Communicate in confidence with enterprise-grade security
Our team is proud to provide leading organizations with a best-in-class product and a serious commitment to security.
SOC 2 Type 2 Report available
Workshop has been independently audited for SOC 2 compliance and has received a SOC 2 Type 2 report.
GDPR
compliant
Workshop is in compliance with GDPR principles. Our DPA is available online here. If you have specific questions, please reach out.
Simple and secure authentication
Workshop integrates with Okta, Duo, and other Single Sign-On providers (available on our Enterprise plan) using SAML.
Our security practices
We're deeply committed to employee privacy and will do everything we can to ensure your data is safe and sound.
Industry best-practice development
Workshop follows industry best-practices with respect to our software development process. Workshop’s software development process follows industry best-practices. Our process includes extensive testing across our application and infrastructure including automated testing with every deploy.
Secure data in-transit and at rest
All in-transit data is secured and encrypted with TLS 1.2 or better and at-rest data is encrypted using AES-256 encryption. All production domains are submitted to the HSTS Preload list which is included in browsers to require encryption on all endpoints.
Automated backups
All production information is continuously backed up to encrypted storage on AWS. Workshop has the ability to revert back to specific points in time along a stream of database changes.
Internal security best-practices
All employees undergo security awareness training, use SSO and MFA for all internal tools, and use centrally managed and fully encrypted devices.
Fully tested and reviewed code
All changes to our production code require peer review before being merged. Code changes must pass comprehensive automated testing including OWASP Top 10 scanning, vulnerability scanning, and dependency scanning.
Vetted vendors
Workshop takes reasonable measures to select and engage with third party vendors. Vendor security controls, data retention, and risk are evaluated by Workshop before third party solutions are implemented.
Proactive vulnerability alerts
Security and vulnerability issues in production environments and software dependencies are proactively alerted upon and addressed as soon as possible.
Environment access control
All engineers are required to use multi-factor authentication (MFA) for development. Production environments and data are segregated from those of development. Production customer data is not utilized on Workshop staging and testing environments.
More on Workshop security
Interested in taking a deeper dive into Workshop’s security practices and philosophy? Fill out the form below to request our security policies and SOC 2 report.
