WorkWave

Marketplace

Sales

Support

North America
logo

Why TEAM?

Solutions

Software

Industries

Pricing

Resources

Your Trusted Partner in Security

At TEAM Software, delivering secure and reliable software solutions is our top priority and something we take very seriously. Security is a key component in all our offerings and is reflected in our people, processes and products. We’re committed to being transparent about our security practices and want to help you understand our approach. This document outlines the security measures we currently have in place, our disaster recovery plans and business continuity plans.

Security Protocols

We leverage Microsoft Azure for both our production environments and disaster recovery services. Azure’s security framework is built from the ground up and supported by Microsoft’s global team of experts. With over $1 billion invested annually in security research and development and a dedicated team of 3,500 cybersecurity professionals, Microsoft Azure provides a proactive compliance environment trusted by enterprises, governments and startups alike. This partnership ensures that security remains a foundational element of our infrastructure.

Operational Security

Operational Security represents our security and risk management processes to prevent sensitive information from getting into the wrong hands. Further, it ensures all operations are running securely, ensuring the confidentiality of our customers’ information.

Security Operations

TEAM Software actively monitors our systems from external and internal threats at the application, server and network levels through a dedicated security operations team.

  • We utilize the Sophos for Endpoint Detection and Response (EDR), which collaborates with our internal WorkWave Security team to detect and respond to suspicious activity on endpoints and servers 24x7.

  • We employ Splunk as our Security Information and Event Management (SIEM) platform, enabling comprehensive search and correlation of data from security devices, systems and applications.

  • Employees access to critical servers is restricted based on their role and requires multi-factor authentication with a strong password.

  • Customer data backups are maintained through multiple synchronized copies across Azure availability zones and paired regions.

  • We maintain logging and immutable audit trails of system activity for optimal system performance and to ensure accountability.

Incident Response

TEAM Software has established policies and procedures to handle and respond to any potential security incidents that can directly or indirectly affect our infrastructure and services. We maintain and execute Security Incident Response Procedures in response to a wide variety of threats and work closely with our Engineering and external Security teams to identify and remediate vulnerabilities. Our incident response procedures are tested, reviewed monthly and updated on an annual basis or when a major change in infrastructure takes place. We respond to the security or privacy incidents reported to us through security@workwave.com, with high priority.

Vulnerability Management

TEAM Software performs security audits on internal and external environments. Audits are performed by our in-house security team and credentialled third-party security vendors using certified vulnerability scanning tools and manual penetration test methods. Audit results are reviewed by TEAM Software’s Security Committee. Reported vulnerabilities are prioritized, tracked and resolved to eliminate the risk of known vulnerabilities. Furthermore, our security team actively reviews inbound security reports and monitors public mailing lists, blog posts and wikis to spot security incidents that could affect the company’s infrastructure.

Responsible Disclosure Program
We are committed to working with the community to verify, reproduce, respond to legitimate security issues and implement appropriate solutions for the reported vulnerabilities. If you discover or suspect a vulnerability in our systems, products or network infrastructure, TEAM Software appreciates your help in disclosing it to our company in a responsible manner. Note that TEAM Software does not permit actively auditing our infrastructure without prior approval.

Secure Development Lifecycle

TEAM Software has introduced ‘Privacy By Design’ and ‘Secure-By-Design’ methodology into our product development lifecycle. We use an agile development process that includes independent validation steps run by an independent quality team. A requirement of this process is to produce a validation report that includes security as a required signatory to the release process. Our Software Development Life Cycle (SDLC) mandates adherence to secure coding guidelines, as well as screening of code changes for potential security issues with our code analyzer tools, vulnerability scanners and manual review processes.

User privacy and security are evaluated during each stage of the development process to ensure only necessary data is collected to perform an application’s task. Security measures are continually considered and deployed through new product releases and updates as deemed advisable as part of the product development/engineering process to keep pace with evolving security threats. Environment changes are reviewed and approved in advance to ensure system integrity.

Technology Infrastructure Security

Technology infrastructure security is the process of securing the network of electronic systems and devices that are configured, operated and maintained by TEAM Software to provide various internal and external functions and services.

