Slack

Slack is where work flows. It’s where the people you need, the information you share, and the tools you use come together to get things done.

Website
https://slack.com

Do you work at Slack?

Claim this Trust Center

Compliance
Product Security
Data Security
Privacy
Incident Management & Response
Availability & Reliability
Organizational Security
Business Continuity
Infrastructure
Threat Management
Subprocessors

Compliance
- CCPA
  Slack is committed to helping its customers and users understand and exercise their rights under the California Consumer Privacy Act (CCPA).
- EU-US Privacy Shield
- 12 more topics
Product Security
- Audit Logs
- Multi-Factor Authentication
  Team Administrators can require all users to set up two-factor authentication on their accounts. Instructions for doing this are available in Slack's Help Center.
- 4 more topics
Data Security
- Data Encrypted At-Rest
  Data at rest in Slack’s production network is encrypted using FIPS 140-2 compliant encryption standards, which applies to all types of data at rest within Slack’s systems—relational databases, file stores, database backups, etc. All encryption keys are stored in a secure server on a segregated network with very limited access.
- Data Encrypted In-Transit
  All data transmitted between Slack clients and the Slack service is done so using strong encryption protocols. Slack supports the latest recommended secure cipher suites to encrypt all traffic in transit, including use of TLS 1.2 protocols, AES256 encryption, and SHA2 signatures, whenever supported by the clients.
Privacy
- Privacy Policy
- Data Retention Policy
- 3 more topics
Incident Management & Response
- Data Breach Notification
  Slack notifies impacted customers without undue delay of any unauthorized disclosure of their respective Customer Data by Slack or its agents of which Slack becomes aware to the extent permitted by law.
- Incident Response Plan (IRP)
  Slack maintains security incident management policies and procedures.
Availability & Reliability
- Data Redundancy
  Customer Data is stored redundantly in multiple locations in the hosting provider’s data centres to ensure availability. Slack has well-tested backup and restoration procedures which allow recovery from a major disaster.
- Infrastructure Redundancy
- 2 more topics
Organizational Security
- Confidentiality Agreements
  All employees are required to read and sign Slack's comprehensive information security policy covering the security, availability, and confidentiality of the Slack services.
- Employee Background Checks
  Slack conducts background checks on all employees before employment.
- 1 more topic
Business Continuity
- Disaster Recovery Plan
  Slack's operations team tests disaster recovery measures regularly and has a 24-hour on-call team to quickly resolve unexpected incidents.
- Data Backups
Infrastructure
- ISO 27001 - Data Center
- Physical Access Control - Data Center
Threat Management
- Bug Bounty
- Penetration Testing
  In addition to compliance audits, Slack engages independent entities to conduct application-level and infrastructurelevel penetration tests at least annually. Results of these tests are shared with senior management and are triaged, prioritized, and remediated in a timely manner. Customers may receive executive summaries of these activities by requesting them from their account executive.
- 2 more topics
Subprocessors
- Sign up to view Slack's Subprocessors

Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.

Slack

.css-np5eqa{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;padding-left:var(--chakra-space-1);}Compliance

Product Security

Data Security

Privacy

Incident Management & Response

Availability & Reliability

Organizational Security

Business Continuity

Infrastructure

Threat Management

.css-1qeb6l9{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;padding-left:0px;}Subprocessors

Compliance

Subprocessors