Governance and trust
We maintain a strong culture of ethics, our enterprise is secure, our customer data is protected, and our products are consistently available and reliable
Ceridian’s Our Way values are core to our culture: Customer Focus, Shared Ambition, Agility, Equity, Optimism, and Transparency. They are our roadmap for delivering our brand promise, and we aim to reflect our values in everything we do—including through the policies and procedures we adopt as a business. These values inform our management philosophy and help us create a positive experience for our employees, customers, and partners.
Ceridian maintains the highest standards and guidelines to ensure that our employees conduct business ethically. We regularly update corporate policies to conform to evolving best practices, including strengthening our anti-corruption, records retention, sanctions compliance, and expense submission policies. These are covered in detail in our annual ESG reports.
In 2022, we strengthened our commitment to responsible data innovation by developing and publishing our Artificial Intelligence (AI) Ethics Principles. These guidelines represent the core of our approach to designing and operating AI systems. They will inform our management philosophy, guide our approach to product development, and provide our customers and partners with a framework that enables feedback.
Nothing is more important to Ceridian than the protection of our customers’ data, and 2022 was a year of strong performance by our data security team. Under the leadership of our CISO, cybersecurity funding was increased to support a zero-trust security architecture that secured the enterprise and addressed the large and ever-growing number of attack vectors. In 2022, we prevented all cyberattacks from being successful or impacting our business. We increased our annual investment to over 1.5% of total revenue, grew our data security team by over 30%, and implemented a number of activities such as enhancing our security controls in the cloud and improving product security capabilities.
In 2022, we continued to build privacy capability throughout our fast-growing enterprise. This included implementing new formal privacy by design assessment and review processes across our global operations, as well as achieving a 94% completion rate for our company-wide privacy training program. We ensured that our customers continue to receive the highest level of compliance in a regulatory environment that is experiencing a substantial increase in new privacy and data laws. This included updating our customer and vendor agreements with the new E.U. Standard Contractual Clauses, which provides for heightened protection to personal data transferred from countries in the E.U. to other jurisdictions.
Enterprise risk management
In 2022, we broadened and deepened our efforts to effectively manage current and potential risks across our global operations. This began with expanding the number of participants in our annual risk assessment to nearly 90 leaders in three global regions: North America, EMEA, and APJ. This included all direct reports of our co-CEOs as well as those they directly manage. In partnership with Gartner, we leveraged best practices and their Enterprise Risk Assessment Tool to better identify, assess, and score any risk that posed a potentially meaningful impact to the enterprise globally.