Skip to main content
search

TRUST THREAD

Keeping Your People and Payroll Data Secure

Prioritizing Protecting You

How Thread and isolved keep your team's money where it belongs.

Keeping your team’s personal and financial data secure is our priority. See how Thread and isolved work to protect your company’s information. 

Thread has spent 20 years (and counting) safely and securely delivering people-first human capital management (HCM) technology that helps our customers build high-performance, high-culture companies. At Thread, we believe that people are the lifeblood of your business, so we empower them with isolved People Cloud™, an intuitive HCM platform designed with people in mind. We also provide best-in-class service from a team of real people who work as partners in your organization.

Together with isolved, our mission is to provide our client’s workforce with a futureproof platform so they can continue to deliver awesome outcomes fast while simultaneously reducing risk. We do this by helping protect you and your people with a comprehensive commitment to security, privacy, compliance and accessibility – all reflected in this comprehensive Trust Center.

At Thread, we work hard to build trust with you. From background checks on prospective employees through onboarding to annual compliance training and certification, we ensure all of our people are working to protect all of your people at all times, which in turn helps you build trust with your employees.

Security

Thread and isolved understand the importance of security and operational risk management. We continuously assess our risk and security capabilities and are committed to continuing our strategic investments in people, processes and technologies that ensure the most comprehensive protection of our customers, partners, employees and assets. We conduct independent assessments, have board-level visibility into strategic cybersecurity and operational risk objectives, leverage industry-leading providers and have dedicated resources to ensure viable risk and security management.

Risk analyses including various testing of cyber, system and process controls are conducted on a regular basis either internally or by a certified third-party provider across the following control types to ensure necessary and ongoing safeguards.

Given the fact that isolved and its affiliated companies receive hundreds of audits, cyber and risk-related requests annually, we are hopeful that our audit management approach and this Trust Center will provide enough detail to satisfy your requirements. However, we can provide additional information under Non-Disclosure Agreement (NDA) and, in some circumstances, are willing to host an on-site review with select executive management and expert resources. Please contact your Thread sales rep or account manager for additional information.

Administrative safeguards include training, documentation, practices, policies and procedures that define business and personal-use practices in accordance with the organization’s security and compliance goals. These can apply to employee hiring, termination, equipment, Internet usage, physical access to company facilities, separation of duties, data classification, auditing and security and/or other risk training.

Technical safeguards include hardware, software and other technology mechanisms used to protect assets. Some common examples are authentication solutions, firewalls, antivirus software, intrusion detection systems (IDSs), intrusion protection systems (IPSs), constrained interfaces, access control lists (ACLs) that protects access to/from data, networks and systems.

Physical safeguards include mechanisms used to prevent or detect unauthorized access to physical areas, systems or assets. This may include but not limited to security badges, locking doors, access cards, biometrics access controls, video cameras, surveillance cameras, motion sensors, fire suppression, and other environmental controls like HVAC and humidity controls.

Privacy

Thread and isolved believe in putting people and their privacy first. We value our customers’ privacy and trust and work hard to handle your data and the integrity of it with absolute care. We understand what’s at stake and will always operate in a highly secure and professional manner when handling your information.

isolved understands our responsibility to safeguard personally identifiable information (PII), protected health information (PHI) and other nonpublic personal or financial information of our customers, their employees, brokers and participants from any unauthorized access or use. We take this responsibility seriously and we will never knowingly use customer data for purposes, including the sale of data to third parties, other than those clearly defined within our privacy policy and agreements for any reason, except as required by law.

As a third-party administrator, isolved maintains limited access to the data we process on your behalf in connection with our products and services including isolved People Cloud™, and we do not access your data for any reasons unrelated to the operation and maintenance of our products and services. Instead, we provide our customers with the necessary control over their own data, including the ability to access it in order to meet data privacy and compliance attestation requirements.

isolved and isolved People Cloud – running on Microsoft Azure – maintain the highest industry standards and best practices, taking into account privacy laws at the Federal (e.g., HIPAA as amended by HITECH) and state (e.g., California Privacy Rights Act or “CPRA”) levels.

The level of trust we enjoy from our customers today comes from many years of safely and securely providing our products and services and our ongoing commitment to maintaining and continuously improving our privacy controls. Technologies continue to change such as with touch-based technology.

Touch-based technology privacy statement:

isolved Time Solutions utilize timeclocks that may include touchpads. The touch-based technology utilized through touchpads does not capture fingerprints. isolved does not capture, store, possess, or use fingerprint data. isolved complies with applicable retention and destruction requirements as defined by law. Read the full privacy and policy statement

The isolved privacy controls and processes, which cover protected data received in any tangible and/or digital medium by isolved are recorded within our Privacy Policy.

Compliance

Thread and isolved understand that the products and services we offer including isolved People Cloud™ fall under various local, state and federal statutes and regulations, and may be subject to compliance requirements and audits.

Therefore, we implement safeguards strong regulatory Compliance Program containing policies and procedures founded on solid compliance controls that correction prevent, detect and mitigate compliance violations. Our controls are subject to annual SOC audits and our policies and procedures are regularly reviewed, tested and updated by our Compliance Department.

