ISO Certifications
ADP has the following certifications from the International Organization for Standardization, valid through July 2024.
- ISO 9001:2015 - SRI Cert #021782
- ISO/IEC 27001:2013 - SRI Cert #021783
Global Security
With an ever-changing digital landscape bringing limitless possibilities, new and complex security risks and threats are introduced. At ADP, security is integral to our products, our business processes and infrastructure. We use advanced services and technology to deliver data security, data privacy, fraud prevention and crisis management.
Global converged security program
ADP’s converged security organization has 350+ security specialists in 13 countries who work 24/7/365 to monitor and respond to cyber security and fraud threats and business resilience incidents to proactively assist in addressing issues before they escalate. Our Board of Directors and our Audit Committee are actively engaged in the oversight of our global security program. Among other things, the program is subject to an annual third-party assessment overseen by our Board and this assessment reviews all aspects of our cyber program. The findings are reported to the Board and in response, ADP develops initiatives to improve our maturity across each of the five pillars of the National Institute of Standards and Technology Cybersecurity Framework. The status of these initiatives is then reviewed with our Audit Committee during its quarterly meetings. This governance process ensures an environment of continuous improvement.
Business Resiliency Program Council
A Business Resiliency Program Council as chaired by the Chief Security Officer, provides overall guidance and strategic direction for the ADP Global Business Resiliency Program. The Council meets on a quarterly basis to enforce adherence to resiliency policies and standards and supports business resiliency throughout the organization. Areas covered by the Council include real-world responses to crises and emergencies, risk assessment, testing and validation and plan development.
Multiple layers of protection
ADP provides the advantages of a global industry-leading advanced platform defense; intelligent detection; automated data protection; fraud defense; identity and access management and so much more. We embed multiple layers of protection into our products, business processes and infrastructure as security remains a priority for our business. By collaborating with key government and industry partnerships, memberships and alliances, ADP uses threat-led intelligence to stay ahead of the risks.
Independence of information security function
ADP’s Chief Security Officer oversees ADP’s Global Security Organization (GSO) and reports to the CAO, which gives GSO the necessary independence from IT. The GSO is a cross-divisional, converged security team that has a multi-disciplinary approach to cyber, information security, compliance, operational risk management, client security management, workforce protection and resilience. GSO senior management, under ADP's Chief Security Officer, is responsible for managing security policies, procedures and guidelines.
Security training and awareness program
At ADP, our Security Training and Awareness Program is a continuous, dynamic and robust initiative, designed to develop and maintain a security-focused culture. The program empowers our associates and contingent workers to make responsible, secure decisions and to protect our most valuable assets. We employ a variety of tools, techniques and programs to embed security safeguards into our day-to-day professional and personal lives.
All associates take an annual, interactive security training program that includes an overview of key security topics, policies and responsibilities. To complete the requirement, they must demonstrate an understanding of the material. All contingent workers are required to complete this same training within one week of the start of their contract. Additionally, ADP’s security policies are available to both associates and contingent workers on our Information Security intranet. This intranet site provides additional information, such as a security newsfeed with tips and best practices, external security resources, emergency response information, security alerts, awareness information, security procedures and contact information to enable associates and contractors to ask security-related questions or raise concerns via email or telephone.
To reach and engage as many associates and contingent workers as possible, ADP’s Security Training and Awareness Program employs various methods of delivery. Examples include classroom-based training, webinars, infographics, posters and other visual aids, online training, videos, blogs and intranet articles, newsletters, internal social media feeds, intranet sites and more.
Gamifying security training
We implemented a security ambassador program that is available to both associates and contingent workers to join at their will which gives additional, alternative security training and support. This gamified program provides opportunities for our associates and contingent workers to get additional security training and be involved in other security initiatives.
