Workday: Data Privacy and Security

Overview

• The privacy and security of HR data is the no.1 priority of the Workday project

Workday is the group-wide system for Human

Resources (HR), it provides a platform for
consistent HR processes and holds personal and
job details for each employee in the company

 Significant due diligence has been conducted on data protection

 A legal workstream is underway to ensure compliance in each operating country
 Workday has implemented tight controls, an overview of their security approach can be
found here: http://www.workday.com/why_workday/reliable_and_secure.php

1
 Workday security controls
Compliance, privacy and security
considerations are core to the overall design
of Workday, which employs a unified
approach to security at all computing layers.
Access for end users to view or modify data
is granted only via browser/mobile Workday delivers applications via a
application. Access for systems to view or software as a service (SaaS) model, also
modify data granted only via web services. known as the “Cloud”. In this service
No access is provided at the database layer. delivery model, Workday is responsible for
Access utilizes single role‐based security providing the infrastructure (i.e. hardware
logic to authenticate the user and to make and middleware that comprise the Workday
sure they have been granted a role that infrastructure), data security, software
allows the update. Workday provides a development and operational processes
complete audit trail of changes made

• Workday are fully ISO and Safe Harbour certified and our data will be hosted within the
European Economic Area (in Dublin, Ireland)
• Detailed Workday security reports:
– Workday’s Service Organization Controls 3 (SOC3) report is available here:
http://www.workday.com/Documents/workday_soc3_october_2014.pdf
– If required, the very detailed SOC1 and 2 reports are available here: https://
hyperiongrp.thruinc.net/Desktop/Distro/Open/006P1FFIBSZ

2
 Accessing Workday

Workday will be Workday will also

available via be available via
browser, Single mobile device,
Sign On within such as tablet or
company network smartphone

 Employees will see their own data

 Managers will see their team
 Executives will see dashboard analytics
 HR and Finance will see information required by their role

• Naturally, security guidelines apply at all times – everyone must always:

– follow password guidelines
– lock computer or mobile device when not in use
– avoid exporting/emailing/printing personal data

3
 Keys roles and access

Employees
• Own information
• Org chart with basic data, i.e. name, location, contact details

Managers
• Details of own direct team
• “Drill down” if multiple levels of org directly report into them

Executives
• Aggregated dashboard views
• Divisional CEO and Finance approve compensation changes

HR
• Assigned to roles which support the business

4
 Workday security
Important:
• Security access
can be reported
for visibility and
confidence
• Workday is fully
Organisation Roles audited

Groups, Policies and Domains