employeeconnect.com employeeconnect.com
employeeconnect.com employeeconnect.com
 
Sign In
Request Demo

Our Story

Table of Contents

Who We Are: An Australian Success Story

In the world of HR software, we’ve always been one of the leading industry providers of innovative solutions. We’ve relentlessly pushed the boundaries of HR technology for close to two decades, creating a proud and passionate Australian business born from the need to answer questions that nobody else has asked.

Our journey has always been shaped by our history. Since 1996, we’ve grown from an Australian startup into a company that services over 90,000 users across four continents, and we’re proud of how far we’ve come.

It All Started with a Problem

Inspired by a 1996 paper on the impact of workflow on HRMS, our founders, Craig Macdonald and Ron Schroeder, identified a massive gap in the Australian market. At the time, many payroll engines simply didn’t take advantage of emerging internet technology. This meant web-based solutions for work flowing employee-facing transactions didn’t exist. Everything was paper or email-based.

With a determination to do better, the pair saw an opportunity and bootstrapped a development platform to build and control workflow. As a result, the V1 EC workflow engine and Employee Self Service platforms were created as an extension of traditional payroll systems. Immediately popular, these engines became resellers – highlighting the value that the new EmployeeConnect business could offer the Australian business community.

“An unconventional philosophy is something we’re deeply proud of. We’re not afraid to go against the grain; our goal is to build a company that fundamentally changes the way that people interact with software.”

Craig Macdonald, Founder Tweet

Develop. Diversify. Disrupt.

From this point, our business has stood strongly and determined in the face of the ever-changing world of technology. We quickly realised that our HR development platform was in fact the real driver for bespoke, workflow-driven intranets. This allowed us to extend beyond payroll and into the full spectrum of HR transactions, resulting in the first version of our HR software.

As a genuine and proud member of the APAC community, we have embraced these changes to develop an extensive product suite for our current clients and partners. We are committed to solving business issues in an interactive, innovative, and smart way. At our core, what we do is not a job. It’s our fire and it keeps us moving forward.

Solving Your Unsolvable

At EmployeeConnect, we believe in a different way of working. It’s an unconventional philosophy that sets us apart and fuels our obsession with customer success. While many providers offer a one-size-fits-all solution, we provide a boutique service built on empathy and transparency.

We engage with your unique business issues, goals, and objectives, using our empathy to design forward-thinking processes that truly fit your needs. With few closed doors and a culture of radical transparency, we aim to ensure that you are included and involved in every major decision. This approach is what allows us to celebrate our clients’ successes and is the hallmark of a healthy partnership. It’s why our average client tenure is more than seven years.

Why Choose EmployeeConnect?

We are a Genuine Australian Story: A proud member of the APAC community with a decades-long history of solving real-world business problems.

We Put Customers First: We are obsessed with customer success and thrive on the “Can you…?” questions that have shaped our platform.

A Truly All-in-One Solution: We are a leading workflow-driven HRIS that seamlessly integrates all your payroll, recruitment, and HR functions.

We are Future-Proof: Our mission is to be the best-of-breed HRIS in the world, constantly improving our toolbox of solutions so you never have to settle for less.

How We Deliver:

At EmployeeConnect, we’ve designed our entire product suite to make your journey to cloud HR as smooth and painless as possible. We know that a successful implementation is the key to unlocking the full value of your new HR system. That’s why we partner you with a dedicated consultant committed to translating your objectives into a seamless and simple roll-out.

A Tailored Approach for Every Business

We understand that one size doesn’t fit all. We offer a tailored implementation approach to match your business needs, no matter the size or complexity.

For Our Core Solutions

We’ve developed a streamlined, simple roll-out plan that gets you up and running with your HR system in a matter of days. Your consultant will be on hand for initial configuration and to assist with data uploads.

For Pro & Enterprise Solutions

We use a robust, well-documented methodology built on PRINCE2 project management principles. This approach is designed around your specific project requirements, providing improved guidance and management every step of the way.

The Process...

