Submitted by david.pothier on Sun, 05/15/2022 - 17:38
Our ESG Program
Cybersecurity

We make cybersecurity and compliance a top priority at UKG.

Cybersecurity
Our Commitment to Our Customers

As a leading global technology provider, UKG takes matters of cybersecurity and compliance very seriously. UKG is committed to preserving the confidentiality, integrity, and availability of all physical, electronic, and informational assets as they relate to our cloud solutions and services.

At UKG
We're committed to protecting HCM assets from all threats, whether internal or external, deliberate or accidental. The following details a number of certifications UKG has achieved.

Security SOC 2 — ISAE3402/SSAE 18 Audit

UKG complies with ISAE3402/SSAE 18 AICPA Trust Principles for Security, Confidentiality, and Availability (and, where in scope, Privacy and Processing Integrity), and undergoes an audit each year for the purposes of examining the relevant controls. These audits are performed by an independent, certified third party and the resulting reports are provided to our customers upon request within our UKG due diligence package.

The SOC 2 report demonstrates controls in place to meet the AICPA’s SOC 2 Trust Services Criteria (TSC) for the following principles:

  • Privacy: personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the entity’s privacy notice and with criteria set forth in the Generally Accepted Privacy Principles issued by the AICPA.

  • Confidentiality: information that is designated “confidential” is protected according to policy or agreement.

  • Security: the system is protected against unauthorized access, both physical and logical.

  • Availability: the system is available for operation and use in accordance with UKG’s commitments.

  • Processing Integrity: system processing is complete, accurate, and authorized.

Like SOC 2, the SOC 3 report has been developed based on the AICPA TSC. The SOC 3 is a public report of UKG’s controls over Security, Confidentiality, and Availability (and, where in scope, Privacy and Processing Integrity). UKG maintains SOC 3 reports for UKG Pro, UKG Dimensions, UKG Ready, HRSD, UKG Payroll Services, and the UKG Private Cloud

ISO 27001, 27017, and 27018

ISO 27001 is an information security standard originally published in 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).  ISO 27001 is a globally recognized, standards-based approach to security that outlines requirements for an organization’s information security management system (ISMS).

ISO 27017, published in 2015, is a complementary standard to ISO 27001. This standard provides controls and implementation guidance for information security applicable to the provision and use of cloud services.

ISO 27018 is a complementary standard, published by ISO/IEC in 2014, that contains guidelines applicable to cloud service providers that process personal data.

UKG ensures compliance with ISO 27001, 27017, and 27018 as outlined below. UKG also ensures our data centers maintain a recognized security program such as ISO 27001 or a comparable industry standard security framework. The audits are carried out by an independent, certified third party and, upon request, UKG provides the certificates to our customers.

BELOW IS A DETAILED SUMMARY OF UKG SOLUTIONS AND RELATED ISO CERTIFICATIONS:

ISO 27001

 

Original Certification Date

Current Certificate Date

Current Certificate Expiry Date

UKG Pro

January 3, 2008

January 3, 2023

October 31, 2025

UKG HRSD

March 10, 2017

January 3, 2023

October 31, 2025

UKG Dimensions

June 20, 2019

June 15, 2022

June 19, 2025

UKG Ready

June 15, 2022

June 15, 2022

June 19, 2025

ISO 27017

 

Original Certification Date

Current Certificate Date

Current Certificate Expiry Date

UKG Pro

June 14, 2021

January 3, 2023

January 2, 2026

UKG HRSD

June 14, 2021

January 3, 2023

January 2, 2026

UKG Dimensions

June 19, 2020

June 15, 2022

June 19, 2025

UKG Ready

June 15, 2022

June 15, 2022

June 19, 2025

ISO 27018

 

Original Certification Date

Current Certificate Date

Current Certificate Expiry Date

UKG Pro

December 13, 2016

January 3, 2023

January 2, 2026

UKG HRSD

January 3, 2020

January 3, 2023

January 2, 2026

UKG Dimensions

June 20, 2019

June 15, 2022

June 19, 2025

UKG Ready

June 15, 2022

June 15, 2022

June 19, 2025

Get the latest ESG report from UKG

Get a more detailed look at our comprehensive ESG program, policies, and practices, as well as our progress from the past year.