Protecting Your Data

At J. J. Keller & Associates, Inc., the security of your safety and compliance data is a top priority. Our Information Security Management System (ISMS) is built on the ISO 27001:2013 and NIST Cybersecurity Frameworks, reflecting our commitment to industry best practices. We conduct ongoing employee training, annual penetration testing, and regular audits to maintain certifications including SOC 2 Type II, PCI DSS, and ISO 27001:2013. These measures ensure that your data is protected by a robust, continuously evolving security infrastructure.

Leave Manager collects only the data necessary to manage federal and state leave cases effectively and in compliance with applicable regulations. Required fields include Employee Name, Employee ID, Department, Work Location, Job Title, Hire Date, Job Status, Employment State, and detailed Leave Case Information. Additional data such as Employee Email, Address, Phone Number, and Social Security Number (SSN) may also be stored to support case documentation and communication. All data is handled securely and in accordance with privacy standards, ensuring HR teams have the information they need while maintaining compliance and confidentiality.

Leave Manager data is housed in a secure, state-of-the-art hosting facility that is SSAE 16 certified. Servers are monitored 24/7 for technical issues, intrusion attempts, and availability. Access to data is strictly limited to a small group of authorized J. J. Keller personnel. The infrastructure includes redundant servers and automatic traffic rerouting to ensure uninterrupted service in the event of hardware failure.

All servers are backed up daily, with encrypted backup files stored at a secure offsite location. Preventative maintenance is performed regularly to minimize hardware risks. Additionally, a fully functional backup site is maintained at a separate location to ensure business continuity in the event of a physical disaster. Both primary and backup servers are hosted by the same provider and adhere to identical security protocols.

Leave Manager supports secure authentication through Single Sign-On (SSO) and Multi-Factor Authentication (MFA). These options allow organizations to align access protocols with internal security policies and ensure only authorized users can access sensitive leave data.

Leave Manager undergoes annual internal and external security audits to maintain compliance with ISO 27001 and SOC 2 Type 2 standards. While detailed audit results are not shared publicly, the SOC 2 Type 2 report is available upon request under NDA. These certifications reflect a strong commitment to data privacy and regulatory compliance.

Leave Manager is available 24/7/365 with a 99.9% planned uptime. System upgrades are performed biweekly, ensuring the platform remains current without disrupting service. This reliability allows HR teams to depend on the system for uninterrupted leave management.

The Leave Manager is designed with HR leaders in mind—supporting organizations from a single site to thousands of locations nationwide. With over 500,000 active leave cases managed across 33,000 locations and 750,000 employees, it’s proven to perform at scale. Thousands of customers rely on it to streamline leave administration while maintaining compliance with federal regulations and more than 100 state-specific programs.

Protecting Your Data

What types of employee data are collected and stored within Leave Manager to support leave case management?

Where is Leave Manager data stored, and how is it protected?

How is data within Leave Manager backed up and protected against loss?

How can HR teams ensure secure access for staff using Leave Manager?

How does Leave Manager stay compliant with HIPAA and other data protection regulations?

How often is Leave Manager maintained, and what is its availability?

Can the Leave Manager scale to meet the needs of large, complex organizations with diverse workforces and compliance requirements?