Your Roadmap to a Successful Go-Live

We turn a complex process into a clear, predictable journey. Here are the key phases of our implementation roadmap:

  • Scoping Your Success: We begin with an in-depth requirements session where we agree on the forms, reports, and workflows to be deployed. This is all documented in a detailed Statement of Work with clear timeframes.

  • Planning the Project: We collaborate with you to build a comprehensive project plan, jointly identifying the sequence of modules, key events, and required resources and timeframes.

  • Building Your Solution: Our team builds your HR solution based on the signed Statement of Work. During this phase, we identify any infrastructure requirements and assign responsibilities to ensure a smooth launch.

  • Administrator Training: We provide comprehensive training to your administrators, ensuring they are fully equipped to manage the system.

  • Rigorous Testing: This phase includes functional and user acceptance testing based on the detailed Statement of Work, giving you peace of mind that your system works as expected.

  • Go-Live: The system is made available to your entire team for login and use. We ensure the transition is seamless and your team is ready to go.

  • Post-Launch Review: After go-live, we conduct a final review to ensure the product has delivered the benefits identified in your business case and to agree on any required follow-up actions.

Committed to Your Long-Term Success

Our commitment doesn’t end when you go live. The post-implementation review ensures we’ve delivered on our promise and that you’re getting real value from your investment.

To learn more about how we can make your implementation a success, feel free to get in touch with our friendly team.

Why You Can Trust Us:

Security is Our Commitment: ISO 27001 Accredited

At EmployeeConnect, we understand that trust is built on security. That’s why we’re proud to be ISO 27001 accredited, the highest global standard for information security management. This certification is our promise to you that your data is protected by industry-leading practices, giving you peace of mind to focus on your people.

Our Key Security Pillars

We protect your data across every layer of our platform, from our physical infrastructure to our user access controls.

Data Centre & Physical Security

We leverage Microsoft Azure’s world-class data centres, which are designed for maximum resilience and security.

  • Global Infrastructure: Your data is hosted in strategically located Azure data centres with geographical redundancy.

  • Physical Protection: Each location is secured with multi-layered physical defences, including perimeter fencing, security guards, biometric access controls, and video surveillance.

  • Environmental Resilience: The data centres are built to be resilient against environmental threats, with fire suppression, advanced cooling, and redundant power supplies.

Data Protection & Privacy

We protect your data throughout its lifecycle with rigorous controls and a commitment to privacy.

  • Encryption Protocols: All data is encrypted, both in transit (using TLS encryption) and at rest (using industry-leading encryption standards).

  • Role-Based Access (RBAC): We apply the principle of “least privilege” to ensure employees only have the minimum access necessary to perform their jobs.

  • GDPR & Compliance: We are fully compliant with GDPR and other relevant privacy regulations, ensuring your data is handled lawfully and transparently.

Proactive Threat Management

We continuously monitor our systems to identify and neutralise threats before they can impact your business.

  • Intrusion Detection: Advanced intrusion detection and prevention systems are in place to monitor all network traffic and identify suspicious activity in real-time.

  • Incident Response: We have a dedicated incident response team that follows a structured plan to contain, eradicate, and recover from security incidents promptly.

  • Continuous Monitoring: We continuously track our security performance against established metrics to ensure our controls remain effective against new and emerging threats.

Compliance & Trust

Our commitment to security is independently verified through rigorous audits and certifications.

ISO 27001 Certified

Our entire Information Security Management System (ISMS) is certified by an independent third party, providing you with verifiable assurance of our security posture

Third-Party Audits

We and our partners at Azure undergo regular third-party audits (e.g., SOC 1/2/3) to verify compliance with global standards.

Internal Audits

We conduct our own regular internal audits to ensure we consistently adhere to our security policies and controls.

How we keep your data safe:

1.1 Information Security Management System (ISMS)

Our ISMS is the cornerstone of our security strategy, based on the ISO 27001 standard. It provides a structured approach to managing information security risks and ensures continuous improvement in our security practices.

