Our Security
Securing our customer’s information is our top priority. We believe that great privacy rests on great security.
We use technical, contractual, and operational safeguards to protect your data, taking into account the nature of the personal data, and the threats posed. We are constantly working to improve on these safeguards to help keep our customer’s personal data secure.
-
Confidentiality
WalkMe utilizes best-of-breed authentication, encryption, access control systems and configurations to protect against unauthorised access.
-
Integrity
At WalkMe we verify that all information remains intact, and ensure it is kept in its original accurate and complete form. We monitor checks and control data integrity across the data’s entire lifecycle.
We support Subresource Integrity (SRI) to ensure that even data resources hosted on third-party servers have not been tampered with. -
Availability and Performance
WalkMe ensures content, at any scale and capacity, is resilient to all changes that may occur, and is being delivered at speed and accessible to the end user seamlessly at any time, anywhere on the globe.
Your Privacy
Your Data. Your choice.
You choose what level of data will be collected - and corresponding controls.
-
Data Residency
Data is stored and accessed according to all legal jurisdictional considerations. WalkMe allows you to specify which of our geographic locations your data will be stored at.
-
Data Protection
WalkMe encrypts everything, including any type of data, whether in rest or in transit. Following encryption best practices based on NIST and FISMA (CISA) standards.
-
Data Retention
WalkMe is transparent about the data in use and allows customers to take full control of information collected. Analytics data can be deleted or anonymized by request. Requests to delete or anonymize analytics data are handled automatically in 90 days.
-
Data Processing Addendum (DPA)
WalkMe Follows the Court of Justice of the European Union (CJEU) validated Standard Contractual Clauses (SCCs), as a mechanism for transferring data outside the European Union. Our customers can continue to rely on the SCCs and the WalkMe Data Processing Addendum if they choose to transfer their data outside the European Union in compliance with GDPR.
-
Data Residency
Data is stored and accessed according to all legal jurisdictional considerations. WalkMe allows you to specify which of our geographic locations your data will be stored at.
-
Data Protection
WalkMe encrypts everything, including any type of data, whether in rest or in transit. Following encryption best practices based on NIST and FISMA (CISA) standards.
-
Data Retention
WalkMe is transparent about the data in use and allows customers to take full control of information collected. Analytics data can be deleted or anonymized by request. Requests to delete or anonymize analytics data are handled automatically in 90 days.
-
Data Processing Addendum (DPA)
WalkMe Follows the Court of Justice of the European Union (CJEU) validated Standard Contractual Clauses (SCCs), as a mechanism for transferring data outside the European Union. Our customers can continue to rely on the SCCs and the WalkMe Data Processing Addendum if they choose to transfer their data outside the European Union in compliance with GDPR.
Global Compliance
WalkMe maintains extensive compliance standards aligned with industry best practices, regulatory, federal/state rulings, international/regional laws, and industry-specific requirements.
WalkMe adheres to the most extensive data privacy standards set by global regulations.
-
Certifications and Attestations
WalkMe attained compliance certifications and attestations (listed below) assessed by third- parties and independent auditors.
-
Laws and Regulations (GDPR, CCPA)
WalkMe is committed to comply with global laws and regulations, including EU- GDPR as a data processor, and US- CCPA, as Service Provider, in the provision of WalkMe’s services to its customers.
-
Alignments and Frameworks
WalkMe follows compliance alignments and frameworks' requirements for specific purposes or industries, such as NIST, CSA, GxP (FDA CFR 21 Part 11) or MPAA.
-
FedRAMP-Ready
WalkMe achieved FedRAMP- Ready approval from the US federal government after passing standardized security assessments, authorization, and monitoring procedures. WalkMe is available on the FedRAMP Marketplace.
Report an issue
WalkMe continuously monitors the threat landscape, resolving incidents and applying changes to ensure the highest levels of security protection across all products and services.
-
Privacy Reporting
WalkMe meets privacy-policy and practices by ISO 27701. If you have found a security issue, please contact the WalkMe Privacy Team: privacy@walkme.com
-
Security Reporting
WalkMe takes security issues seriously and is committed to protecting our customers’ data. If you have found a security issue, please contact the WalkMe Security Team: security@walkme.com
-
Bug Bounty Program
To improve our security perimeters, WalkMe invites individual security researchers to help us find security vulnerabilities. Reach out: Bug Bounty Program.
Certifications and attestations
-
FedRAMP-Ready Approval
Available on FedRAMP Marketplace
Available upon request -
-
-
-
-
-
-
ISO/IEC 20243:2018 (O-TTPS)
Mitigating maliciously tainted and counterfeit products (Supply Chain security management)
Download Certificate -
SOC 2 Type II 5 Trust TSCs
Security, Availability, Processing Integrity, Confidentiality, and Privacy.
Available for WalkMe customers -
-
-
-
Health Insurance Portability & Accountability Act (HIPAA)
Third-party attestation for HIPAA-compliance.
BAAs available upon request -
GxP
Good Clinical, Laboratory, and Manufacturing Practices
-
Motion Picture Association of America (MPAA)
Content security best practices frameworks guidelines
-
-
Shared Assessments Standardized Information Gathering (SIG)
Biennial Self-Assessment Questionnaire
Download SIG Questionnaire -
McAfee CloudTrust (Formerly Skyhigh) Enterprise-Ready
Third-party cloud application validation
View Rating -
Amazon Web Services (AWS) Advanced Technology Partner
Member of the APN (Amazon Partner Network)
Learn about our Partnership -
FIPS 140-2
Validated cryptographic modules
-
CyberGRX
Third party risk management
Available upon request
-
FedRAMP-Ready Approval
Available on FedRAMP Marketplace
Available upon request -
-
-
-
-
-
-
ISO/IEC 20243:2018 (O-TTPS)
Mitigating maliciously tainted and counterfeit products (Supply Chain security management)
Download Certificate