Ceridian’s Our Way values are core to our culture: Customer Focus, Shared Ambition, Agility, Equity, Optimism, and Transparency. They are our roadmap for delivering our brand promise, and we aim to reflect our values in everything we do—including through the policies and procedures we adopt as a business. These values inform our management philosophy and help us create a positive experience for our employees, customers, and partners.
Ceridian maintains the highest standards and guidelines to ensure that our employees conduct business ethically. We regularly update corporate policies to conform to evolving best practices—including strengthening our anti-corruption, records retention, and sanctions compliance policies in 2021—covered in detail in our ESG report.
Nothing is more important to Ceridian than the protection of our customers’ data, and 2021 was a year of strong performance by our data security team. Under the leadership of our new CISO, cybersecurity funding was increased to support a zero-trust security architecture that secured the enterprise and addressed the large and ever-growing number of attack vectors. We implemented a series of tiered redundancy measures to ensure that all threats are stopped, and our customers’ data remains safe and protected. By taking these steps, growing our team by more than 60% (including mergers & acquisitions) in 2021, and investing more than 1% of total revenue in our data security program that same year, we were able to prevent all third-party attacks from becoming material data breaches.
In 2021, we strengthened our privacy practices and further ingrained the importance of data protection into everything we do. We rolled out a new company-wide privacy training program, which more than 95% of our employees completed. We also launched a multi-year process of incorporating technology and automation to support our global compliance efforts through the deployment of a privacy management platform that will enable us to better understand data flows and assist with compliance and risk management. In the EMEA region, we began updating our agreements with clients, vendors, and partners with the new EU Standard Contractual Clauses, which provide for heightened protection to personal data transferred from countries in the EU to other jurisdictions.
In 2021, Ceridian took a series of steps to successfully manage risk across our growing global footprint. We completed a comprehensive annual risk assessment of the 52 functional areas of our business, which generated an in-depth Risk Register that included the effects of climate change and other sustainability risks. We also transitioned our Enterprise Risk Management (ERM) program to a continuous model that uses a consistent risk taxonomy and a more streamlined risk scoring and rating system. In 2021, our Business Resilience team also completed 45 Business Impact Assessments, 26 Business Continuity Plans, 10 Disaster Recovery Exercises, and successfully responded to 19 natural disaster-related incidents and threats around the world.