Software Security Standards Update
Article ID
12232
Article Name
Software Security Standards Update
Created Date
21st April 2021
Product
IRIS PAYE-Master, Earnie, IRIS Payroll Basics, IRIS Payroll Business, IRIS Earnie IQ, IRIS GP Payroll, IRIS Bureau Payroll
Problem
Keeping your data safe is of paramount importance to IRIS. We are always looking for ways to make our technology more secure, whilst delivering reliable and compliant solutions.
In the interest of maintaining a high level of data security, IRIS has recently announced a new security standard for all our products. The security standard is aimed at ensuring we consistently deliver safe and trustworthy products and services.
A requirement of the policy is that we disable the use of Transport Layer Security (TLS) 1.0 and 1.1, in line with industry standards.
Resolution
What is Transport Layer Security (TLS)?
TLS is a protocol that provides end-to-end communications security over networks and is widely used for internet communications and online transactions. It is intended to prevent eavesdropping, tampering and message forgery.
TLS has been developed over the past 20 years, improving security and fixing any vulnerabilities identified. Versions 1.2 and 1.3 are now the only versions to be considered secure and to be supported by Microsoft.
What does this mean to me?
Outdated TLS versions are currently available for use with a range of IRIS cloud applications and their associated links to your payroll software.
We are taking measures to comply with our updated security standards. Following the recent legislation release(March 21), we have enabled the removal of transport layer security (TLS) 1 and 1.1 for links with the below cloud applications.
If you use any of these applications, you must check that your operating software is compliant with TLS 1.2 or above
Products with TLS 1 & 1.1 disabled
- My ePay Window
- Kashflow accounts
Products due to have TLS 1 & 1.1 disabled
- OpenPayslips
- OpenEnrol
- OpenSpace
This will be removed on 10th May 2021, so you must act now
Other applications/services planned for TLS 1 & 1.1 removal
- Real Time information (RTI)
- NEST
- Scottish Widows
Timeframes not yet known.
How does my operating software impact compatibility with TLS 1.2 or above?
| Operating System | TLS 1.2 Compatability | Software Update | Action |
|---|---|---|---|
| Windows 8 or above | Compatible | Install November Update | 1. Update payroll software |
| Windows 7 | Compatible with action | Install November Update | 1. Confirm TLS 1.2 enabled 2. Update payroll software |
| Windows Vista Windows XP Windows Server 2003 | Not Compatible | Install November software update | 1. Upgrade operating system 2. Update payroll software |
How do I enable TLS 1.2 if I operate on Windows 7?
Details of how to do this for Windows 7 can be found here
What can I do if I don’t have a compatible operating system?
For customers who currently use an unsupported operating system, we strongly advise that you upgrade to a more recent version. This will ensure that you can comply with the security standards of modern-day software and continue to use our payroll software with supporting services.
There are 2 options available to you:
- Upgrade your operating system to a more recent version of Windows
- Sign up to a hosted desktop service, operating a more up to-date operating system
For details of our hosted offering, you can visit our website here
Why have we chosen to do this?
TLS 1 and 1.1 no longer meet modern day security standards, leaving users exposed to vulnerabilities.
Further to this, Microsoft no longer support XP, Vista, or Windows 7 and therefore security updates are no longer built with these operating systems in mind. This change is not specific to IRIS, with cloud software of all varieties taking these steps.
As communicated previously, IRIS no longer supports these operating systems and therefore does not test system updates for compatibility with them. It is strongly advised that customers find an alternative solution to avoid risking loss of service.
When will this happen?
TLS 1 and 1.1 will be removed from the stated applications with upcoming system updates, therefore you must act now if you are affected.
Please note: All customers must install the payroll software update to allow for the links with the stated applications to be used.
Getting in Touch
Should you have any questions, please get in touch with our support team for guidance relating to any of the above updates.
We apologise for any inconvenience this change causes; however, we are confident that it is in the wider interest of safety and security.
If you have any feedback, please don’t hesitate to contact us at hcmproduct@iris.co.uk
We are sorry you did not find this KB article helpful. Please use the box below to let us know how we can improve it.
