🔎

Find & compare security policies for thousands of companies using our new directory

Company logo

Slack

Slack is where work flows. It’s where the people you need, the information you share, and the tools you use come together to get things done.
  • Website
    https://slack.com

Do you work at Slack?

Claim this Trust Center

  • Compliance

    • CCPA

      Slack is committed to helping its customers and users understand and exercise their rights under the California Consumer Privacy Act (CCPA).

    • EU-US Privacy Shield
    • 12 more topics

  • Product Security

    • Audit Logs
    • Multi-Factor Authentication

      Team Administrators can require all users to set up two-factor authentication on their accounts. Instructions for doing this are available in Slack's Help Center.

    • 4 more topics

  • Data Security

    • Data Encrypted At-Rest

      Data at rest in Slack’s production network is encrypted using FIPS 140-2 compliant encryption standards, which applies to all types of data at rest within Slack’s systems—relational databases, file stores, database backups, etc. All encryption keys are stored in a secure server on a segregated network with very limited access.

    • Data Encrypted In-Transit

      All data transmitted between Slack clients and the Slack service is done so using strong encryption protocols. Slack supports the latest recommended secure cipher suites to encrypt all traffic in transit, including use of TLS 1.2 protocols, AES256 encryption, and SHA2 signatures, whenever supported by the clients.

  • Privacy

    • Privacy Policy
    • Data Retention Policy
    • 3 more topics

  • Incident Management & Response

    • Data Breach Notification

      Slack notifies impacted customers without undue delay of any unauthorized disclosure of their respective Customer Data by Slack or its agents of which Slack becomes aware to the extent permitted by law.

    • Incident Response Plan (IRP)

      Slack maintains security incident management policies and procedures.

  • Availability & Reliability

    • Data Redundancy

      Customer Data is stored redundantly in multiple locations in the hosting provider’s data centres to ensure availability. Slack has well-tested backup and restoration procedures which allow recovery from a major disaster.

    • Infrastructure Redundancy
    • 2 more topics

  • Organizational Security

    • Confidentiality Agreements

      All employees are required to read and sign Slack's comprehensive information security policy covering the security, availability, and confidentiality of the Slack services.

    • Employee Background Checks

      Slack conducts background checks on all employees before employment.

    • 1 more topic

  • Business Continuity

    • Disaster Recovery Plan

      Slack's operations team tests disaster recovery measures regularly and has a 24-hour on-call team to quickly resolve unexpected incidents.

    • Data Backups
  • Infrastructure

    • ISO 27001 - Data Center
    • Physical Access Control - Data Center
  • Threat Management

    • Bug Bounty
    • Penetration Testing

      In addition to compliance audits, Slack engages independent entities to conduct application-level and infrastructurelevel penetration tests at least annually. Results of these tests are shared with senior management and are triaged, prioritized, and remediated in a timely manner. Customers may receive executive summaries of these activities by requesting them from their account executive.

    • 2 more topics

  • Subprocessors

    • Sign up to view Slack's Subprocessors

Sign up to see the rest of Slack's posture and unlock unlimited access.

Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.

Sign Up
About
Join the community:
Copyright © 2022 Trustpage. All rights reserved.
Logos provided in part by Clearbit.