Enterprise-grade security is built into every aspect of how users collaborate and get work done in Slack, without sacrificing usability, so that you can get the most value out of Slack and do your best work.
Slack’s internal security programme
Slack’s industry-leading security programme is based on the concept of defence in depth: securing our organisation – and your data – at every layer. We continue to earn certifications adhering to the most broadly recognised security standards, offer solutions to help you address your compliance requirements and employ rigorous measures at the architectural and operational levels to keep your data safe.
Compliance certifications and regulations
Slack meets and exceeds some of the most broadly recognised security standards and offers solutions to help you address your compliance requirements.
Slack certifications and attestations
Slack supports customers’ compliance with
Security architecture and practices
Slack’s dedicated security team use industry-accepted best practices and frameworks to keep your data safe. Our security approach focuses on security governance, risk management and compliance. This includes encryption at rest and in transit, network security and server hardening, administrative access control, system monitoring, logging and alerting and more.
Slack’s product security features
Slack includes a robust set of security and data protection product features that give you the control, visibility and flexibility that you need to manage all your security challenges, without compromising agility.
Identity and device management
Securing your information starts with identity controls, no matter where your users are located. Slack allows you to manage users and groups, streamline authentication using your identity provider and assign roles and permissions. We give you the solutions to ensure that only the right people and approved devices can access your company’s information in Slack.
Identity and access controls
- SAML-based single sign-on
- Session duration
- Two-factor authentication
- User and group provisioning via SCIM/JIT
- Domain claiming
- Enterprise mobility management (EMM)*
- Secondary authentication*
- Session management
- Block message copy and file download*
- Default browser control*
- Block jailbroken or rooted devices*
- Minimum app version*
Slack encrypts data at rest and data in transit by default as part of our foundational security controls. We also provide tools that give you even further visibility and control.
- Enterprise Key Management (EKM)
- Data loss prevention (DLP)^
- Audit logs API
- Grid workspace discovery
- App and integration management
Every company needs an ongoing strategy to reduce the risk of compromised data, and there’s no one-size-fits-all approach. Slack offers governance and risk-management capabilities that are flexible enough to meet your organisation’s needs, no matter what they are.
- Global retention policies
- Data exports
- Custom terms of service (TOS)
* Mobile feature
^ Third-party solution required (supported by Slack’s Discovery API)
Contact slack.com/contact-sales to learn more.