Dayforce

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: Please note, our support of Internet Explorer ended on January 31, 2021.
System requirements: Dayforce is accessible by web browser or mobile device

Dayforce is device agnostic

User support

Email or online ticketing support: Email or online ticketing
Support response times: This is dependent on SLA. Urgent issues are responded to within 1 business hour.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: No
Support levels: Urgent – A complete inability to use major functionality within the application resulting in a serious impact to the client’s business operations with no existing workaround. First response for application support is within one business hour.
High – Severely limited ability to use major functionality within the application that could impact the client’s business operations, with workarounds that may not fully address the issue. First response for application support is within eight business hours.
Medium – Minor errors in functionality within the application, often accompanied by workarounds. First response for application support is within 12 business hours.
- Low – General inquiries on the use of the application, minor cosmetic errors or incidents which otherwise do not require immediate attention, rare errors that appear during unusual conditions or are otherwise unlikely in normal use or, errors which have a sustainable workaround. First response for application support is within 24 business hours.
Customers can raise the visibility of a support ticket after it has been created with a single push of the button on the Dayforce Customer Community (escalation feature). Logged issues are analysed as they come in, then triaged to the appropriate subject matter expert for resolution based on severity.
Support available to third parties: No

Onboarding and offboarding

Getting started: Dayforce is one of the few solutions that will be accessed by all employees. Like other software projects, project success is ultimately determined by how effectively users leverage the capabilities of Dayforce.
Dayforce offers a variety of training programs that are designed to accelerate end user adoption and provide you with flexibility in how and when training is delivered. Training programs are divided into the types of roles that you need to educate; from employees and managers to executive leadership, administrators and company trainers.
Dayforce training content is available in a variety of media including video, PowerPoint, and printed materials, and may be delivered through the web or on-site at our location or on-site at your location.
Training types and methods can be customized to meet your needs. Your Dayforce representative will discuss your training needs further to ensure that the best education package is developed based on your unique needs and business goals.
Service documentation: Yes
Documentation formats: HTML

PDF

Other
Other documentation formats: Excel

Word
End-of-contract data extraction: Contract termination activities are handled by a specialized Cancelation Team that will work with you to ensure that we understand your needs and can deliver what is necessary for your continued operations. We would provide you with access to your data for a period of time, long enough to transfer the data via exports into the new system.
Upon contract termination, you can obtain an extract of your data following the process with the client cancellation team, the data available in SQL, XLS, or CSV formats. Data extract fees apply.
This can include an extract of documents that you’ve uploaded if you’ve purchased Document Management. However, it does not include system generated documents such as payslips (available in raw format as part of the data extract).
All databases containing personal information are deleted within 90 days by Dayforce unless you decide to purchase extended access for an additional monthly fee. We retain backups of customer data, including personal information, for a period of one year following the time the backup was created, after which time it is deleted. We supply written confirmation that any copies/backups of data have been securely destroyed.
End-of-contract process: Upon contract termination, you can obtain an extract of your data following the process with the client cancellation team, the data available in SQL, XLS, or CSV formats. Data extract fees apply.
This can include an extract of documents that you’ve uploaded if you’ve purchased Document Management. However, it does not include system generated documents such as payslips, etc. (this data is available in raw format as part of the data extract).
All databases containing personal information are deleted within 90 days by Dayforce unless you decide to purchase extended access for an additional monthly fee. We retain backups of customer data, including personal information, for a period of one year following the time the backup was created, after which time it is deleted.
We can also supply written confirmation that any copies/backups of data have been securely destroyed.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Dayforce Mobile is a native mobile app available for iOS and Android. The majority of Dayforce supports a ‘device agnostic’ user experience. Users can access the main application from a computer, laptop, tablet, or smartphone, and Dayforce will scale to their device’s screen size. Dayforce leverages advances in HTML technology and capabilities to deliver this user experience.
Mobile-friendly self-service features increase employee engagement, streamline workflows, and allow employees to manage their work-life balance. Integrated within the award-winning Dayforce application, the mobile functionality is designed for the way businesses work.
Our web application is available on mobile browsers.
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: Dayforce itself is a single application with no integrations required between functional modules. For integrations with third parties we offer multiple tools including APIs, import/export, iPaaS Platforms (Dell Boomi and Mulesoft), and OData.
Accessibility standards: None or don’t know
Description of accessibility: We have adopted WCAG 2.1 Level AA as our target conformance standard for digital content, web applications, and mobile applications. We are partially conformant with WCAG 2.1 level AA. Partially conformant means that some parts of the content and/or applications do not fully conform to the selected accessibility standard.
Our approach to accessibility is not catered to any specific assistive technology. During our QA process, we test with NVDA, JAWS, and VoiceOver which support the accessibility features available for Dayforce.
Accessibility testing: While Dayforce does not directly support these, many of our customers use assistive devices such as screen readers as well as other assistive technology.
We use a combination of automatic assessments and manual assessments to support consistent adherence to standards. Web content is reviewed to ensure it provides information in clear language, with appropriate contrast, alternate text for images, and keyboard navigability.
Please see the response above about our work to improve accessibility.
API: Yes
What users can and can't do using the API: For customers with development capabilities, Dayforce offers web services. Our web services offering provides a quick and flexible method for businesses to exchange data, solving a long-standing data-sharing challenge. Data can be accessed upon request as needed, with the flexibility of custom software. Dayforce web services are a dynamic and flexible alternative to bulk import/export, providing more control over the data retrieved and allowing more frequent interactions between Dayforce and customers’ systems.
With respect to Web Services, we continue to work on the Dayforce Developer Network, which will include a RESTful API Explorer and Schema Explorer, provide further functions to retrieve employee schedules, time away from work, and availability operations, provide partner integrations, token-based authentication, and develop an Event Sourcing framework so that event notifications can push to third-party applications over the API.
API documentation: Yes
API documentation formats: Open API (also known as Swagger)

