payroll and Time Off information, and each has a different level of Benefits that need to be transferred.

Outsourcing companies have done it all before and, like the eventual day-to-day benefits, the initial setup is streamlined and simplified to minimize errors.

Clearly there is a lot of work. But given the advantages of using an HR outsourcing firm, the initial migration and learning phase will grow into an efficient and effective system.


Technology Helps

The good news is that the best PEOs and ASOs have embraced technology. Computers have made business transactions quick and painless at the bank, and it has done the same for Payroll, Benefits and HR.

Worklio, for example, is a cloud-based platform that makes the transition efficient with a comprehensive data transfer and help with every additional step. The Worklio system connects the PEO, the client company and the worksite employees into one compatible and secure framework. Plus, customer service is always available to help.


PEOs and ASOs Grow Businesses

There are many benefits to working with one of the hundreds of Professional Employer Organizations (PEOs) or Administrative Services Organizations (ASOs).

Just to name a few:

  • More time to focus on the core revenue-generating side of your business;
  • Enhanced benefit offerings;
  • Bulk purchasing power;
  • Mitigation of risk;
  • Improved compliance;
  • Reduced costs;
  • Centralization; and
  • Standardization.

Simply streamlining the mundane tasks of employee administration is a significant step in the right direction for any company.

When deciding upon an outsourcing model, you must take into account several factors, including the type of business, the number of employees, the current HR administration costs, employee turnover, employee issues, lost opportunity costs and compliance issues. Then you will be able to reap the many additional benefits by using a PEO or an ASO.

Below are some additional detailed benefits that your company may enjoy by partnering with a PEO or an ASO:


Organized Growth

Young companies often grow faster than expected. Hiring a person dedicated to payroll or benefits or human resources is not always cost effective. Yet, nobody in the office has any background in employment law nor have they ever established a 401(k) plan or even a vacation policy. Outsourcing fills this gap, at least until the company grows to the point where it would benefit from an on-site specialist.


Shedding HR

An established company can reorganize and streamline operations by outsourcing HR. It may be a radical move, but saving or reallocating salaries puts the focus on the company.


Less Paperwork, Fewer Errors

You are an expert in your business. Outsourcing firms are the experts in their roles. PEOs and ASOs are designed specifically to take care of back office operations and they have established systems to streamline the flow of paperwork, anticipate problems and questions, and, therefore, limit mistakes.


Enhanced Legal Protection

When a company joins a PEO, it enters a co-employment relationship that provides shared responsibility for employees. According to the National Association of Professional Employer Organizations (NAPEO), the definition of co-employment is the contractual allocation and sharing of employer responsibilities between a PEO and its client. By partnering with a PEO and relying on its expert guidance, client companies transfer a substantial portion of the employee risks to the PEO. Many PEOs also typically provide their clients with an added layer of protection with their Employment Protection Liability Insurance (EPLI), in case a former employee, for example, sues for discrimination or wrongful termination.



Typically, outsourcing companies are able to reduce, contain and offset many employee-related costs for their client companies. For instance, PEOs enjoy large-group purchasing power by aggregating their client companies for the purposes of getting a lower rate for workers’ compensation and health insurance. This provides access to group rates that would be unavailable to small and mid-sized companies that make their own deals. Professional companies are also constantly looking for better deals, and they are often willing to change from one insurance carrier to another.


Due Diligence

Outsourcing companies keep tabs on the general workings of their client company to make sure that nothing falls through the cracks, from important details like contract expiration dates and insurance renewal periods, to something as simple as birthdays and anniversary dates for employees.



Outsourcing companies assist in maintaining payroll, benefits, HR and tax compliance for their client companies so that they can focus on growing their business.


Legislative Oversight

PEOs and ASOs stay on top of the changing landscape of federal, state and local regulations to provide timely and expert information about requisite changes. The Affordable Care Act. Occupational Safety and Health Administration laws. Equal Employment Opportunity Commission regulations. Should management spend time keeping track of all of the changes? Professional outsourcing companies even exert lobbying power in order to shape beneficial legislature.



Outsourcing companies have extensive experience. They have started and established many companies and they have seen it all. Fledgling companies benefit from this guidance to avoid the pitfalls that have stalled or finished lesser projects.



When a company is growing fast, adding the hiring process overburdens management. PEOs and ASOs can coordinate head-hunting for executives and scouring the workforce for employees so that company growth is not stunted by empty desks. Client companies, of course, are able to influence any part of the process and are brought in to make the final decisions.



Once the decisions have been made for new hires, the many steps of getting the new employee situated within the company starts: the paperwork, the rules, the office tour, the introductions. Much of this must necessarily be done on the job site, but a lot can be completed online with customized company administration software. Companies who hire a lot of people stand to save a lot of time and energy with online employee onboarding.



Those first few days are when the new, wide-eyed employee is trying to figure out how things work. Very little of this helps the company move forward. Allocating an established employee to serve as a tour guide is even more of a loss of production that hampers the company. Outsourcing companies that are part of the hiring process are set up to provide the basic training that new employees need in order to get them through the learning process quickly and efficiently.


Attract and Retain Talented Employees

Leveraging size to get the best possible insurance leads to savings for the company but also better quality for the employee. There may be specific aspects that could be used as perks for higher level employees. Orthodontia, for example, is not often covered by basic insurance, but braces for Junior are very expensive. That coverage may mean the difference between getting an expert employee or losing her skillset to the competition’s better dental plan.


Employee Manuals and Forms

As a specific example, established outsourcing companies have created many manuals to outline procedures and regulations for companies. New companies shouldn’t have to reinvent the wheel when customizing existing manuals or forms is easier and faster.


It’s definitely worth taking a look at partnering with a PEO or ASO.

Worklio is a software company that works hand in hand with PEOs and ASOs, providing the modern technology that leads to success.