"The superior man, when resting in safety, does not forget that danger may come. When in a state of security he does not forget the possibility of ruin. When all is orderly, he does not forget that disorder may come. Thus his person is not endangered, and his States and all their clans are preserved."



Evolution has many different levels of security. These levels start from the inside of our server room and extend all the way out to the client's computers that access their payroll data remotely.

This article will cover up to four levels of Evolution's security.

• Physical



• Database



• Communications



• User

If you'd like to know more about any of these topics or a topic that is not covered here, please contact our IT department.

Our servers are completely isolated from the rest of our office. Walls extend all the way up to the ceiling of the actual surrounding structure; not just the drop ceiling. The room they're stored in is password protected and secured with a deadbolt. Only the President and the Network Administrator have the keys and credentials required to gain access to this room.

Inside the room, the servers are all secured to a large rack that has a locking door.

All databases are password protected and stored on servers with only one purpose in mind; provide Evolution's Application Servers a fast, robust means of retreiving the data it provides to our users. Our Database Servers do not provide any other services internally or externally and are unable to communicate with any nodes on the Internet.

Evolution was designed so that the client software never communicates directly with our Database Servers. Additionally, Evolution uses a custom SQL parser in order to limit access to protected information such as pay rates, salaries, clients, companies, etc.

Remote access to Evolution requires the use of a Thin Client application commonly referred to as the Evolution Remote Product. Information transmitted between the remote client and our servers uses a custom protocol based on a proprietary format over TCP/IP.

The transmissions are protected by a combination of SSL, which is used to create the encryption key dynamically (i.e. initiate the conversation, confirm the server's identity, etc.), and Blowfish, which is used to actually encrypt the transmission itself with a 128-bit key.

SSL is a popular cryptographic technology that most people are familiar with since it is commonly used to secure communications such as online banking when used in conjunction with HTTP (e.g. HTTPS).

Blowfish is a very well known algorithm implemented in a large number of products with no productive cryptoanalysis of it found to date.

This is the most transparent level of security to any Evolution user. It all starts with the ability to handcraft the amount of access any given user has. Evolution user accounts can be restricted in a number of ways such as:

• Disabled and/or hidden screens and menus



• Limited access to employee and payroll information based on the separation of companies, divisions, branches and departments.



• No access to pay rates and wages



• No access to a number of functions such as the ability to submit a payroll for processing

The next segment of user security occurs once an Evolution user account has been created, configured and the user is ready to log in. All Evolution user accounts must have a password. The password must be at least 8 characters long and include 3 of the 4 character elements below:

• Lowercase Letters - a, b, c...z



• Uppercase Letters - A, B, C,...z



• Numbers - 0, 1, 2...9



• Special Characters - ! @ # % ^ & * ( ) _ - = + { } [ ] \ | : ; " ' < , >

Please note that the $ (dollar sign) is NOT considered a special character

Any password chosen by a user is only known by them and stored in a special database with MD5 (a one way cryptographic hash function). Due to the MD5 encryption, nobody can retrieve your password, not even our Network Administrator. If a password is lost, it must be reset.

Passwords must be changed once every 60 days. The system will automatically inform you of when it is time to change your password.

Evolution does not allow passwords to be saved. They must be keyed in everytime you want to access the system. If you attempt to log in with an invalid password, the system will inform you that it is incorrect and start a tally of how many consecutive, invalid attempts are made. If three consecutive, invalid log in attempts are made, Evolution will consider that a brute force attack and automatically block that user account from accessing the system until someone from our office unblocks it.

Evolution was designed with security in mind since it's inception. From it's unique architecture to it's custom design, every step was taken to fortify itself as well as make it readily accessible to it's users. In conjunction with our network security we've gone to great lengths to ensure the security of your data and we will never stop persuing the most secure environment we can offer. We plan on consistently implementing new strategies and technology in order to keep your data safe no matter what challeneges we are faced with.