Data Security

A partner you can trust

Data Security

Today's digital landscape means limitless possibilities, and also complex security risks and threats. At ADP, security is integral to our products, our business processes, and infrastructure. We deliver advanced services and technology for data security, privacy, fraud, and crisis management-all so you can stay focused on your business.

Security Updates

ADP security updates and alerts to help you protect your organization and employees

See all alerts ›

ADP Client Resources

Best practices to protect yourself against phishing, social scams, payroll fraud, and more.

Visit client resources ›

SOC Details

ADP issues SOC 1 Type 2 and SOC 2 Type 2 reports over select products and services. In general, the availability of SOC 1 and SOC 2 reports is restricted to customers who have signed nondisclosure agreements with ADP. Also, ADP currently produces four (4) bridge letters per year, each covering the calendar quarter, and covering a fiscal quarter at-a-time.

Please contact your appropriate sales or account team member for more details in obtaining a SOC report. For more information regarding SOC reporting and its standard, please go the AIPCA’s (American Institute of Certified Public Accountants) website.

ISO Details

ADP is ISO 9001:2015 and ISO 27001:2013 certified and demonstrates this compliance through the formal registration process.

Certification to ISO 9001:2015 and ISO/IEC 27001:2013 standards ensure that ADP:

  • Demonstrate ability to consistently provide services and information security that meet client service levels and applicable statutory & global regulatory requirements.
  • Implement controls to safeguard valuable, sensitive and confidential company and client information assets.
  • Has established, documented, and maintains an effective management system as a means of ensuring that its services and security conform to specified requirements and to foster an environment of continual improvement.
  • Demonstrate Senior Management’s commitment to maintaining information security, high service levels and processing quality to clients.

Below is a list of certifications in the US (valid through July 18, 2021):

  • ISO 9001:2015 - SRI Cert #018880
  • ISO/IEC 27001:2013 - SRI Cert #018881

Constant Innovation

Today's threats move fast. Across all our HCM products and services, we help keep you protected with constantly evolving tools, technologies, expertise, and safeguards. Our proactive culture and operations include:

  • Research and testing on evolving threats
  • Continual training in new guidelines and practices
  • Advanced technology

Global expertise

When it comes to security for your ADP products and services, you need protection around the clock, and in every time zone. With over 65 years of experience and global reach, our security specialists and intelligence platforms have the bases covered. You'll benefit from:

  • Enterprise information security architecture
  • 24/7 global protection
  • Advanced threat monitoring
  • Multiple, state-of-the-art Critical Incident Response Centers located around the globe

Business protection

To be protected, you need to take an integrated approach. Partnering with ADP gives you advanced platform defense, intelligent detection, automated data protection, physical security, fraud defense, business resiliency, identity and access management-and much more. We embed multiple layers of protection into our products, processes, and infrastructure, to be sure that security remains at the forefront.

Cyber Resiliency

As cyber security threats continue to increase in both volume and sophistication, we’ve built a Trusted Platform Security Infrastructure (TPSI) that allows us to quickly deploy new security technologies that expand, integrate and support our cyber security services.

We have incorporated over 30 different technologies within our platform to provide:

  • Frontline Cyber and Fraud Protection
  • Authentication and Authorization Controls
  • Deep Network Visibility, Segregation, and Segmentation
  • Advanced Intelligent Security Event and Behavior Analysis Monitoring
  • Extended Confidential Data Leakage and Intellectual Property Protection
  • Multi-level Network and End Point Intrusion Prevention, Detection, and Remediation Capabilities
  • Next Generation Anti-Malware and Threat Protection
  • Continuous Application Security Testing and Vulnerability Management Services

Incident Management

ADP products and services are designed and maintained with controls and procedures to prevent incidents. In addition, a dedicated global team monitors round-the-clock using additional comprehensive controls, including data analytics, to detect, investigate and respond to anomalies and incidents. This team addresses any reported or detected issues by following a defined incident lifecycle. This lifecycle is governed by policies and procedures, and uses an incident management system to record facts, impact and remedial actions taken. To complete the cycle further, reviews are undertaken to learn and improve.

