We make cybersecurity and compliance a top priority at UKG.

As a leading global technology provider, UKG takes matters of cybersecurity and compliance very seriously. UKG is committed to preserving the confidentiality, integrity, and availability of all physical, electronic, and informational assets as they relate to our cloud solutions and services.
At UKG
We're committed to protecting HCM assets from all threats, whether internal or external, deliberate or accidental. The following page details a number of certifications UKG has received and continues to earn.
Security SOC 2 — ISAE3402/SSAE 18 Audit
UKG complies with ISAE3402/SSAE 18 AICPA Trust Principles for Security, Confidentiality, and Availability (and, where in scope, Privacy and Processing Integrity), and undergoes an audit each year for the purposes of examining the relevant controls. These audits are performed by an independent, certified third party and the resulting reports are provided to our customers upon request. UKG also performs SOC 2 audits for our data centers and will provide those reports to customers upon request.
Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 defines when evaluating the suitability of the design and operating effectiveness of controls relevant to the security, availability, or processing integrity of information and systems, or the confidentiality or privacy of the information processed by the system. UKG SOC 2 Type II reports are made available to customers within our UKG Due Diligence Package.
The SOC 2 report demonstrates controls in place to meet the AICPA’s SOC 2 Trust Services Criteria (TSC) for the following principles:
-
Privacy: personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the entity’s privacy notice and with criteria set forth in the Generally Accepted Privacy Principles issued by the AICPA.
-
Confidentiality: information that is designated “confidential” is protected according to policy or agreement.
-
Security: the system is protected against unauthorized access, both physical and logical.
-
Availability: the system is available for operation and use as committed or agreed.
-
Processing Integrity: system processing is complete, accurate, and authorized.
The report contains an opinion from an independent, third-party auditor attesting the appropriate controls are in place to address the selected TSCs and the controls are either designed and implemented (Type I report) or designed and operating effectively (Type II report).
ISO 27001, 27017, and 27018
UKG ensures compliance with ISO 27001, 27017, and 27018 as outlined below. UKG also ensures our data centers continue to have IT security management certified according to ISO 27001 or a comparable industry standard security framework. The audits are carried out by an independent, certified third party and, upon request, UKG provides the certificates to our customers.
ISO 27001 is an information security standard originally published in 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). In 2013, ISO 27001:2013 was published, and it supersedes the original 2005 standard. ISO 27001 is a globally recognized, standards-based approach to security that outlines requirements for an organization’s information security management system (ISMS).
ISO 27017, published in 2015, is a complementary standard to ISO 27001. This standard provides controls and implementation guidance for information security applicable to the provision and use of cloud services.
ISO 27018 is a complementary standard, published by ISO/IEC in 2014, that contains guidelines applicable to cloud service providers that process personal data.
Below is a detailed summary of certifications achieved by UKG:
ISO 27001 |
|||
---|---|---|---|
|
Original Certification Date |
Current Certificate Date |
Current Certificate Expiry Date |
UKG Pro |
January 3, 2008 |
January 3, 2023 |
October 31, 2025 |
UKG HRSD |
March 10, 2017 |
January 3, 2023 |
October 31, 2025 |
UKG Dimensions |
June 20, 2019 |
June 15, 2022 |
June 19, 2025 |
UKG Ready |
June 15, 2022 |
June 15, 2022 |
June 19, 2025 |
ISO 27017 |
|||
---|---|---|---|
|
Original Certification Date |
Current Certificate Date |
Current Certificate Expiry Date |
UKG Pro |
June 14, 2021 |
January 3, 2023 |
January 2, 2026 |
UKG HRSD |
June 14, 2021 |
January 3, 2023 |
January 2, 2026 |
UKG Dimensions |
June 19, 2020 |
June 15, 2022 |
June 19, 2025 |
UKG Ready |
June 15, 2022 |
June 15, 2022 |
June 19, 2025 |
ISO 27018 |
|||
---|---|---|---|
|
Original Certification Date |
Current Certificate Date |
Current Certificate Expiry Date |
UKG Pro |
December 13, 2016 |
January 3, 2023 |
January 2, 2026 |
UKG HRSD |
January 3, 2020 |
January 3, 2023 |
January 2, 2026 |
UKG Dimensions |
June 20, 2019 |
June 15, 2022 |
June 19, 2025 |
UKG Ready |
June 15, 2022 |
June 15, 2022 |
June 19, 2025 |
KPC Incident Statement
On December 11, 2021, UKG was the victim of a ransomware attack that impacted our solutions hosted in the Kronos Private Cloud (KPC). As of January 22, 2022, all affected customers in the KPC were restored with safe and secure access to their core time, scheduling, and HR/payroll capabilities.
Get a more detailed look at our comprehensive ESG program, policies, and practices, as well as our progress from the past year.