Cloud and Network Security

We employ rigorous safeguards and security measures to provide a secure environment for you and your customers. We employ a defense-in-depth strategy utilizing: 

  • Web application firewalls

  • Multi-factor authentication

  • Intrusion detection systems

  • Intrusion prevention systems

  • Audit and logging systems

  • Restricted access controls

  • Encrypted access tools.

Our systems are segmented into separate networks to protect sensitive data. Systems supporting testing and development activities are hosted in a separate network from systems supporting the production infrastructure.

Endpoint Security

To ensure the security of our applications, all application endpoints employ: 

  • Network firewalls

  • Web application firewalls

  • Intrusion detection systems

  • DDOS mitigation

  • HTTPS TLS 1.2+ encryption

  • Fully authenticated sessions

Sensitive servers and systems are deployed to private networks, behind load balancers, network firewalls and proxy servers to reduce our security footprint. All workstations issued to TEAM Software employees run up-to-date operating systems versions and are configured with anti-virus software and firewall. They are configured according to our formal corporate security standards. Workstations are secure by default. They encrypt data at rest, have strong passwords and are locked when idle.

Monitoring and Threat Detection

We employ advanced logging and monitoring of network, system, operating systems, application, database and cloud events. Logs are stored separately from production systems to ensure their integrity. We log more than one billion events each day to ensure the performance and security of our systems. Our anomaly-based intrusion detection and prevention systems receive regular updates from external threat intelligence sources and scan data against blacklisted signatures and malicious patterns to keep our infrastructure secure.

Identity and Access Control

TEAM Software has established strict rules and processes around user access provisioning to minimize the risk of data exposure.

  • TEAM Software follows principles of least-privilege and role-based permissions when provisioning access.

  • We employ technical access controls and internal policies to prohibit employees from arbitrarily accessing user data.

  • Only designated and authorized TEAM Software employees are allowed access to production systems and customer data.

  • We restrict our employees' access to our environments to only those who have a need to access each specific application/function.

  • We use role-based identity and access management to restrict low-level access.

    • As an example, access to our cloud and network infrastructure is restricted to our production operations team (DNS, IP addresses, access to Azure, etc).

  • Every employee has specific login credentials and individual access rights.

  • User access audits are performed by the TEAM Software Security team at regular intervals. Employees are required to use strong passwords with multi-factor authentication and SSO.

Reliability

TEAM Software builds its products from the ground up with redundancy in place to protect against many failure scenarios. We employ farms of web and application servers to minimize the risk of single points of failure. Databases utilize real-time replication to allow immediate restoration of service in the event of failures. To mitigate against the risk of partial service failures and to effortlessly scale as application volume increases, TEAM Software leverages Azure services, including: 

  • Availability Zones

  • Azure DNS

  • Application Load Balancers

  • Auto-Scaling Groups, etc.

In the event of a disaster, TEAM Software maintains a robust disaster recovery plan to resume operations in alternative Azure Regions with minimal data loss and within reasonable recovery time periods. By offering our SaaS products through the cloud we deliver cost-effective, highly secure, highly scalable and robust storage solutions for businesses looking to achieve efficiency and scalability.

Physical Security

TEAM Software controls access to its physical resources including buildings, infrastructure and facilities. We provide employees, contractors, vendors and visitors with different access cards that only allow access strictly specific to the purpose of presence on the premises. TEAM Software office building security monitors all entry and exit movements throughout our premises in all our business centers through CCTV cameras, deployed according to local regulations. Physical security of data centers is managed by data center location providers like Azure, AWS, Google and others.

Data Security

Data security focuses on protecting TEAM Software and our customers’ information against unauthorized access or use and operational failures that could result in exposure, deletion or corruption of that data. Data security exercises ensure we practice caution while handling sensitive data that passes through our systems. Our backup service provider maintains active SOC-1 Type II and ISO 27001-audited data centers to ensure the reliability and consistency of the data.