Fraud prevention

Fraud attacks have become increasingly sophisticated. With a dedicated fraud prevention program, ever-evolving anti-fraud practices, and cutting-edge technology, we work hard to protect your funds and personal information. Our fraud prevention program includes:

  • A detailed, holistic view of transactional behaviors
  • Proactive and systematic response to fraudulent activities
  • Deep understanding of fraud indicators and concealment strategies
  • Organization-wide Anti-Money Laundering (AML) compliance
  • Support for audit activities

Business resilience

We're committed to keeping our products and services running smoothly so you can serve your employees. Across technology, environmental, process, and health, our priority is to identify and mitigate our own risk. Our highly skilled, certified business resiliency professionals around the globe ensure internal issue response 24/7-365 days a year.

Privacy at ADP

ADP clients around the world trust ADP to handle their sensitive information. ADP's Global Data Privacy and Governance team handles:

  • The protection and governance of personal information as outlined in ADP’s Global Privacy Policy and BCRs
  • Conducting privacy reviews to ensure appropriate privacy protections are in place
  • Evaluating privacy incidents in accordance with data privacy laws
  • Implementing enterprise wide privacy compliance programs

Privacy at ADP

ADP Vulnerability Disclosure Program

Our Philosophy
At ADP, protecting clients’ funds and their data has been, and always will be, a top priority.

ADP values the work done by security researchers in improving the security of our products and service offerings. As a result, we encourage responsible reporting of any vulnerabilities that may be found in our site, products or applications. ADP is committed to working with security researchers to verify, reproduce and respond to potential vulnerabilities that are reported in accordance with the below requirements. If this policy and ADP's procedures are followed, ADP pledges not to initiate legal action against researchers for penetrating or attempting to penetrate our systems, provided that the following conditions are met.

ADP’s Requirements
Please review these terms before you take any action to test an ADP system. For testing requiring authentication please contact your ADP account team.

While we encourage researchers to report to us any vulnerabilities in a responsible manner, ADP does not permit the following actions:

  • Sharing, disclosing or publicizing an unresolved vulnerability with or to third parties
  • Performing actions that may negatively affect ADP or its clients or otherwise impacting service availability, including spam, brute force, and/or denial of service
  • Accessing, or attempting to access, data or information that does not belong to you
  • Testing of participating services using anything other than test accounts
  • Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you
  • Conducting any kind of physical or electronic attack on ADP personnel, property or data centers
  • Social engineering any ADP service desk, employee or contractor
  • Violating any laws or breaching any ADP Service Agreements in order to discover vulnerabilities

ADP’s Commitment to Researchers:
If you responsibly submit a vulnerability report, ADP will use reasonable efforts to:

  • Respond in a timely manner, acknowledging receipt of your vulnerability report
  • Provide an estimated time frame for addressing the vulnerability report
  • Notify you when the vulnerability has been fixed

Reporting a potential security vulnerability:

  • We expect you to privately share details of the suspected vulnerability with ADP by sending an email to vulnerabilityreporting@ADP.com. By sending an email to vulnerabilityreporting@ADP.com you meet the requirements of the ADP Vulnerability Disclosure Program.
  • Provide full details of the suspected vulnerability so the ADP security team may validate and reproduce the issue – please be sure as much detail as possible including the product tested, date, account names etc.

Reporting a suspicious email
If you would like to report a suspicious email to ADP, please send it to abuse@adp.com

Reporting suspected fraudulent activity
If you would like to report suspected fraudulent activity, please contact your client service representative.

Don’t just take our word for it.

Our recent awards include:

Excellence in
Information Security

RSA Conference

#5 Security Program in
Information Technology

Security Magazine

Most Influential People in Security
Awarded to Roland Cloutier,

ADP CSO
Security Magazine

Business Innovator
Awarded to Roland Cloutier,

ADP CSO
FAIR Institute

Read more about how ADP helps protect your business.

Protecting Your Personal Data Globally

Download brochure

Protection You Need from the Partner You Trust

Download brochure

Business Resiliency 

Download brochure

Global Vendor and Partner Assurance Program

Download brochure