Governance and Trust

Our commitment

The Dayforce Our Way values are core to our culture: Customer Focus, Shared Ambition, Agility, Equity, Optimism, and Transparency. They are our roadmap for delivering our brand promise, and we aim to reflect our values in everything we do—including through the policies and procedures we adopt as a business. These values inform our management philosophy and help us create a positive experience for our employees, customers, and partners.

Governance

We aim to maintain high standards of corporate governance and ethics. Corporate governance and compliance is overseen by the Executive Vice President, Chief Legal and Compliance Officer, and Corporate Secretary at Dayforce. This role is responsible for Dayforce’s global legal activities and compliance programs, including commercial transactions, corporate governance, employment, mergers and acquisitions, privacy, and product compliance.

In 2024, we continued to mature our strong ethics and compliance program and policies. We established a new Governance Risk and Compliance Executive Committee (GRCEC) comprised of senior executives representing legal, HR, finance, and digital to regularly report to the executive operating committee. We also developed a new Policy on Policies which communicates Dayforce’s framework and process for the creation and implementation of company policies and to help us manage our robust library of company policies.

We believe that artificial intelligence and machine learning have the potential to fundamentally transform HCM. We aim to deploy advanced data capabilities that deliver not only greater efficiency at scale for our customers but also improved outcomes for their employees. That’s why we launched an initiative to modernize our company's internal AI usage policy, which included updated guidelines for evaluating vendors who incorporate AI capabilities into their products and services, among other areas.

These changes will ensure Dayforce maintains its commitment to using AI responsibly, while upholding our obligations to our customers.

Responsible AI

Artificial intelligence (AI) is a remarkably powerful technology that helps organizations unlock efficiency at scale and their people reach new levels of productivity, creativity, and fulfillment. Dayforce's AI-powered people platform is intelligent, flexible, and connected. We believe that AI must be developed and deployed responsibly, and we took a number of steps in the last year to ensure that we continue to realize that ambition.

This started with building new backend processes, expanded systems, and internal auditing capabilities to further deepen and mature our AI Governance Framework. From ideation to release, it is an important tool that allows us to evaluate the potential use of AI through all key stages of the product development lifecycle.

Cybersecurity

Effective stewardship and protection of customer data is a high priority for our organization. We are relentlessly focused on preventing data breaches and stopping cyberattacks from being successful or impacting our business. Each year, we work to meet this challenge by making strategic investments in new tools and technologies, expanded expertise, and improving already strong internal processes and procedures.

In 2024, we implemented several new initiatives to ensure that our customers’ data remains safe and secure from external threats and attacks. This included partnering with SafeBreach to deploy a new control attestation program that enhanced our system’s resiliency through real-world attack simulation, collaborating with HackerOne to create a Bug Bounty program, and launching a new identity governance platform with One Identity.

Privacy

Safeguarding data privacy is one of our most important responsibilities as a business, and Dayforce customers trust us to handle some of their employees’ most sensitive personal information.

In 2024, we maintained a robust privacy assessment program that enables employees to be good data stewards and requires review for any product features through which personal information (PI) is collected, used, stored, or shared. In addition, we continued to build a privacy-aware workforce through an annual privacy training with a completion rate of about 99% and Cybersecurity and Privacy Awareness Month activities, that included a thought leadership series covering topics such as privacy engineering, privacy by design, and AI, and contests and games.

Enterprise risk management

We believe that successful management of enterprise risk is important for our company to operate effectively and achieve our key business objectives. Through our fact-based, globally integrated model, our approach to ERM is built on the goals of continuous improvement as well as execution of a rigorous risk identification, analysis, and mitigation process.

In 2024, we updated our organizational risk appetite statements by theme and evolved the annual ERM assessment process to include more in-depth interviews with key stakeholders across the business. In addition, we conducted over 40 structured in-depth interviews across executive and senior leadership levels globally to refresh the enterprise risk landscape, which resulted in a more focused, consistent, and actionable prioritization of risks against our goals and objectives.