Unit4 Data Security and Privacy
Discover how we work to protect our customers and communities from a range of data security risks and threats
Security and privacy are at the heart of everything we do
Unit4 maintains a secure framework – based on industry best practices – designed to protect the confidentiality, integrity and availability of your data. We give you the peace of mind that your data is secure, so you can focus on what really matters: supporting your customers and empowering your people.
Security & risk management
Here’s how we ensure end-to-end data security:
Organizational security
Our commitment to security and privacy is driven by the entire company and underpinned by our Information Security Policy, processes and procedures. All our employees receive security and privacy training and, where applicable, additional training specific to their roles. Access is strictly limited to only those who require it and is reviewed on a regular basis.
Cloud security
- Technical and network security – to prevent data from being intercepted, all traffic is secured using industry standard protocols such as SSL/TLS and HTTPS. System security is based on logical authentication and authorization mechanisms, while stateful firewall technology ensures that only legitimate data enters the service environment.
- Data security – customer data in transit and at rest is protected by encryption.
- Data segregation – Unit4 ensures that all customers have their own individual, secure database. You can rest assured that your data is never inadvertently shared with others.
- Threat monitoring – various monitoring tools are used to detect and prevent malicious events, threats and intrusion attempts.
Application security
All Unit4 ERP, FP&A, and HCM applications have security features, processes and protocols in place, such as:
- Application access only – users working in the application don’t have direct access to the underlying business logic and database tiers.
- User-/role-level permissions – advanced granular permissions (Read, Write, Update, Delete) can be defined either by user or role and fully managed by you.
- Data-level permissions – within a defined set of user/role permissions, Unit4 applications allow for granular data filtering.
- Security by design – security is implemented in the clearly defined secure software development lifecycle (SSDLC) to ensure changes and releases to our software are carried out in a secure, controlled manner.
Backup and disaster recovery
In case of service unavailability, even caused by a data center crash, we can easily recover the services in the secondary data center. This procedure is tested annually to ensure we can meet the SLAs promised to our customers.
Data centers
Unit4 uses only trusted and certified data centers, which implement a comprehensive set of environmental controls to ensure the physical security and high availability.
Microsoft Azure
Microsoft Azure is committed to providing the highest levels of trust, transparency, standards conformance, and regulatory compliance – with the most comprehensive set of compliance offerings of any cloud service provider.
Conapto
Conapto, which provides scalable, secure and sustainable data center colocation as well as the cloud connectivity needed to produce and deliver digital services in a hybrid IT-environment in the Nordics region.
Privacy at Unit4
Data privacy is extremely important in today’s interconnected world. To make sure that your data is always in safe hands, Unit4 controls access rights, limits disclosure and complies with data privacy regulations and international laws. Our data protection initiatives include physical security and best-in-class access management. Further information and documentation is available here:
How we protect your data
How we safeguard your privacy
Compliance
Unit4 maintains strong business operations founded on high industry standards and adhering to the latest compliance and regulatory requirements. Our company holds various certifications. Please check your service offering description, to verify which standards apply. In addition, Unit4 strives to put in place reasonably necessary measures to enable it to meet the standards required for compliance with the principles of Directive (EU) 2022/2555 (the “NIS 2 Directive”) and the equivalent to the NIS 2 Directive in the UK.
SOC-1 Type II
This report confirms that Unit4 has appropriate controls and processes in place to keep client data secure. In particular, it focuses on the effectiveness of internal controls that affect the customers' financial reporting.
SOC-2 Type II
This report assesses how well Unit4 safeguards customer data with a special focus on the five Trust Services Principles: security, availability, processing integrity, confidentiality, and privacy.
ISO/IEC 27001:2022 Information Security Management
This security standard provides guidelines for establishing, implementing, maintaining and continuously improving information security management systems (ISMS).
ISO/IEC 27017:2015 Cloud Security Management
This code of practice provides information security management system guidelines related to cloud computing.
Cyber Essentials
This certification helps Unit4 to guard against the most common cyber threats and demonstrates our commitment to cyber security.
ISO 9001:2015 Quality Management
This standard provides requirements for continuous improvement and quality management.
The Nonprofit Common Data Model
Unit4’s ERP, FP&A, HCM, and Source-to-contract solutions are built utilizing the framework of the NCDM, which is a standardized and interoperable open-source data model designed to facilitate data integration, sharing, and collaboration within the nonprofit sector.
By offering predefined data relationships and definitions, it enables better data governance practices, which can aid nonprofits in maintaining data quality and adhering to relevant compliance regulations, such as data privacy laws.