Home » Security

Pronto Software Security Assurance and Compliance Framework

Pronto Software takes very seriously the management of risk and the provision of security for our customers, Pronto Software strives to ensure that security is maintained at a high standard and as a key focus for our organisation. Pronto Software is certified for many security and compliance standards through certified, independent and external organisations.

Pronto Compliance Framework Diagram

Information Security

Pronto Software is an ISO/IEC 27001 certified organisation. ISO/IEC 27001 is an international standard that requires organisations to establish, implement, maintain, and continually improve an information security management system (ISMS). Pronto Software is certified for ISO/IEC 27001 because it provides a framework for managing the security of its ISMS. Pronto Software utilises the ISO/IEC 27001 standard for Governance, Risk, Security and Compliance for the protection of Pronto Software’s customers systems and customers data.
A number of government agencies, customers and other third-parties require Pronto Software to be certified with ISO/IEC 27001 for engaging with them.
Pronto Software requires some of its key third parties to be ISO/IEC 27001 certified. You can view the certificate here.

ASAE 3402

Pronto Software through Pronto Cloud has completed Type I and Type II reports for ASAE 3402. The ASAE 3402 reports provide customers with independent, objective, and authoritative reviews that Pronto Cloud, as a service organisation are providing appropriate and reliable controls that a customer is using for their own financial reporting needs. Further information on Pronto Cloud’s ASAE 3402 attestation is available from the Pronto Cloud website. Pronto Cloud Pty Ltd (est. 2002) is a cloud solution provider with the primary focus of delivering infrastructure and platform as a service to the market for the Pronto Software Pronto Xi product. Pronto Cloud is a 100% owned subsidiary of Pronto Software Limited.

PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) is a security and compliance standard for the protection of cardholder data. The PCI DSS security standards are designed that where organisations accept, process, store or transmit credit card information, that information is maintained in secure environments. Pronto Woven is PCI DSS certified. Pronto Woven is the award-winning digital consultancy division of Pronto Software.

ATO Operational Framework

In conjunction with the implementation of Single Touch Payroll (STP), the Australian Taxation Office (ATO) created the Operational Security Framework (OSF). Due to our connection to the ATO with STP reporting, Pronto Software is required to adhere to the OSF. The OSF seeks to protect Payroll and Superannuation related data and the integrity of the Taxation and Superannuation systems that support the Australian community. This is achieved by setting out a minimum level of security requirements that software providers must meet in order to access ATO Digital Services. The OSF has been established to respond to business risks and security threats presented by digital services’ continual expansion and growth across the ecosystem.

The ATO OSF seeks to protect the privacy data that forms part of STP processes through prescribed security measures, protect against the risks associated with third-party solution providers, suppliers, and vendors, protect against the risks associated personnel security and have defined incident management processes in place for cyber security breaches.

What does this mean for Pronto Xi payroll customers?

  • MFA and other security measures must be enabled in Pronto Software hosted payroll customer sites

  • Secure access control mechanisms.

  • Commitment to measures protecting privacy data for Confidentiality, Integrity and Availability.

  • Inform the ATO of cyber security breaches

  • Third party connections to Pronto Xi ERP Payroll software must be secure

Breaches in these areas can result in the ATO withdrawing confidence in processing STP information, resulting in the prevention of Payroll data processing. This is an outcome Pronto Software, and its customers takes very seriously and wish to prevent.

Pronto Software continues to meet all the requirements of the Operational Security Framework and have been provided with a Confirmation letter. Annually, Pronto Software perform a security evaluation process for the ATO through the OSF. You can view the ATO confirmation letter here

Privacy Statement

Pronto Software’s Privacy Statement explains its handling of personal information.