The Employee Communication Platform
The gold standard in security certifications
Our Information Security Management System comprises a comprehensive set of policies and controls across People Practices, Operational Procedures and Technical Controls.
The world’s most secure employee experience app
Trusted by the world’s biggest brands
Certified and Secure
Collaborate with confidence
Our Security Statement
We know based on our close partnerships with some of the world’s largest and most security conscious enterprises that security really does matter. Enterprises of every scale and scope demand that their data is at all times collected, processed and stored securely whilst satisfying all legal, industry and regulatory requirements. In particular, we recognise the significant importance of having transparency around security practices and that 3rd party attestation aligned to the relevant security standards is key to underpinning confidence.
At Workvivo, we prioritise security through our continuous investment in our comprehensive Information Security Management System (ISMS) and, as a company, continuing to maintain our compliance with multiple Globally recognised “Gold Standards” in Security certifications: ISO 27001 and SOC 2.
Workvivo is ISO 27001 certified
We also generate an annual SOC 2 Type 2 report
The Gold Standards in Security certifications
People Practices
Security is central to Workvivo and all of its employees. All employees are aware of their role and related responsibilities within the effective operation of our ISMS and agree to comply with very well defined security policies within their employment contracts.
Security Awareness
Security awareness training is delivered with a regular cadence with specialist detailed training delivered on our secure software engineering processes and enforcing tools to the Product team.
The Workvivo ISMS also comprises a comprehensive set of people policies for on-boarding, off-boarding and around use of all Workvivo devices.
Operational Procedures
The Workvivo ISMS comprises a wide variety of documented policies and related operational procedures aligned to the ISO 27001 standard and SOC 2 controls. This is inclusive of the following sample of key policies and procedures:
- Risk Management Framework
- Business Continuity & Disaster Recovery
- Incident Management Policy
- Change Management Policy
- Asset Management Policy
- Access Controls Policy
- Cryptographic Controls Policy
- Workvivo GDPR Policy
- Workvivo Privacy Policy
- Cloud Audit Security Program
Technical Controls
Our compliance with ISO 27001, coupled with the creation of an annual SOC 2 Type 2 report, demands that we continuously continue to invest in a set of layered and integrated technical security controls spanning from Workvivo employee devices into the AWS cloud.
Cloud Based
Workvivo is a cloud solution hosted in AWS and leverages many of the widely proven security services provided by AWS. Testing of all controls and countermeasures is an on-going process.
Workvivo has also contracted with a highly recognized and reputable 3rd party penetration testing organisation to test and create reports against both the Workvivo cloud infrastructure and Workvivo application with a regular cadence. All test reports are available under NDA.
Workvivo is an ISO 27001 certified organization Download our ISO 27001 certificate here
Audited annually by our AICPA auditor partners, Workvivo makes its SOC 2 Type 2 report available under NDA on an annual basis.
Workvivo customers have assurance that we manage information security according to both of the Gold standards of globally recognised security certifications.
