Security

Security and confidentiality are two extremely important considerations for CGI Payroll Services Centre Inc (hereinafter named “PSC”). This will become more obvious to you as you take the time to read this section carefully. It deals with all matters directly or indirectly related to security.

First, PSC subscribes to the strictest security standards, as demonstrated by its choice of the 128-bit encryption system, the highest level currently commercially available in North America. With this system, it is practically impossible to decode the data you exchange with us, the confidentiality of your transactions is thus ensured.

For your part, you can take certain measures to increase security even more. To start with, you have to choose a password known only to you, and enter it each time you want to log on to do one or more transactions. We strongly recommend that you change your password at least once a month to minimize any chance of it being discovered. All you need to know to manage your password securely is explained in the section entitled “How to manage your password” (See below).

Your share of the responsibility

Our security standards are very high. However, the Internet itself and the computer software you use may also have an impact on the security of your transactions. That is why you should take the necessary measures to maintain a high level of security when you do your payroll transactions with the Nethris Internet Suite.

For example, it is in your interest to become familiar with your Internet browser and identify the security level it offers you. Also pay attention to the messages which your software and computer may give you when you surf the Internet.

Client responsibility regarding payroll information

The Client accepts full and entire responsibility for the security, validation and accuracy of the Data and instructions established to this effect in compliance with Client programs and procedures, or with programs from third party suppliers, if need be. Furthermore, the Client is responsible to make sure that the Data transferred to PSC is in a proper state for computer processing and that this Data complies with manufacturer specifications and is compatible with the equipment used to process this Data; the Client accepts to implement all control and recovery measures deemed reasonable and appropriate for the Client’s use of the Services.

How to manage your password

The password is your simplest and most effective way to control access to your confidential information. Managing your password well maximizes your security. Here are the main areas you must pay attention to in managing your password:

Password format

Your password must be made up of a minimum of 8 and a maximum of 15 alphanumeric characters of your choice and must contain at least 2 digits and 2 letters. The new password cannot repeat any of your previous 5 passwords.

Password security

Avoid choosing a password based on personal information (name, surname, names of your spouse or children, date of birth, social insurance number, telephone number, a word in the dictionary, a word in the dictionary spelled backwards, name of a sports team, registration number, etc.). Although easier to memorize, such a password is more likely to be discovered by hackers.

Here are a few more pointers to ensure that your password gives your transactions maximum security:

  • Never divulge your password to anyone;
  • Change your password regularly (at least once a month) to make it less likely for it to be discovered. If you suspect that your password has been discovered, select a new one immediately;
  • Use a different password for each of your applications;
  • Don’t use the same password as the one that gives you access to your computer at work;
  • Don’t use your PIN (personal identification number) as your password;
  • If you write it down, hide it;
  • We strongly recommend that you DO NOT WRITE YOUR PASSWORD DOWN. If you absolutely have to do so, do it in such a way that only you will be able to recognize it, and keep it in a safe place. Do not save your password on your computer. Passwords should never be saved on your computer;
  • Do not program any function keys to automatically initiate a session.
  • Keep in mind that your password is like the key to your house: you must take all the necessary precautions to prevent it from falling into someone else’s hands.

Changing your password

For added security, we suggest that you change your password at least once a month to make unauthorized access more difficult. To change your password, click on the SELF-SERVICE Tab, select My user profile from the navigation bar and click on Change my password in the left menu.

In case you forget!

If you really cannot remember your password, please contact your enterprise’s Nethris Internet Suite administrator.

Some additional precautions

  • Erase the cache memory of your browser. The cache memory is used to locally store Internet pages consulted, which improves the performance of your browser when you revisit the sites.
  • Never open an executable file received by e-mail unless you trust the source and are sure that the sender has an updated antivirus program.
  • Install recognized antivirus software and update it. If you use Microsoft Word and Excel 97, activate Macro virus protection.
  • If you use Microsoft Word and Excel 2000, set the security level to average or higher. This measure will notify you by a dialogue box of any unsigned macros and will let you disable them.
  • If a Word document received by e-mail seems suspect, it is preferable to open it with WordPad rather than with Word, because WordPad does not recognize and will not open macros.
  • Do not remain connected to the Internet unnecessarily.
  • Make sure that your personal firewall and your antivirus software are active before you access the Internet.
  • Regularly make backups of your important files.
  • Never leave your computer unattended, especially if it is not protected by a screensaver.
  • Don’t download or install freeware, shareware or demo software for which you do not know the source.
  • Always sign out and close your browser to erase any session information in your computer’s cache.