Compliance – Our Compliance Program specifically takes into account Federal and state privacy and security laws, including HIPAA as amended by HITECH, GLBA and CPRA, as well as Federal and state financial services and employment laws.

The isolved Compliance Program is carefully tailored to help us support the needs of our customers. It contains numerous features and performs multiple critical regulatory, security and privacy risk management functions, including:

  • Periodic Risk Assessments
  • Knowledgeable and Empowered Chief Compliance Officer– supported by a strong corporate culture of compliance, state-of-the-art regulatory monitoring tools, and credentialed regulatory, security and privacy experts
  • Policies and Procedures – based on applicable law and industry best practices, regularly updated, tested and rigorously enforced
  • Stringent Training Requirements – for all employees
  • Monitoring Mechanisms – including the isolved Compliance Committee, accountable to the isolved Board of Directors
  • Forensic Testing and Audit
  • Oversight of the isolved Code of Conduct – our business ethics requirements

Our team works continuously to stay up to date, comply with the latest regulations, maintain best-in-class certifications, and is guided by the highest of industry standards, including the National Institute of Standards Technology (NIST) cybersecurity framework to ensure that you and your customers are protected whenever using isolved People Cloud.

Fraud Prevention

The danger of fraud is growing, and its impact to a company’s revenue and reputation and an individual’s livelihood can be significant, even devastating.

As criminals become more innovative and determined in their efforts to infiltrate infrastructure and systems in order to steal confidential information and detrimentally disrupt services, isolved will also continue to work tirelessly to reduce fraud risk at all points in our product and service lifecycles.

We maintain strong controls, state-of-the-art monitoring mechanisms and savvy financial processing expertise to detect threats and contain fraud risk. By identifying evolving fraud trends, stopping known exploits, closing gaps and reducing harmful financial impacts, we help keep customers safe while using our systems.

And as fraud methods continue to evolve in complexity, from credit card and serial number issues to counterfeit sales or illegitimate payments, we use sophisticated monitoring to minimize the impacts of fraud on our business and most importantly on our customers.

Payments Fraud:

As incidents of cyber fraud continue to grow, there are precautions you can take and controls you can set to help you avoid loss. Payment fraud activity is on the rise.

  • Never respond to pop-ups or unsolicited phone calls asking you to provide personal information or to submit or re-submit your login and password information.
  • Never allow multiple people to use the same computer to process a transaction.
  • Never continue an online session that makes you or any of your colleagues feel uncomfortable or unsure, discontinue the session immediately.
  • Never provide sensitive non-public information within an email.
  • Validate every and all payment requests received via email – ideally verifying the sender’s detail via phone call or in person before proceeding.
  • Review email and domain names closely for accuracy and to help avoid phishing or BEC schemes. Thread emails will always follow the threadhcm.com structure. isolved emails will always follow the @isolvedhcm.com structure.
  • Regularly review and confirm the entitlements and systems access of your employees.

Phishing

Phishing is when an individual or group of people receives a fraudulent email or text message from scammers that appears to be sent by a trusted person in order to trick them into giving up personal information, which is then stolen. They may try to steal your passwords, account numbers, and social security number in order to fraudulently access your email, bank or other accounts. The FBI’s Internet Crime Compliant Center reports that people lose around $60M to phishing schemes a year.

This is because phishing attempts can be very convincing as the website requesting your information can often seem very similar to a legitimate vendor’s site. There are some best practices you can adopt to prevent you or your employees from becoming victims to this type of attack.

  • Validate the sender: When you receive emails, ensure that the address ends in a recognizable and trusted domain.
  • Validate the URL: When entering your username and password, check the URL in the browser to ensure that it is indeed the correct address and that it is protected with “HTTPS” at the front of the URL.
  • Look for inconsistencies: Oftentimes, phishing attempts can contain subtle differences in the design of the site. Be sensitive to nuances such as misspellings or poor graphics.
  • Look for threats: Phishing attempts often warn of bad consequences if an action is not taken immediately or within a certain period time.
  • Enable Multi-Factor Authentication: Multi-factor authentication (MFA) is an additional and significantly effective security measure that requires a “second factor” such as a secure code to authenticate.
  • Ensure a strong password: Your password should include a combination of lower and upper-case characters, numbers and other symbols.
  • It is important to note that isolved will never request that your username or password be sent via email.

isolved People Cloud utilizes MFA as an added protection when signing in. Our applications additionally generate notifications for high-risk changes like direct deposit changes or account lockouts.

Phishing is covered under various state laws, and there are broader federal criminal laws that apply to phishing and other identity theft crimes.

If you or your employees have received a suspicious email, you should inform your IT/IS personnel and delete it immediately. If you or your employees have entered information such as username, password, or other confidential information into a suspicious site, we recommend that the password for the account is changed immediately.

Want to switch to the power and strength of security through Thread with isolved?

Close Menu

CLIENT LOGIN