At ADP, we are committed to protecting data and earning the trust of our clients since 1949. See how ADP’s security is at the forefront of the industry.
Data Security
Today’s digital landscape means limitless possibilities, and also complex security risks and threats. At ADP, security is integral to our products, our business processes, and infrastructure. We deliver advanced services and technology for data security, privacy, fraud, and crisis management—all so you can stay focused on your business.
SOC Details
ADP issues SOC 1 Type 2 and SOC 2 Type 2 reports over select products and services. In general, the availability of SOC 1 and SOC 2 reports is restricted to customers who have signed nondisclosure agreements with ADP. Also, ADP currently produces four (4) bridge letters per year, each covering the calendar quarter, and covering a fiscal quarter at-a-time.
Please contact your appropriate sales or account team member for more details in obtaining a SOC report. For more information regarding SOC reporting and its standard, please go the AIPCA’s (American Institute of Certified Public Accountants) website.
ISO Certification Details
ADP is ISO 9001:2015 and ISO 27001:2013 certified and demonstrates this compliance through the formal registration process.
Certification to ISO 9001:2015 and ISO/IEC 27001:2013 standards ensure that ADP:
- Demonstrates ability to consistently provide services and information security that meet client service levels and applicable statutory & global regulatory requirements.
- Implements controls to safeguard valuable, sensitive and confidential company and client information assets.
- Has established, documented, and maintains an effective management system as a means of ensuring that its services and security conform to specified requirements and to foster an environment of continual improvement.
- Demonstrates senior management’s commitment to maintaining information security, high service levels and processing quality to clients.
- Meets the international standard for privacy information management.
Constant Innovation
Today’s threats move fast. Across all our Human Capital Management (HCM) products and services, we help keep you protected with constantly evolving tools, technologies, expertise, and safeguards. Our proactive culture and operations include:
- Research and testing on evolving threats
- Continual training in new guidelines and practices
- Advanced technology
Global expertise
When it comes to security for your ADP products and services, you need protection around the clock, and in every time zone. With over 65 years of experience and global reach, our security specialists and intelligence platforms have the bases covered. You’ll benefit from:
- Enterprise information security architecture
- 24/7 global protection
- Advanced threat monitoring
- Multiple, state-of-the-art Critical Incident Response Centers located around the globe
Business protection
To be protected, you need to take an integrated approach. Partnering with ADP gives you advanced platform defence, intelligent detection, automated data protection, physical security, fraud defence, business resiliency, identity and access management—and much more. We embed multiple layers of protection into our products, processes, and infrastructure, to be sure that security remains at the forefront.
Fraud prevention
Fraud attacks have become increasingly sophisticated. With a dedicated fraud prevention program, ever-evolving anti-fraud practices, and cutting-edge technology, we work hard to protect your funds and personal information. Our fraud prevention program includes:
- A detailed, holistic view of transactional behaviors
- Proactive and systematic response to fraudulent activities
- Deep understanding of fraud indicators and concealment strategies
- Organization-wide Anti-Money Laundering (AML) compliance
- Support for audit activities
Incident Management
ADP products and services are designed and maintained with controls and procedures to prevent incidents. In addition, a dedicated global team monitors round-the-clock using additional comprehensive controls, including data analytics, to detect, investigate and respond to anomalies and incidents. This team addresses any reported or detected issues by following a defined incident lifecycle. This lifecycle is governed by policies and procedures, and uses an incident management system to record facts, impact and remedial actions taken. To complete the cycle further, reviews are undertaken to learn and improve.
Business resilience
We’re committed to keeping our products and services running smoothly so you can serve your employees. Across technology, environmental, process, and health, our priority is to identify and mitigate our own risk. Our highly skilled, certified business resiliency professionals around the globe ensure internal issue response 24/7—365 days a year.
Data privacy
Clients around the world trust ADP to handle their sensitive information. ADP’s Global Data Privacy and Governance team handles:
- The protection and governance of personal information as outlined in ADP’s Global Privacy Policy
- Conducting privacy impact analyses and ensuring appropriate privacy protections are in place
- Managing privacy incidences in compliance with data privacy laws
- Implementing enterprise wide privacy compliance programs
ADP Security Awareness & Training Program Overview
At ADP, our Security Training and Awareness Program is a continuous, dynamic and robust initiative that is designed to develop and maintain a security-focused culture, empower our associates and contingent workers to make responsible, secure decisions and to protect our most valuable assets. We employ a variety of tools, techniques and programs to embed security into our associates’ and contingent workers’ day-to-day professional and personal lives.
All associates are required to take and successfully complete an annual, interactive security training program that includes an overview of key security topics, policies and responsibilities. All contingent workers are required to complete this same training within one week of the start of their contract. Additionally, ADP's security policies are available to both associates and contingent workers on ADP's Information Security intranet (access to intranet may be role dependent). This intranet site provides additional security information to all associates and contingent workers, such as a security newsfeed with tips and best practices, external security resources, emergency response information, security alerts, awareness information, security procedures, and contact information for associates and contractors to ask security-related questions or raise concerns via email or telephone.
To reach and engage as many associates and contingent workers as possible, ADP’s Security Training and Awareness program consists of various methods of delivery. Examples of tools used to include: classroom-based training, webinars, infographics, posters and other visual aids, online training, videos, blogs and portal articles, newsletters, internal social media feeds, intranet sites, etc. Further, ADP has implemented a security ambassador program that is available to both associates and contingent workers to join at their will. This gamified program provides opportunities for our associates and contingent workers to get additional security training and be involved in other security initiatives.
Topics that ADP includes as part of our Security Training and Awareness program include (*topics may rotate depending on timing and specific initiative)
- Clean desk
- Bring-Your-Own Device
- Data Management
- Removable Media
- Safe Internet Habits
- Physical Security
- Social Media
- Scams including phishing, vishing, smishing, spear phishing and whaling
- Malware
- Social Engineering
- Incident Response
- Security Responsibilities
- Other ADP-specific topics that are relevant to our associates and contractors
Don’t just take our word for it.
Our recent awards include:
#5 Security Program in
Information Technology
Security Magazine
#1 in Business
Services Category
Security Magazine
CSO50 Award:
Global Incident Governance
Council program
CSO50 Award:
ADP's S.A.F.E program
CSO50 Award:
Global Third-Party Risk
Management 2.0
Excellence in
Information Security
RSA Conference