Workday Software Review

Workday Cloud and Software Pricing

Cloud Delivery and Service Level Agreement

As you might expect from a cloud-based enterprise software vendor delivering mission critical systems, Workday maintains some of the highest information security standards in the industry including ISO 27001, SSAE 16 (previously SAS70 Type II) and Safe Harbor for European compliance. Workday uses multiple colocation data centers in the U.S. (east and west coasts) and Europe (the exact locations were not disclosed). The more detailed physical, network, application, and data security safeguards include:

• Physical Security includes colocation in Tier IV data centers with full backup facilities; controlled access with 24/7 monitoring and audit arrangements; and business continuity with disaster recovery and regular testing of procedures to ensure availability and resilience.
• Network-Level Security includes controlled logical access over secure connections including HTTPS, SSL (Secure Socket Layer) and/or Transport Layer Security (TLS); multiple layer perimeter-level defenses including network detection and intrusion prevention; and regular penetration testing to ensure third party network invulnerability.
• Application-Level Security such as authenticated user and web services requests; support for SAML single sign-on (SSO); delegated authentication controls; and granular customer-defined access control rights and permissions.
• Data Security includes access requests that are routed through application business logic (instead of direct database access); and AES 256-bit encryption (where permitted) for data in transit as well as data at rest.
• Comprehensive Audit Trails for user and web services authentication, authorization, and access; and audit trail reporting in support of governance and compliance.

As part of its business continuity and disaster recovery plan (which is tested approximately every six months), the company maintains a BC/DR simulated environment which replicates production environments. The recover plan is executed in the event of an unscheduled outage where the interruption is estimated to be greater than a predefined duration. Under these circumstances, effectively the MySQL database is replicated to the DR data center, likewise new OMS instances are started in the DR data center, and customers are redirected.

Workday’s cloud delivery comes with a service level agreement (SLA). The SLA includes a Recovery Time Objective of 12 hours (measured from the time that services become unavailable until access is restored) and a Recovery Point Objective of 1 hour (measured from the time that the first transaction is lost until the service became unavailable). The SLA also incorporates a minimum uptime guarantee tied to a financial or service credit for customers in the event minimum compliance falls short..

Workday Software Pricing

One respect in which Workday conforms to HR and payroll software vendor norms is the lack of transparency regarding pricing models, preferring to let their sales pros negotiate such details with prospective clients during the sales cycle. However, as a rough guide, software prices are based on a subscription model focused on metrics for the client’s overall business – total number of employees (or total revenue) and service areas – rather than strictly on a per user per month calculation. Being a SaaS payroll software solution, support, maintenance and updates are included within the subscription price.

Next: Workday Company Review >>