How Workshop handles security differently
Internal communication is meant to be just that: internal. We understand that in many cases, the information and data you want to share with employees isn’t meant to be shared with the general public.
And on top of that, we understand that protecting your employee data and securing their privacy is incredibly important; it’s an absolutely key part of building trust with your team.
That’s why we’ve embarked on (and completed!) a series of industry-leading security practices to keep your data safe and your mind at ease:
1.) Our emails are secure and all web versions of our emails are authenticated using Single Sign-On (SSO).
Emails sent via external email marketing platforms (like MailChimp, Constant Contact, or Hubspot) are viewable externally, meaning sensitive or confidential company information could fall into the wrong hands. This all happens by default: they create a web version of your email, with a URL that could potentially be viewed or accessed by anyone.
Workshop integrates with Okta, Duo, and other Single Sign-On providers to better ensure that your internal communications stay internal. Our emails are secure and the web versions that are created are fully protected by SSO and only viewable by employees.
2.) We are officially SOC 2 certified!
Workshop has been independently audited for SOC 2 compliance and has recently received a SOC 2 Type 1 report, which is available by request! (SOC 2 is an auditing procedure and certification that shows we securely manage data to protect the interests of our organization and the privacy of our customers.)
A few words from our CTO, Ben Stevinson: “We’re extremely excited to complete our SOC 2 Type I examination. While we’ve always taken comprehensive measures to address security and risk at each stage of our product and process development, passing this external examination is fantastic validation that we’re doing the right things. Our customers can trust that, unlike business-to-consumer marketing products, internal corporate newsletters stay internal.”
3.) Employee data is better secured via Active Directory or HRIS integrations.
For external email marketing platforms (like MailChimp, Constant Contact, or Hubspot), you’ll also have to upload all of your contacts and employee information into their platform via a CSV file. This can be a serious security risk for companies with strict privacy and data requirements, as you’re constantly downloading and uploading private employee data when team members join or leave.
With Workshop, we can automatically integrate with your Active Directory, HR, or payroll data (view all of our integrations here) to ensure that your employee data is always up-to-date, but also securely stored and protected via the IT and human resource systems you currently rely on.
4.) We’ve invested in enterprise-grade infrastructure.
Workshop is fully built on Amazon Web Services and leverages the exceptional security and reliability commitments that Amazon provides. Based on our many years of experience meeting and exceeding enterprise security needs at previous organizations, we’ve specifically chosen AWS to handle our customers’ data. AWS leverages Amazon’s expertise in constructing and operating enterprise data centers, all while maintaining exceptionally robust privacy measures.
5.) Our vendors are fully vetted and employee access is controlled and monitored.
Vendor security controls, data retention, and risk are all fully evaluated by Workshop before any third party solution is implemented. Plus, all employee access to internal systems and tooling is logged and monitored, and our entire team completes annual security training.
You can full a more extensive list of our security procedures, request policy documentation, or ask us any questions you may have here!