Compliance & Security

Our focus is on compliance, so you can grow globally with complete confidence.



Wolke maintains a formal and comprehensive security program to protect customer data, to detect security threats or data breaches, and to prevent unauthorized access.  The following compliance resources can assist your compliance and legal teams in understanding and validating compliance requirements for your organization.

Architectural Security

Processing Relationship

Our customers serve as the data controller while One people is the data processor. You have full control over the data entered into services, as well as the setup and configuration. We only process your data, so you won’t have to rely on us for day-to-day tasks such as:

  • Managing security authorizations and roles
  • Developing new forms and reports
  • Setting up business process flows, alerts, rules, and more
  • Making changes to the organizational structure
  • Tracking all business transactions
  • Analyzing all historical data and changes in configuration

Data Encryption

Every attribute of customer data is encrypted before it is stored in a database.  The Advanced Encryption Standard (AES) algorithm is used with a key size of 256 bits and a unique encryption key for each customer.

Additionally to providing a layer of protection for networks against passive eavesdropping, active tampering, and message forgery, Transport Layer Security (TLS) also protects user access to the internet. Integrations of files can be encrypted using PGP or a public/private key pair generated by One people, using a certificate generated by the customer.

Physical & Network Security

Physical Security

One people is hosted in the Microsoft Azure Data Center. Microsoft takes a layered approach to physical security, to reduce the risk of unauthorized users gaining physical access to data and the datacenter resources. Datacenters managed by Microsoft have extensive layers of protection: access approval at the facility’s perimeter, at the building’s perimeter, inside the building, and on the datacenter floor.

We analyze all internet-facing assets, including firewalls, routers, and web servers for weaknesses that may allow unauthorized access. Additionally, an authenticated internal vulnerability network and system assessment is performed to identify possible weaknesses and inconsistencies with general system security policies.

The network intrusion prevention systems (IPSs) monitor critical network segments for atypical traffic patterns in the customer environment, as well as traffic between tiers and services.

Application Security

Software Development Cycle

To help ensure the security of One people and its addons, Wolke has implemented a Secure Software Development Life Cycle (SDLC)

Vulnerability Assessments

Third-party expert firms provide Wolke with independent network, system, and application vulnerability assessments.

Prior to every major release, our web and mobile applications are analyzed for application-level security vulnerabilities by third parties. As part of our testing procedures, we identify standard and advanced web application security vulnerabilities, including, but not limited to:

  • AJAX security weaknesses
  • CSRF (cross-site request forgery)
  • Poor input handling (such as cross-site scripting, SQL injection, XML injection, and cross-site flashing)
  • XML and SOAP attacks
  • Poor session management
  • Inconsistent data model constraints and insufficient data validation
  • Insufficient authentication or authorization
  • HTTP response splitting
  • Misuse of SSL/TLS
  • Use of unsafe HTTP methods
  • Misuse of cryptography

Frequently Asked Questions

Check out the questions and answers below for more information about One people

What is One people?

We put employees first with a cloud-based suite of HR & Payroll solutions called One People. We provide you with a powerful HR information system, Payroll, as well as tools for onboarding, learning, performance management, and people analytics.

One people consists of what modules?

  • People Management
  • Payroll
  • Employee Experience
  • Expense Claim
  • Performance Management
  • Time Attendance

Is it possible for One people to integrate with third-party applications?

Here are the usual integration methods used to connect One people with third-party applications.

  1. API
  2. File Exchange (CSV files, Excel files, and everything else..)
  3. Web Services

For how many employees does the minimum requirement apply?

The minimum number of employees for all of our subscription options is five. It is possible to use the One people platform with fewer employees than this, but you will still be charged for a minimum of 5 employees for each of the products and services that you use.

How frequently am I billed by One people?

We bill annual contract on the day of signing, and monthly contracts on the 1st of every month. If you sign up during the month, your first month's bill will be prorated.

How does One people accept payments?

One people also accepts all major credit and debit cards as well as electronic bank transfers via ACH.

How does One people handle cancellations and refunds?

If you decide to cancel your One people account, you can do so at any time. Should you choose to cancel, please understand that prorated refunds are not available. During the current monthly billing period, your account will remain active without further charges.

Approximately how long does it take to set up One people?

You can expect to spend between one & four weeks depending on the size of your organization.

Where is my data stored? What level of security does One people offer?

Microsoft Azure West Europe data center in the Netherlands hosts One People customer data. Sensitive fields are encrypted in transit, and the data center uses advanced encryption techniques at rest. Furthermore, the data center located in Netherlands meets the data requirements of the European Union, the European Economic Area, Switzerland, and the United Kingdom.

Among the measures we take to prevent data leaks and unauthorized access are:

  • Data security with multiple levels of defense
  • Regular vulnerability scanning
  • Web application firewall
  • SOC II audits by third parties
  • Penetration tests annually