Unit4 Data Security and Privacy
Discover how we work to protect our customers and communities from a range of data security risks and threats
Security & risk management
Here’s how we ensure end-to-end data security:
Our commitment to security and privacy is driven by the entire company and underpinned by our Information Security Policy, processes and procedures. All our employees receive security and privacy training and, where applicable, additional training specific to their roles. Access is strictly limited to only those who require it and is reviewed on a regular basis.
- Technical and network security – to prevent data from being intercepted, all traffic is secured using industry standard protocols such as SSL/TLS and HTTPS. System security is based on logical authentication and authorization mechanisms, while stateful firewall technology ensures that only legitimate data enters the service environment.
- Data security – customer data in transit and at rest is protected by encryption.
- Data segregation – Unit4 ensures that all customers have their own individual, secure database. You can rest assured that your data is never inadvertently shared with others.
- Threat monitoring – various monitoring tools are used to detect and prevent malicious events, threats and intrusion attempts.
All Unit4 ERP, FP&A, and HCM applications have security features, processes and protocols in place, such as:
- Application access only – users working in the application don’t have direct access to the underlying business logic and database tiers.
- User-/role-level permissions – advanced granular permissions (Read, Write, Update, Delete) can be defined either by user or role and fully managed by you.
- Data-level permissions – within a defined set of user/role permissions, Unit4 applications allow for granular data filtering.
- Security by design – security is implemented in the clearly defined secure software development lifecycle (SSDLC) to ensure changes and releases to our software are carried out in a secure, controlled manner.
Backup and disaster recovery
In case of service unavailability, even caused by a data center crash, we can easily recover the services in the secondary data center. This procedure is tested annually to ensure we can meet the SLAs promised to our customers.
Unit4 uses only trusted and certified data centers, which implement a comprehensive set of environmental controls to ensure the physical security and high availability.
Microsoft Azure is committed to providing the highest levels of trust, transparency, standards conformance, and regulatory compliance – with the most comprehensive set of compliance offerings of any cloud service provider.
Conapto, which provides scalable, secure and sustainable data center colocation as well as the cloud connectivity needed to produce and deliver digital services in a hybrid IT-environment in the Nordics region.
Privacy at Unit4
Data privacy is extremely important in today’s interconnected world. To make sure that your data is always in safe hands, Unit4 controls access rights, limits disclosure and complies with data privacy regulations and international laws. Our data protection initiatives include physical security and best-in-class access management.
Unit4 maintains strong business operations founded on high industry standards and adhering to the latest compliance and regulatory requirements. Our company holds various certifications, please check your service offering description to verify which standards apply.
SOC-1 Type II
This report confirms that Unit4 has appropriate controls and processes in place to keep client data secure. In particular, it focuses on the effectiveness of internal controls that affect the customers' financial reporting.
SOC-2 Type II
This report assesses how well Unit4 safeguards customer data with a special focus on the five Trust Services Principles: security, availability, processing integrity, confidentiality, and privacy.
ISO/IEC 27001:2013 Information Security Management
This security standard provides guidelines for establishing, implementing, maintaining and continuously improving information security management systems (ISMS).
ISO/IEC 27017:2015 Cloud Security Management
This code of practice provides information security management system guidelines related to cloud computing.
This certification helps Unit4 to guard against the most common cyber threats and demonstrates our commitment to cyber security.
ISO 9001:2015 Quality Management
This standard provides requirements for continuous improvement and quality management.