HTML

PDF

Other
API sandbox or test environment: Yes
Customisation available: No

Scaling

Independence of resources: Our standard Dayforce offering is a multi-tenant SaaS application. Data will be on a shared server. However, Dayforce does not stripe data in a single database. All clients have completely isolated databases with unique user application accounts. The largest POD implementation of Dayforce consists of 1,500 customers and 2.1 million employees. It can grow further to support more customers and employees.
We also offer Dedicated Hosting.
The Dayforce Cloud has highly elastic capacity, with the ability to rapidly provision infrastructure and resources on demand – including processing power, memory, servers, bandwidth and more.

Analytics

Service usage metrics: Yes
Metrics types: Dayforce supports audits, security logs, and various monitoring reports via several standard reports in the application. Dayforce also contains a Report Designer tool that allows users to create countless reports to suit their needs. The employee audit report tracks changes made to employees records, the date the change was made and the person that made the change. User session reports track the last time a specific employee logged in to the application, including logins to the main application and the mobile apps. We also have several monitoring tools which track system anomalies which are followed through to resolution if required.
Reporting types: Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: European Economic Area (EEA)
User control over data storage and processing locations: No
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402

Physical access control, complying with another standard

Encryption of all physical media

Scale, obfuscating techniques, or data storage sharding
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Generally, integration/interfaces are performed via SFTP to ensure security in transmission between systems. Export files are typically in CSV format, allowing for additional validation and security of content prior to transmission.
Data export formats: CSV

Other
Other data export formats: XML

Excel
Data import formats: CSV

Other
Other data import formats: XML

Excel (xlsx format)

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Legacy SSL and TLS (under version 1.2)

Other
Other protection between networks: All data is encrypted at rest and in motion. Data in motion is encrypted with TLS 1.2 and higher and data at rest within Dayforce is encrypted using TDE AES 256-bit certificates. File transfers between Dayforce and customer sites or authorized third party locations use SFTP and are optionally encrypted with PGP or other standard encryption technologies.
From the moment the data is entered in the application on users' PC it is encrypted all the way to our hosted systems. Dayforce also employs several systems and tools to protect the environment including firewalls, IDP, IDS, SIEM, and Web Application Firewalls.
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Legacy SSL and TLS (under version 1.2)

Other
Other protection within supplier network: All data is encrypted at rest and in motion. Data in motion is encrypted with TLS 1.2 and higher and data at rest within Dayforce is encrypted using TDE AES 256-bit certificates. File transfers between Dayforce and customer sites or authorized third party locations use SFTP and are optionally encrypted with PGP or other standard encryption technologies.
From the moment the data is entered in the application on users' PC it is encrypted all the way to our hosted systems. Dayforce also employs several systems and tools to protect the environment including firewalls, IDP, IDS, SIEM, and Web Application Firewalls.

