Technology Platform

Built for uptime, security, and scale

Workzoom is a unified, multi-tier cloud application built on proprietary Java technology, running on AWS infrastructure across Canada and the US. Each client gets their own isolated database schema. No shared data. No compromises.

Get a Walkthrough

Workzoom is a multi-tier, multi-threaded cloud-based HR and payroll platform written in Java, running on Tomcat web servers with MySQL and MongoDB storage. Hosted on Amazon Web Services (AWS) in Tier IV data centers across Canada and the US. Each client has their own isolated database schema and MongoDB document repository. SOC 1, SOC 2, SOC 3, ISO 27001, PIPEDA, PCI DSS Level 1, FedRAMP, HITRUST CSF certified infrastructure.

99.9%Guaranteed uptime
Tier IVAWS data centers
AES-256Encryption at rest
24/7Monitoring & alerts

Proprietary technology, proven at scale

Workzoom is a multi-tier, multi-threaded application built on our own proprietary technology platform. Written in Java, running on Tomcat web servers, with MySQL for persistent data and MongoDB for documents and media.

Isolated Schemas

Every client gets their own database schema and document repository. Your employee records, payroll data, and reports are never co-mingled with other organizations.

Intelligent Clustering

Auto-scaling, self-healing infrastructure across multiple availability zones. AWS Global Accelerators and Edge Computing route traffic to the nearest endpoint for minimal latency.

Performance Optimized

Refreshable memory and file caches deliver top performance. Application software and meta-data are shared resources, while all client data remains completely isolated.

Hosted on AWS, certified to the highest standards

Workzoom clients are hosted on Amazon Web Services in Tier IV data centers across Canada and the US. Fully guarded premises with physical access management, intrusion prevention, and detection systems.

CSA
SOC 1/2/3
ISO 9001
ISO 27001
ISO 27017
ISO 27018
PCI DSS Level 1
PIPEDA
FIPS
FedRAMP
NIST
HITRUST CSF

Private Data Cloud (optional)

For organizations requiring physical data isolation. Dedicated database instance with separate encryption keys, closed private network, VPN-only access, and VPC Peering for secure communication with application servers. 24/7 monitoring with real-time replication.

Backups you can actually trust

Real-time replication across availability zones at least 100 km apart. Daily encrypted backups stored off-site using immutable WORM storage. Weekly server images capture not just data, but entire configurations.

Real-Time Replication

Data replicated across availability zones with a minimum distance of 100 km to protect against environmental and infrastructure failures.

Immutable Backups (WORM)

Daily backups use Write Once Read Many storage with Object Locking. Once taken, backups cannot be modified by anyone. Data removal requires MFA and a mandatory waiting period.

Weekly Server Images

Complete server images captured weekly, ensuring both data and configurations can be restored to a known good state.

Rapid Recovery

In a single data center incident, automatic failover with zero application downtime. Worst case recovery: 5 minutes to 8 hours depending on restoration volume. Maximum data exposure: 24 hours.

Defense in depth, not security theater

Workzoom actively mitigates cyber security risks, including Advanced Persistent Threat attacks, through strict security practices at every layer.

Minimal Attack Surface

Servers reside in VPCs with security groups that close all external TCP and UDP ports beyond HTTPS. All inter-service communication stays within the secure VPC.

Least Privilege

Root access is disabled on all servers. Elevated privileges are strictly limited. All sudo-level commands are logged and monitored continuously.

Privilege Separation

Server hardening with SELinux enforces process isolation. Users and applications operate only in areas necessary to their function. Backup tools have read-only access to relevant databases only.

Vulnerability Management

Comprehensive program including vulnerability scanning, penetration testing, hardware/software/application firewalls, monitoring and logging, and malware protection.

Encryption at every layer

Passwords

Encrypted with PBKDF2WithHmacSHA1 using salted hashing and key stretching. Protection against dictionary, rainbow table, and brute force attacks.

Data in Transit

128-bit+ TLS 1.2 over TCP/IP with a 2048-bit certificate and strong cipher suites. Non-supported browser/OS combinations are refused at the connection level.

Data at Rest

Advanced Encryption Standard (AES-256) for all stored data. Private Data Cloud clients get separate encryption keys stored in a dedicated key management server.

Role-based security, down to the field level

Security is built into every job and position definition. Workzoom controls who can log in, what they can access, what tasks they can perform, and what data they can view, add, update, or remove.

  • Role-based access tied to job and position definitions
  • Field-level security exceptions when needed
  • Configurable password policies: attempts, duration, format, and reset
  • SAML 2.0 federated authentication with Azure AD, OneLogin, and Okta
  • SOX-compliant activity logging: user, process, timestamp, IP, and old/new values
  • Staff access requires VPN with TLS 1.2, AES-256, and MFA
  • All personnel sign NDA and undergo background checks prior to access

Zero-downtime releases, rapid incident response

System Maintenance

  • Weekly server restart, approximately 5 minutes
  • Bi-monthly releases deployed in background, activated after restart
  • Quarterly updates done off-hours with minimal downtime
  • Sandbox environments available for advance testing
  • OS and third-party patches tested internally before production
  • Clients can time upgrades to avoid critical operations like payroll runs

Incident Response

  • 24/7 monitoring at hardware, database, and application level
  • Security team and senior management notified immediately
  • Critical Incident Report initiated
  • Scope and severity assessment
  • Client communication
  • Containment and restoration
  • Post-incident review and root cause analysis
  • Individual data recovery plans if needed

Frequently asked questions

Where is Workzoom data hosted?
Workzoom is hosted on Amazon Web Services (AWS) in Tier IV data centers across Canada and the US. All data centers hold CSA, SOC 1/2/3, ISO 27001, PCI DSS Level 1, PIPEDA, FIPS, FedRAMP, NIST, and HITRUST CSF certifications.
Is my data isolated from other customers?
Yes. Every Workzoom client has their own dedicated database schema and MongoDB document repository. Your employee records, payroll data, and reports are never co-mingled with other organizations.
What encryption does Workzoom use?
All data at rest is encrypted with AES-256. Data in transit uses 128-bit+ TLS 1.2 with a 2048-bit certificate. Passwords are encrypted with PBKDF2WithHmacSHA1 using salted hashing and key stretching.
How are backups handled?
Daily encrypted backups are stored off-site at least 100 km from primary servers using immutable WORM storage with Object Locking. Backups cannot be modified by anyone, including Workzoom staff. Weekly server images capture complete configurations. Real-time replication runs across multiple availability zones.
Does Workzoom support single sign-on (SSO)?
Yes. Workzoom supports SAML 2.0 federated authentication and integrates with Azure AD, OneLogin, Okta, and other identity management services.
Can my organization run penetration tests?
Yes. With 14 days advance notice, a detailed testing plan, signed NDA, and sharing of results within 7 days of completion. Workzoom reserves the right to restrict testing timing and methodology.
What happens during a security incident?
Workzoom follows a 7-step incident response procedure: immediate notification of security team and management, Critical Incident Report, scope assessment, client communication, containment and restoration, post-incident review, and individual data recovery plans if needed.
How quickly are vulnerabilities resolved?
Workzoom uses CVSS v3.1 scoring. Critical vulnerabilities (9.0+): 4-hour response, resolved within 1 business day. High (7.0-8.9): 1-day response, resolved within 5 business days. Medium (4.0-6.9): 5-day response, resolved within 25 business days.
See It Live

Your data deserves enterprise-grade protection

Book a walkthrough and we'll show you exactly how your data is secured, isolated, and backed up.

No contracts
Implementation included
Month-to-month billing
Get a Walkthrough