Availability and Disaster Recovery

All TEAM Software systems are highly available, employing redundant systems and networking to ensure continuous service in the event of failures. We maintain multiple redundant backups of data across multiple cloud geographic locations. Customer databases are replicated to failover nodes with a typical latency of seconds to protect against failures in primary systems. Additionally, customer databases are backed up daily to allow data restoration in the event of a larger application or environment issue that causes data loss. TEAM Software also maintains multiple environments and the ability to create additional production environments, which allows TEAM Software to rebuild an environment from scratch to ensure system availability. In the event of a recovery event, TEAM Software has defined Disaster Recovery (DR) plans to ensure a coordinated and quick response.

We are actively working to reduce the Recovery Time Objective (RTO) and setting expedited individual RTO for specific key operational areas.

Data Protection and Encryption

All databases are backed up and stored in three separate and encrypted physical locations to provide the highest resiliency against data corruption and ransomware threats. TEAM Software utilizes Azure Backup and Recovery Vaults, which are isolated from direct access by threat actors, ensuring that our backups are secure and can be relied upon to speed up recovery times. Document storage is backed by Azure Backup service to provide the highest levels of security, resiliency and availability.

TEAM Software implements a multi-layered security approach, which includes:

  • Network security

  • Identity and access management

  • Application-level segmentation

Azure Network Security Groups (NSGs) allow granular control over network traffic to and from our resources, offering a flexible, rule-based approach to safeguarding our infrastructure. Additionally, Application Security Groups (ASGs) enable logical grouping of resources, making it easier to apply strong NSG rules, while Identity and Access Management (IAM) policies enforce strict access control, further enhancing the overall security posture.

We utilize encrypted communications systems for our products and for sensitive customer communications (Virtru). TEAM Software leverages Multi-Factor Authentication (MFA) to secure access to production systems and employee productivity tools and systems. Sensitive customer information is encrypted at rest at the database level. Encryption is enforced while in transit to ensure data security throughout its lifecycle.

We support and enforce (via HTTP-to-HTTPS redirect) TLS to encrypt all data transmissions from web browsers to our servers and to our external partners, ensuring no man-in-the-middle interceptions of data. We utilize network firewalls to control access to our network and applications. In addition, all user and API sessions are authenticated to ensure security is maintained during transactional events at a system level.

Privacy and Compliance

Data privacy and compliance programs at TEAM Software are focused on how personal information and data are collected, used, shared and processed, consistent with the expectations of the individual and applicable laws, regulations, professional practice requirements and contractual obligations. Every year TEAM Software is rigorously audited by independent third-party companies to ensure that we comply with various global and regional standards governing information security.

Privacy

TEAM Software makes every effort to preserve the privacy of our users and customers. Our detailed privacy statement can be found here.

Governance, Risk and Compliance

All production changes undergo rigorous and SOC-1 certified change management processes. Further, changes are reviewed regularly by the TEAM Software security team. We frequently conduct vulnerability scans and penetration tests to improve the security of our cloud environments. Our accreditors are experts in their respective fields with a deep understanding of the different global and regional laws and standards that must be complied with. They thoroughly assess TEAM Software’s processes and controls against these standards, verifying that they are met or exceeded at all times. When the audit reports are complete, we make them available to customers by request.

We follow ISO 27001, GDPR, PCI DSS and SOC-1 guidelines for risk management, change management, data privacy and security. TEAM Software engages with a third-party ASV to conduct quarterly un-credentialed network scans. Reports are reviewed and issues remediated based on priority and complexity. TEAM Software also engages with the same third party to conduct credentialed manual penetration tests against applications in PCI DSS scope.

Compliance Certifications

TEAM Software works with leading audit firms to certify our adherence to industry-standard compliance programs and regulations so you can have confidence that your company and customer data is secure and compliant.

Certifications: 

  • PCI DSS Level 1

  • SOC-1 Type 2

  • SOC-2 Type 2 (WinTeam to be completed in 2025)

  • Privacy Shield

  • GDPR

Employee and Partner Security

TEAM Software follows strict guidelines while onboarding new vendors, employees and contractors to ensure our customers are in safe hands. Further, we ensure our employees have the knowledge and skills to perform their roles effectively while protecting security. This helps TEAM Software to prevent and mitigate user and partner risk.