Availability and resilience

Guaranteed availability: We guarantee 99.75% uptime as part of our SLA.
From 2021 to 2023, uptime for Dayforce was as follows:
• 2023: 99.94%
• 2022: 99.98%
• 2021: 99.95%
If we fail to meet the minimum acceptable level for a service level in any calendar month, we will provide a root cause analysis for the failure and a short-term plan (and long-term plan if appropriate) to return to acceptable service levels. If we fail to meet the minimum acceptable level for the same service level any two consecutive calendar months, we will assign a senior support escalation contact to you who will meet with you on a regular basis (at times and schedule as mutually agreed upon) until the service levels are restored.
We’re happy to offer additional SLA commitments in the definitive agreement, but that is to be further discussed and agreed upon as we move ahead in the vendor selection process.
SLAs and terms are defined in our General Terms.
Approach to resilience: This is available on request.
Outage reporting: In the result of an outage Dayforce will declare a disaster and fail over to the backup location. Customers are not required to perform any activities in the result of a failover to the disaster recovery site - communication would be sent out via email or phone call to the contact identified during the scoping process. All Dayforce disaster recovery and business continuity plans are designed to be transparent to customers. No customer involvement is required, or expected, during failover operations to the disaster recovery instance.
Dayforce assesses any potential event individually, and will communicate service outages using the normal communications methods. No special communication is undertaken if Dayforce should activate a disaster recovery or business continuity plan as these are, as indicated, designed to be executed independent of any customer input or action.
We estimate that our longest outage from 2019-2023 was approximately ten minutes and the average outage during that timeframe was approximately three minutes. This was at our external data centre hosting vendor’s facility.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password
Access restrictions in management interfaces and support channels: Dayforce uses role-based security to determine the level of access and functionality a user has within the system. Authorisations control the create, read, update, and delete privileges for different types of data in the application.
From a system access perspective, all requests are authenticated. We do not support anonymous access. Customers can use Single Sign-On (SSO), native authentication, or a combination with the product. If you choose native authentication, we provide password policies and session timeouts to mimic what you have in place.
Dayforce can integrate with any SAML 2.0 compliant SSO solution.
2-factor authentication and IP restriction is supported.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: MSECB
ISO/IEC 27001 accreditation date: 2019-07-08, renewed in 2021-07-05
What the ISO/IEC 27001 doesn’t cover: Dayforce (the organisation) and Dayforce (the product), are ISO 27001 audited and certified.

We have also been audited by an independent third party under the ISO 27017, ISO 27018, and ISO 27036 frameworks as well as SSAE 18 Type 2 SOC 1, SSAE 18 Type 2 SOC 2 {ISAE 3402/AT-C 320 (SSAE 18)/CSAE 3416 Type II SOC} and NIST 800-171.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: No
Cyber essentials plus: No
Other security certifications: Yes
Any other security certifications: Dayforce is audited against NIST 800-171

ISO 27001 audited and certified for Dayforce (organisation/platform)

Audited under ISO27017, ISO27018 and ISO27036 frameworks

Complete SSAE18 SOC1 Type2 reports annually.

Complete SOC2 Type 2 {ISAE-3402/AT-C-320(SSAE 18)/CSAE-3416} reports annually.

All ISO and Annex A controls are applicable.

