Workday Hosting & Software Pricing
Cloud Hosting and Service Level Agreement
As you might expect from a vendor dedicated to cloud use, Workday maintains some of the highest security standards in the industry including ISO 27001, SSAE 16 (previously SAS70 Type II), and Safe Harbor for European compliance. Workday deploys multiple co-location data centers on the U.S. east and west coasts and in Europe (the exact locations were not disclosed). The more detailed physical, network, application, and data security measures include:
- Physical Security – a Tier IV data center with full backup facilities; greatly restricted access with 24/7 monitoring and audit arrangements; disaster recovery with regular testing of procedures to ensure integrity of client information.
- Communications and Network-Level Security – access permitted only over secure connections including SSL3 (Secure Socket Layer version 3) or Transport Layer Security (TLS); perimeter-level defense and network intrusion prevention; regular penetration testing to ensure third party network invulnerability.
- Application-Level Security – all user and web services requests are authenticated; support for SAML single sign-on (SSO); delegated authentication support; granular customer-defined access control rights and permissions.
- Data Security – access requests are routed through the business logic (no direct database access is allowed); unique AES 256-bit encryption is applied to all attribute values in the database and backups – this is the only hosted payroll/HR solution on the market supporting this approach.
- Comprehensive Auditing – user and web services authentication, authorization, and access are fully audited; a complete audit trail reporting in support of governance and compliance; non-destructive updates.
Furthermore, as part of its disaster recovery (DR) plan (which is tested every six months), Workday maintains a DR environment which constitutes an exact copy of the production environment. The DR plan is automatically executed in the event of an unscheduled outage where the interruption is estimated to be greater than a predefined duration. Under these circumstances, effectively the MySQL database is replicated to the DR data center, likewise new OMS instances are started in the DR data center, and customers are redirected.
Naturally, Workday’s hosting services come with a service level agreement (SLA). As well as including details of the above DR plan, the SLA includes a Recovery Time Objective of 12 hours (measured from the time that services become unavailable until access is restored) and a Recovery Point Objective of 1 hour (measured from the time that the first transaction is lost until the service became unavailable). The SLA also incorporates a minimum uptime guarantee tied to a financial or service credit for customers in the event that the standard is not met.
Workday Software Pricing
One respect in which Workday conforms to payroll/HR vendor norms is the lack of transparency regarding pricing models, preferring to let their sales professionals negotiate such details with prospective clients during the sales cycle. However, as a rough guide: prices are based on a subscription model focused on metrics for the client’s overall business – total number of employees (or total revenue) and service areas – rather than on a per user basis. Being a SaaS product, support, maintenance and updates are included within the subscription price.
Next - Workday Company Viability Review >>