Training & Certification

TEAM Software has created a culture of security that covers all employees. All employees are required to take privacy and security awareness training on a regular basis. Engineering and operations employees receive additional job/function-specific training and certification to be informed, adaptable and responsive to whatever risks may arise. Furthermore, we evaluate their understanding through tests and quizzes to determine where they need further training.

Background Verification

Each TEAM Software employee undergoes a background verification process. We hire reputable external agencies to perform these checks on our behalf. Subject to per‑country restrictions, we verify criminal records, citizen status, previous employment records, if any, and educational background. Until this check is performed, the employee is not onboarded or assigned tasks that may pose risks to customers. Failure to pass these tests will result in either mandatory disqualification from the employment process or a further follow-up investigation.

All employees and contractors are required to sign a non‑disclosure agreement and review and confirm their understanding of the TEAM Software Employee Handbook and Ethics policy along with the Acceptable Use Policy. This confirmation is recorded electronically.

Vendor Security

TEAM Software utilizes third-party technology vendors to provide additional functionalities and software integrations. We take appropriate steps to ensure our security requirements are maintained by vendors at all times, using our vendor management policy. We onboard new vendors after understanding their processes for delivering us service and performing risk assessments. We take appropriate steps to ensure our security stance is maintained by establishing agreements that require the vendors to adhere to confidentiality, availability and integrity commitments we have made to our customers.

All of our products are hosted at top-tier cloud hosting and data center vendors such as Microsoft Azure, Amazon Web Services and Edgeconnex. Accordingly, they are protected by the rigorous security standards and mechanisms of those hosting providers as well, including automated security scans to identify malware, suspicious or malicious traffic or other types of security incidents. TEAM Software evaluates vendor security at least annually.

For information related to TEAM Software’s offerings and how they may differ, please contact your TEAM Software account representative.

Disaster Recovery

WinTeam

WinTeam is equipped with a robust disaster recovery strategy to ensure rapid and reliable restoration in the event of disruptions. Leveraging the Microsoft Azure platform, WinTeam utilizes Azure Backup and Recovery Vaults to store multiple redundant copies of critical data across geographically diverse locations. This setup protects against data corruption and ransomware threats, while real-time replication of customer databases to failover nodes with minimal latency ensures quick switchover and continuity of service.

We provide real-time replication of data, with daily backups stored off-region, further enhancing our ability to recover from significant issues. In early 2025, we rolled out an enhanced 24-hour Recovery Time Objective and 1-hour Recovery Point Objective, enabling faster system restoration and minimal data loss while strengthening business continuity. The platform also supports the independent restoration of specific operational functionalities, such as TeamTime and Data Reporting, to expedite recovery for these services.

To maintain high availability, WinTeam benefits from Azure’s multi-environment capabilities, allowing us to create and rebuild production environments as needed. This flexibility ensures that we can quickly restore service continuity even in the event of a major failure. Our well-defined Disaster Recovery plans, built on Azure’s resilient infrastructure, outline coordinated recovery procedures for environment rebuilds and data restoration. TEAM Software is dedicated to continuously improving WinTeam’s disaster recovery capabilities, with a focus on leveraging Azure’s advanced tools and features to achieve faster recovery times and maintain operational resilience.

Why Microsoft Azure?

By utilizing WinTeam’s platform, built on Microsoft Azure’s advanced technology, our customers benefit from a level of security and resilience that often surpasses what can be achieved with in-house systems or standalone backup solutions.

Azure’s comprehensive suite of security features ensures that data is safeguarded against a wide range of threats. These features include:

  • Advanced encryption, at rest and in transit

  • Multi-layered network protections

  • Dedicated security operations

Azure’s global infrastructure provides high availability and redundancy, with data stored across multiple geographically dispersed locations, which mitigates the risks associated with data loss and downtime. Additionally, Azure’s automated backup and disaster recovery capabilities, combined with TEAM Software’s expert management and continuous focus on maintaining and enhancing our environment, offer a more streamlined and effective approach compared to individual backup setups. Microsoft’s annual $1 billion investment in security research and development further reinforces this, making Azure the safest, most reliable and fastest option for disaster recovery. This substantial commitment to security ensures that our customers can trust in a solution that is continuously evolving to address emerging threats, providing unmatched peace of mind and operational continuity.