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: Dayforce (organisation) and Dayforce (product), are ISO 27001 audited and certified. Our program is designed around the ISO 27001 series of standards. GAPP principles and criteria were developed considering international privacy regulatory requirements and best practices.
Dayforce is designed to support General Data Protection Regulation (GDPR) compliance by allowing customers who act as data controllers of their employees' personal data to collect, maintain, and dispose of such data in accordance with their GDPR obligations, based on their specific needs. Dayforce also meets the GDPR requirements as a data processor under Art. 28, implementing appropriate technical and organisational measures to protect personal data. The principles of the GDPR are incorporated into our global privacy program and business.
Dayforce bases our security policies on ISO and NIST frameworks while leveraging the Santa Fe Group's Standard Information Gathering (SIG) questionnaire.
We are audited by an independent third party under ISO 27017, ISO 27018, and ISO 27036 frameworks as well as SSAE 18 Type 2 SOC 1, SSAE 18 Type 2 SOC 2 {ISAE 3402/AT-C 320 (SSAE 18)/CSAE 3416 Type II SOC} and NIST 800-171. Dayforce completes both SSAE 18 Type 2 SOC 1 assessment and SSAE 18 Type 2 SOC 2 assessment annually.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: This standard addresses security requirements to consistently control and manage the deployment of operational software to mitigate or reduce the likelihood of introducing flaws or weaknesses in productions systems. This standard aligns with section 12.5 of the ISO 27002-2013 control framework.
Dayforce has implemented the principle of Data Protection by Design. A Privacy Impact Assessment (PIA) is required to determine whether the purpose of processing data is legal, appropriate, and fair under the circumstances, whether it be product innovation or on-going process improvements. PIAs are required for any new data processing or for any new use of existing data.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Dayforce utilises multiple layers of cybersecurity defence solutions to prevent, detect, and quickly respond to unwanted/suspicious activities, including ransomware. Endpoint security, network and application protection, encryption in use and at rest, use of the least privileged principle, monitoring, SSO with MFA, required hardware/software standards and baselines, IDS/IPS, vulnerability management, patching, threat hunting, and security awareness training are all part of the cybersecurity defence. This standard aligns with section 12.6 of the ISO 27002-2013 control framework.
Patches are performed on a monthly cycle but emergency patches can be implemented outside of this cycle.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: This standard is intended to help establish the appropriate processes to identify, manage, and respond to cybersecurity breaches to minimize the impact of such incidents on the business, employees, and customers.
Dayforce utilises multiple layers of cybersecurity defence solutions to prevent, detect, and quickly respond to unwanted/suspicious activities, including ransomware. Endpoint security, network and application protection, encryption in use and at rest, use of the least privileged principle, monitoring, SSO with MFA, required hardware/software standards and baselines, IDS/IPS, vulnerability management, patching, threat hunting, and security awareness training form cybersecurity defence aligning with section 16 of ISO 27002-2013 control framework.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: Dayforce's incident response process to ensure a consistent and effective approach to the management of cybersecurity incidents, including communication on security events and weaknesses, as outlined below:
Incident Response Procedure
- Planning and preparedness, including periodic testing
- Personnel requirements, roles, and responsibilities including incident response training
- Monitoring, detecting, and analyzing cybersecurity events to identify cybersecurity incidents
- Cybersecurity incident handling procedures
- Logging of incident information
- Classification of cybersecurity events, including type and levels based on risk
- Collection and handling of evidence
- Reporting of security incidents (notification, escalation, and process improvement)
- Continuous improvement

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Covid-19 recovery
Tackling economic inequality
Equal opportunity
Wellbeing

Fighting climate change

We know that climate change poses an existential threat to the health and well-being of humanity today and for future generations. That’s why we are fundamentally committed to doing our part to address it. We have been actively working toward meeting our Scope 1 and 2 emissions reduction target, and we also took a number of additional steps over the past year that reflect our ambitions to decarbonize our value chain. They included:

Setting a new near-term Scope 3 emissions reduction target.
Committing to having our targets validated by the Science Based Targets Initiative (SBTi).
Maintaining 100% renewable electricity for our global operations in 2023 through purchasing 10,697 MWh of Energy Attribute Certificates (EACs).
We also made progress in reducing our carbon footprint last year, and we have continued to drive significant reductions since 2019. This included:

A 20% annual reduction in Scope 1 and 2 (location-based) emissions.
A 65% reduction in Scope 1 and 2 (location-based) emissions since 2019.
A 30%+ reduction in Scope 3 economic emissions intensity since 2018.
Our climate strategy and progress has led us to be recognized as one of America’s Greenest Companies by Newsweek, one of America’s Climate Leaders in 2023 by USA TODAY, and earned us our first-ever “B” from CDP (formerly the Carbon Disclosure Project).

We have developed a strong plan to meet our new near-term Scope 3 emissions target. This includes advancing our decarbonization strategy through the implementation of two new programs that address two of our largest climate impact areas: our supply chain and business travel.

