Workday takes a holistic approach to security, ranging from technical safety guards to understanding data privacy laws and compliance. And those safety guards are built into every product and process.
Workday protects your data with world-class physical, network, application, and data-level security. Workday maintains a formal and comprehensive security program designed to ensure the security and integrity of customer data, protect against security threats or data breaches, and prevent unauthorized access to the customer data.
Workday regularly passes rigorous third-party compliance audits of our robust security, confidentiality, and availability controls. Workday successfully completed multiple SAS70 Type II audits, and now publishes a Service Organization Controls 1 (SOC 1) report under both the SSAE 16 and the ISAE 3402 professional standards. Workday has also achieved ISO 27001 certification and certifies to the U.S. Safe Harbor program for data privacy.
Workday does not allow direct database access. Every access requests routed through the business logic. With Workday, all attribute values in the database and backups are uniquely encrypted in the database using AES 256-bit encryption. Workday is the only solution on the market capable of this approach.