  • Leadership and Commitment:
    • Our senior management is fully committed to the ISMS, ensuring that adequate resources are allocated for its implementation and maintenance. Regular management reviews are conducted to assess its effectiveness and alignment with business objectives.
  • Scope of ISMS:
    • The scope of our ISMS covers all information assets, including data, people, processes, and technology, across all locations and departments.

1.2 Risk Assessment and Treatment

  • Risk Identification:
    • We conduct comprehensive risk assessments to identify potential threats and vulnerabilities to our information assets. This includes identifying both external and internal risks that could impact the confidentiality, integrity, and availability of data.
  • Risk Evaluation:
    • Risks are evaluated based on their likelihood and potential impact. We use a risk matrix to prioritise risks, ensuring that the most significant threats are addressed promptly.
  • Risk Treatment Plan:
    • For each identified risk, we develop a treatment plan that includes implementing appropriate controls, accepting the risk, transferring it, or mitigating it through alternative measures.
  • Residual Risk Management:
    • After implementing controls, residual risks are reassessed to ensure they fall within acceptable levels. Ongoing monitoring and review processes ensure that risk management remains effective over time.

2.1 Physical Security

  • Data Centre Locations:
    • Azure data centres are strategically located worldwide, offering geographical redundancy. Each location is equipped with state-of-the-art physical security measures, including perimeter fencing, security guards, biometric access controls, and video surveillance.
  •  Environmental Controls:
    • The data centres are designed to be resilient against environmental threats. This includes fire suppression systems, advanced cooling systems, and redundant power supplies to ensure continuous operation even during extreme conditions.

2.2 Network and System Security

  • Network Segmentation:
    • Azure employs network segmentation to isolate critical systems and limit the spread of potential attacks. This ensures that even if one segment is compromised, others remain secure.
  • Intrusion Detection and Prevention:
    • Continuous monitoring and advanced intrusion detection systems are in place to identify and prevent unauthorised access. Any suspicious activity is flagged and responded to in real-time.
  • Encryption Protocols:
    • All data stored within Azure is encrypted using industry-leading encryption standards. Data in transit is secured using TLS encryption to prevent interception and unauthorised access.

2.3 Compliance and Auditing

  •  Third-Party Audits:
    • Azure undergoes regular third-party audits to verify compliance with global standards such as ISO 27001, SOC 1/2/3, and GDPR. These audits provide independent assurance of Azure’s security posture.
  • Internal Audits:
    • We conduct regular internal audits to ensure our own adherence to security policies and controls. Any non-conformities are addressed promptly through corrective actions.

3.2 User Management

  • Onboarding and Offboarding Processes:
    • Access controls are tightly integrated with our HR processes. New employees are granted access based on their roles, and all access is immediately revoked upon termination or role change.
  • Monitoring and Logging:
    • All access to sensitive data and systems is logged and monitored. Logs are regularly reviewed for suspicious activity, and alerts are generated for any unauthorised access attempts.

4.1 Asset Inventory

  • Comprehensive Asset List:
    • We maintain a detailed inventory of all information assets, including hardware, software, data, and personnel. Each asset is classified based on its sensitivity and criticality to business operations.
  • Ownership and Responsibility:
    • Each asset is assigned an owner responsible for its security. Asset owners are accountable for implementing and maintaining appropriate security controls.

4.2 Asset Classification and Handling

  • Data Classification Policy:
    • Data is classified into categories such as public, internal, confidential, and restricted. Each classification level has specific handling requirements to ensure that data is appropriately protected.
  • Data Lifecycle Management:
    • We have established processes for data creation, storage, use, sharing, and destruction. These processes ensure that data is managed securely throughout its lifecycle.

5.1 Incident Response Plan

  • Incident Detection:
    • We utilise advanced monitoring tools to detect potential security incidents in real-time. These tools are configured to alert our security team immediately upon detection of any suspicious activity.
  • Incident Reporting:
    • Employees are trained to recognise and report security incidents promptly. A formal reporting mechanism is in place to ensure that incidents are documented and escalated as necessary.

5.2 Incident Handling and Resolution 

  • Incident Response Team:
    • Our dedicated incident response team is responsible for managing and resolving security incidents. The team follows a structured process to contain, eradicate, and recover from incidents.
  • Post-Incident Review:
    • After an incident is resolved, a thorough post-incident review is conducted to identify root causes and lessons learned. This information is used to improve our security posture and prevent future incidents.

6.1 Regulatory Compliance

  • GDPR Compliance:
    • We are fully compliant with GDPR, ensuring that personal data is processed lawfully, fairly, and transparently. We have implemented processes to uphold data subject rights and to manage data breaches in accordance with regulatory requirements.
  • Industry-Specific Regulations:
    • In addition to GDPR, we comply with other relevant industry regulations, such as HIPAA for healthcare data and PCI-DSS for payment card data. Compliance is achieved through rigorous internal controls and regular audits.

6.2 Internal Compliance Audits

  • Audit Programme:
    • We have established an internal audit programme to regularly assess our compliance with the ISO 27001 standard and other relevant regulations. The audit programme includes both scheduled and ad-hoc audits to ensure continuous compliance.
  • Corrective Actions:
    • Any non-compliance identified during audits is addressed through a structured corrective action process. This includes identifying the root cause, implementing corrective measures, and verifying their effectiveness.

7.1 Monitoring and Review

  • Security Performance Monitoring:
    • We continuously monitor our security performance against established metrics and key performance indicators (KPIs). This includes tracking the effectiveness of security controls and the frequency of security incidents.
  • Management Reviews:
    • Regular management reviews are conducted to assess the overall performance of the ISMS. These reviews consider audit results, incident reports, and the effectiveness of risk treatment plans.

7.2 Security Awareness and Training

  • Employee Training:
    • All employees undergo mandatory security training upon joining the company, with regular refresher courses provided. Training covers topics such as phishing awareness, secure data handling, and incident reporting.
  • Security Culture:
    • We foster a culture of security awareness throughout the organisation. Employees are encouraged to take an active role in protecting company assets and to report any security concerns.

We Are Committed to Continuous Improvement

Cyber threats are constantly evolving, and so are our defences. We maintain a robust security culture through ongoing employee training, regular security reviews, and a commitment to continuous improvement.

Should you have any questions or require more information about our security practices, please contact us. We’re ready to answer your questions and help you feel confident about partnering with us.

How We Partner for Your Success: A Proactive Approach

Many providers measure success with simple usage data, but we go beyond that. Our approach is about customer insight and a human feedback loop. We want to be a proactive partner, not just a third-party provider you occasionally hear from.

We measure success by understanding the ‘why’ and ‘how’ behind every interaction. This allows us to:

  • Actively Eliminate Friction: We analyse all possible client interactions to make your experience as seamless as possible, proactively addressing issues before they become problems.
  • Human-Centric Feedback: We go beyond simple usage data to get real-time feedback and comments, which is a major point of difference that helps us continually stay ahead of the competition.

Customer-Driven Product Development

We firmly believe that customer feedback and analysis should drive product development. The data we gather from our clients directly supports customer-driven development, ensuring you are always using software that adds value to your operations.

Our development team follows the three I’s: Iterate, Improve, and Innovate. This means our product roadmap is a living document that can be changed and taken in a different direction based on your feedback, helping your business reach its goals—no matter the size or shape.

Resources to Drive Your Success

Your success depends on having the right knowledge at your fingertips. Our comprehensive resources are well-known in the industry and are designed to empower you and your team.

  • Knowledge Base: Our extensive knowledge base is filled with detailed how-to videos and guides. This content is continually growing with every customer interaction, providing the building blocks for further success.
  • Frequently Asked Questions: You can get answers to your most common questions immediately through our robust FAQ lists.

Ready to start your HR transformation Journey?

Book a free, no-obligation demo to see how EmployeeConnect can help you build a culture of high engagement and success.

Discover EmployeeConnect