Covid-19 recovery

Dayforce Safety Monitor provides an effective way to ensure the safety of employees while maintaining critical business operations during the COVID-19 pandemic.
Employees can update their personal information and location from anywhere and check in at an office or at home, allowing you to effectively manage employee location to understand the movement of employees and exposure of coworkers. Dayforce provides configurable forms and workflows, location-based reports and notifications, and allows you to report on COVID-19 status, quarantines, and relevant dates to monitor affected employees and impacted coworkers. You can also send communications to employees.

You need to ensure the safety of your employees while maintaining critical business operations, including knowing whether an employee is at the office or at home, updates on their status, and access to their emergency contact information.

You can track COVID-19 time off by creating a new pay code in Dayforce, allowing employees to specify that COVID-19 is the reason for their time off request. With this information in the application, managers can easily make pay adjustments or replace scheduled shifts for employees requesting time off due to COVID-19.
Employees may be using more sick time as the COVID-19 pandemic continues. You can also update a balances minimum value so that it can go into the negative, allowing employees to use more than their allotted balance during this time. For employees who may not be able to clock in and out due to working remotely but will still be working their scheduled shifts, you can configure Dayforce to pay them based on their scheduled times.
Our shift trading capabilities will allow your employees to trade future scheduled shifts

You can onboard employees virtually to minimize in-office interaction, while still ensuring your new hire feels welcomed and aware of expectations on their first day with Dayforce Onboarding.

Tackling economic inequality

Employees benefit from early access to wages through Dayforce Wallet, helping reduce the need for costly alternatives like payday loans. Hourly employees using Dayforce Wallet have a 25% lower 90-day attrition rate than hourly employees not using Dayforce Wallet and we also see a 9.4% lower 90-day attrition rate among all employees using Dayforce Wallet versus those who do not use it. It provides the convenience of a traditional bank account, but without the balance minimums and monthly service fees for employees. The Dayforce Wallet app and accompanying Dayforce Card enables employers to pay their employees in a way where they can conveniently and quickly access their funds. These payments can be standard payroll, one-time payments, such as reimbursements or termination pay (US only), or on-demand pay requests initiated by the employee.
With the Dayforce Wallet app, employees can:
• Add available, earned wages to the card.
• Use the card wherever Mastercard is accepted, both in-store and online.
• Receive access to a financial wellness tool that can help avoid high interest alternatives.
• Link to direct deposit in Dayforce for funding at payday.
• Check card balance.
• View transaction history.
• Find and access a network of free ATMs so that they can withdraw funds from their Dayforce Wallet account.
• Transfer money to other financial institutions.

Equal opportunity

Dayforce provides various features and functionalities to assist in complying with regulatory requirements associated with the hiring process. For example, Dayforce includes preconfigured EEO and Veteran Form Questionnaires that candidates can complete to self-identify their race/ethnicity, gender, and veteran status. The application also includes compliance reports that HR administrators can use to analyze their organization's compliance with relevant regulations. Additionally, Dayforce allows for the configuration of job categories and job postings to ensure that employees are properly categorized. Finally, the system allows for the integration with third-party screening providers to take advantage of their candidate screening services in the Recruiting feature, which can assist in complying with regulatory requirements associated with the hiring process.

Wellbeing

Financial wellbeing
Dayforce Wallet is a digital financial management solution that helps employees feel a sense of empowerment over their earnings and regain control over their finances. This can help to increase workplace engagement, especially for employees who are living paycheck to paycheck, and may be financially stressed. Dayforce Wallet is an innovative solution that can help make a material impact in the day-to-day lives of today’s workers. Employers can also set a financial limit on the amount that can be withdrawn to ensure the employee still has funds come pay day.

The Dayforce Wallet application and accompanying paycard enables users to make any day payday by getting access to their wages on demand. Leveraging Dayforce continuous pay calculations, Dayforce Wallet processes a same-day payroll each time a worker requests their pay. Unlike a mobile banking application, users can access their on-demand funds immediately upon request, rather than having to wait one to three business days for the transaction to complete.
The solution is compliant with federal, state, and local remittances and requires no changes to payroll processing including the funding, timing, and close-out of pay.

Watch this video to learn more: https://play.goconsensus.com/2d8ca652.

Pricing

Price: £12.75 to £30.00 a person a month
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Dayforce

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents