To obtain ISO/IEC 27001:2005 certification, ADP/SIS defined and implemented an Information Security Management System (ISMS), which balances physical, technical, procedural, and personnel security. Each aspect of the ISMS is tailored to meet the needs of individual groups within the company, and over 135 specific controls help keep the system in compliance with best practices in the information security industry.
To help prepare for the certification audit, ADP/SIS launched a dedicated Security Department, developed Security Education Awareness programs for all associates, and created numerous new security policies. All ADP associates receive yearly formal security training, and ADP also maintains an internal Associate Security Center web site for reference.
The ISO/IEC 27001:2005 certification further demonstrates ADP/SIS's commitment to best practice methodologies, including ISO 9001:2000 certification since 2001, Capability Maturity Model (CMM) Level 2 certification since 2000, and yearly SAS 70 Level II audits.
David Swift, Senior Vice President and General Manager of ADP/SIS, commented, "Each day in the news we hear of new cases of security breaches and identity theft. ADP/SIS believes information security is a very critical component of our business, and we proved it by obtaining the ISO/IEC 27001:2005 certification. We feel this certification is a competitive advantage for our business, as well as for all of our clients. Information security is a continual process, and we will constantly evolve our procedures to ensure the confidentiality and integrity of our clients' information."