Business Continuity Planning

Timekeeping & Payroll

Even with all of the protections in place outlined previously in this document, downtime must be prepared for in the event of a catastrophic event. In the event of an outage, it’s important to have a historical point where key information is stored and easily accessible. Many WinTeam clients need Employee, Customer, Job, Payroll and Timekeeping related information to ensure they have all the data needed to continue with minimal disruption. Additionally, it’s important to have the ability to capture any changes to the data after that point, such as Timekeeping information.

These business continuity plans are a combination of software solutions and organizational procedures that can be implemented in the event of an outage.

The key to any successful process is to ensure that an organization can respond to an outage of any duration and have the organizational procedures in place to ensure they can return to standard operations once the system is operational with minimal disruption.

Our recommendations will continue to be refined as new capabilities are added to the platform and we’ll be able to share those with you in coming months.

Current Procedure Consideration

Each organization will want to shape their procedures to fit their needs. The following are some guidelines and things to consider.

Backup Reports

It’s recommended that customers regularly run and backup reports that contain the information needed to continue their operations.

The following are good examples of reports that should be regularly run and stored to ensure that the following key data can be captured. Necessary reports will vary based on organizational needs.

Suggested Reports

  • Operations

    • Employee Schedules (Master/Current Week)

    • Scheduling Activity

    • TeamTime Hours Review

    • Job Post (Hourly/Safety Checks/Cold Starts)

    • Work Tickets

    • Job File>TeamTime Report>Show Absenteeism Schedules>Show Caller ID #’s

  • Payroll

    • Employee Master

    • Timekeeping

    • Rates by Job

    • NACHA File (should be saved each PR cycle by client, locally)

    • Hours CategoryOther

    • Payroll Check History

  • Billing

    • Bill Codes by Job

    • Customer Master file

    • AR Aging

    • Job Master File

    • Report from Update Recurring Invoices Screen

Key Data

  • Employee Data
    It’s important to make sure that all relevant employee data is captured and accessible. Some key data could be the following: Contact Info, Emergency Contact, Schedule or Direct Deposit Information.

  • Timekeeping & Payroll
    Backing up timekeeping data improves the ability to pay employees accurately in the event of an extended outage. Additionally, backing up payroll data such as NACHA files ensures that they can be quickly accessed if used as the basis for future payroll files.

  • Customer & Job Information
    It is important to be able to easily access Customer and Job Contact Information in the event that customers need to be informed of or are impacted by the outage. Additionally, it’s important to have the schedules associated with the jobs to ensure that jobs are appropriately staffed.

Consider using Query Scheduler to automate the capture of this data.

Deploy Alternative Procedure

Communication Procedure
In the event of an outage, customers will likely want to communicate any changes to standard operations to all impacted employees and customers. One example is leveraging a mass messaging platform to reach all impacted individuals quickly.

Additionally, some customers may want to set up a call center to support the need to confirm schedules, manage cold starts, and conduct Safety and Periodic checks.

Timekeeping Procedure Changes
Additionally, customers may want to implement alternative procedures for collecting timekeeping information at impacted jobs. These can be paper timesheets stored on-site or even alternative electronic capture methods, such as text messages or online spreadsheets, such as a Google Sheet, which provide an audit trail that tracks specific updates so you can see who updated the document, and when.

Hire and Termination Procedure Changes
Customers will want to track all workforce changes that have occurred through some type of document, for example, a spreadsheet. It’s important to know which employees have terminated to ensure they’re not unintentionally paid for hours they did not work.

Next Steps
The processes above help support organizations while experiencing an outage, but several of these still involve manual steps. Our Product and Development teams are exploring options to automate some of these processes and provide even more efficient ways to continue with minimal disruption in the event of an outage.

Find the TEAM Software solution for you!