Global Security

With an ever-changing digital landscape bringing limitless possibilities, new and complex security risks and threats are introduced. At ADP, security is integral to our products, our business processes and infrastructure. We use advanced services and technology to deliver on our commitment to data security, data privacy, fraud prevention and crisis management.

Global converged security program

ADP’s converged security organization has 400+ security specialists in 15 countries who work 24/7/365 to monitor and respond to cybersecurity and fraud threats and business resilience incidents to proactively assist in addressing issues before they escalate. Our Board of Directors and our Audit Committee are actively engaged in the oversight of our global security program. Among other things, the program is subject to an annual third-party assessment overseen by our Board and this assessment reviews all aspects of our cyber program. The findings are reported to the Board and in response, ADP develops initiatives to improve our maturity across each of the five pillars of the National Institute of Standards and Technology Cybersecurity Framework. The status of these initiatives is then reviewed with our Audit Committee during its quarterly meetings. This governance process ensures an environment of continuous improvement.

BUSINESS RESILIENCY PROGRAM

Areas covered by the ADP Global Business Resiliency Program include real-world responses to crises and emergencies, risk assessment, testing and validation and plan development.

Multiple layers of protection

ADP provides the advantages of a global industry-leading advanced platform defense; intelligent detection; automated data protection; fraud defense; identity and access management and so much more. We embed multiple layers of protection into our products, business processes and infrastructure as security remains a priority for our business. By collaborating with key government and industry partnerships, memberships and alliances, ADP uses threat-led intelligence to stay ahead of the risks.

Independence of information security function

ADP’s Chief Security Officer oversees ADP’s Global Security Organization (GSO) and reports to the CAO, which gives GSO the necessary independence from IT. The GSO is a cross-divisional, converged security team that has a multi-disciplinary approach to cyber, information security, compliance, operational risk management, client security management, workforce protection and business resilience. GSO senior management, under ADP’s Chief Security Officer, is responsible for managing security policies, procedures and guidelines.

ADP has the following certifications from the International Organization for Standardization, valid through July 2024:

  • ISO 9001:2015 - SRI Certificate #021782
  • ISO/IEC 27001:2013 - SRI Certificate #021783
  • ISO/IEC 27701: 2019 - SRI Certificate for US #4996-01/02/06
  • ISO/IEC 27701: 2019 - SRI Certificate for EMEA #4996-00-EUR-ISMS

Security training and awareness program

At ADP, our Security Training and Awareness Program is a continuous, dynamic and robust initiative, designed to develop and maintain a security-focused culture. The program empowers our associates and contingent workers to make responsible, secure decisions and to protect our most valuable assets. We employ a variety of tools, techniques and programs to embed security safeguards into our day-to-day professional and personal lives.

All associates take an annual, interactive security training program that includes an overview of key security topics, policies and responsibilities. To complete the requirement, they must demonstrate an understanding of the material. All contingent workers are required to complete this same training within one week of the start of their contract. Additionally, ADP’s security policies are available to both associates and contingent workers on our Information Security intranet. This intranet site provides additional information, such as a security newsfeed with tips and best practices, external security resources, emergency response information, security alerts, awareness information, security procedures and contact information to enable associates and contractors to ask security- related questions or raise concerns via email or telephone.

To reach and engage as many associates and contingent workers as possible, ADP’s Security Training and Awareness Program employs various methods of delivery. Examples include classroom and virtual based training, infographics, blogs, newsletters, intranet sites and more.