A partner you can trust

ADP Data Security and Business Resiliency video

Protecting our clients' data and earning their trust since 1949. See how ADP’s security is at the forefront of the industry.

Data security

Today’s digital landscape means limitless possibilities, and also complex security risks and threats. At ADP, security is integral to our products, our business processes, and infrastructure. We deliver advanced services and technology for data security, privacy, fraud, and crisis management—all so you can stay focused on your business.

Security updates

ADP security updates and alerts to help you protect your organization and employees

See all alerts ›

How to protect your information

Best practices to protect yourself against phishing, social scams, payroll fraud, and more.

Visit information on how to protect your information ›

SOC Reporting at ADP

ADP issues SOC 1 Type 2 and SOC 2 Type 2 reports over select products and services. In general, the availability of SOC 1 and SOC 2 reports is restricted to prospective and existing clients who have signed nondisclosure agreements and/or contracts with ADP. Also, ADP produces four (4) bridge letters per year, each covering the calendar quarter, and covering a fiscal quarter at-a-time. Bridge letters are limited to SOC 1 reports and are not produced for SOC 2 reports.

Please contact your appropriate sales or account team member for more details in obtaining a SOC report. For more information regarding SOC reporting and its standard, please go the AICPA’s (American Institute of Certified Public Accountants) website.

About_Security_ISOcertification_620w

ISO certification details

ADP maintains ISO 9001, ISO/IEC 27001 and ISO/IEC 27701 certifications for select services and locations. In general, the availability of ISO certifications is restricted to customers who have signed nondisclosure agreements with ADP.

Please contact your appropriate sales or account team member for more details.

Constant innovation

Today’s threats move fast. Across all our HCM products and services, we help keep you protected with constantly evolving tools, technologies, expertise, and safeguards. Our proactive culture and operations include:

  • Research and testing on evolving threats
  • Continual training in new guidelines and practices
  • Advanced technology

Global expertise

When it comes to security for your ADP products and services, you need protection around the clock, and in every time zone. With over 65 years of experience and global reach, our security specialists and intelligence platforms have the bases covered. You’ll benefit from:

  • Enterprise information security architecture
  • 24/7 global protection
  • Advanced threat monitoring
  • Multiple, state-of-the-art Critical Incident Response Centers located around the globe
Partnering with ADP gives you cyber and information security, global privacy and data protection, operational risk management, controls and credentials assurance, business resilience, third-party management, security testing and analysis, fraud diversion management, critical incident response and client security management.

Business protection

To be protected, you need to take an integrated approach. Partnering with ADP gives you advanced platform defense, intelligent detection, automated data protection, physical security, fraud defense, business resiliency, identity and access management—and much more. We embed multiple layers of protection into our products, processes, and infrastructure, to be sure that security remains at the forefront.

ADP engages in both internal and external assurance and audit activities across the enterprise multiple times a year that include reviews of our technology, security and related controls. External assurance includes various SOC 1 and 2 reports, and 27001 certifications, Sarbanes-Oxley, and Payment Card Industry Data Security Standard (PCI DSS), as well as a combination of internal assessments and audits performed by groups such as Internal Audit, the Global Security Organization, Compliance, etc.

ADP offers effective incident management by following a defined incident lifecycle: prepare, detect, contain, remediate, communicate and learn.

Incident management

ADP products and services are designed and maintained with controls and procedures to prevent incidents. In addition, a dedicated global team monitors round-the-clock using additional comprehensive controls, including data analytics, to detect, investigate and respond to anomalies and incidents. This team addresses any reported or detected issues by following a defined incident lifecycle. This lifecycle is governed by policies and procedures, and uses an incident management system to record facts, impact and remedial actions taken. To complete the cycle further, reviews are undertaken to learn and improve.

ADP’s fraud prevention process: collect, monitor, alert, communicate.

Fraud prevention

Fraud attacks continue to grow in scale and sophistication. Through a dedicated fraud prevention program, continuously evolving controls, and advanced technology, we work diligently to safeguard your funds and protect your personal information.

Our fraud prevention program delivers a comprehensive and proactive approach, including:

  • Organizational understanding of current fraud trends, indicators, and concealment strategies
  • A holistic and detailed view of transactional behavior across channels
  • Proactive, systematic detection processes and responses to detected fraudulent activity
  • Organization-wide Anti Money Laundering (AML) compliance program
  • Strong support for internal and external audit efforts
  • Defend yourself against fraud

Together, these capabilities help you defend against fraud with confidence.

Business resilience

We’re committed to keeping our products and services running smoothly so you can serve your employees. Across technology, environmental, process, and health, our priority is to identify and mitigate our own risk. Our highly skilled, certified business resiliency professionals around the globe ensure internal issue response 24/7—365 days a year.

Privacy at ADP

ADP clients around the world trust ADP to handle their sensitive information. ADP’s Global Data Privacy and Governance team handles:

  • The protection and governance of personal information as outlined in ADP’s Global Privacy Policy and BCRs
  • Conducting privacy reviews to ensure appropriate privacy protections are in place
  • Evaluating privacy incidents in accordance with data privacy laws
  • Implementing enterprise wide privacy compliance programs

Privacy at ADP

ADP Security Awareness & Training Program Overview

At ADP, our Security Training and Awareness Program is a dynamic and continuously evolving initiative designed to foster a strong security culture. We empower our associates and contingent workers to make responsible, secure decisions, and to protect our most valuable assets. We employ a variety of tools, techniques, and programs to embed security into our associates’ and contingent workers’ day-to-day professional and personal lives. 

ADP’s Security Awareness and Training Program consists of: 

  • Mandatory annual security training that includes an overview of key security topics, policies, and responsibilities, complemented by a mid-year refresher   
  • Global and targeted phishing simulations that replicate real-world attack techniques enabling associates to detect and report malicious messages, with supplemental training provided if needed  
  • Monthly global security awareness campaigns on various security topics, which incorporate tips and best practices, as well as targeted awareness materials as required
  • Periodic gamification activities designed to increase engagement and reinforce critical security behaviors in an interactive way