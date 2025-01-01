Meet global standards for privacy and security
Slack adheres to GDPR, CCPA and other privacy and security regulations. We also have policies and controls to help you to manage security threats, keep your data safe and meet your compliance obligations.
Do you need help finding the information that you need to complete your security or privacy questionnaire? We’ve organised our compliance resources so that you can demonstrate Slack’s ability to meet your organisation's requirements.Read our white paper on compliance
Read our transfer impact assessment
Compliance certifications and attestations
ISO/IEC 42001
Information technology – Artificial intelligence – Management system
SOC 2
(Type Ⅱ)
Trust Services Principles
GovSlack SOC 2
(Type Ⅱ)
Trust Services Principles
Global PRP Certification*
Global privacy recognition for processors minimum requirements
Global CBPR Certification*
Global cross-border privacy rules minimum requirements
Meet specific industry regulations and international security and data privacy standards
Health Insurance Portability and Accountability Act (HIPAA)
Slack can be configured for HIPAA compliance, including electronically protected health information (e-PHI).
Financial Industry Regulatory Authority (FINRA)
Slack is FINRA 17a-4 configurable so your team can collaborate and still meet your compliance requirements.
Federal Risk and Authorization Management Program (FedRAMP)
Slack is FedRAMP Moderate authorised to meet the compliance needs of organisations in the US public sector.
GovSlack is FedRAMP JAB High authorised and is also pursing DoD CC SRG IL4 compliance.
View our Moderate authorisation
Federal Education Rights and Privacy Act (FERPA)
Slack supports its educational customers and their unique compliance responsibilities.
Trusted Information Security Assessment Exchange
Scope-ID SHYV0T
Assessment-ID AMHN37
TISAX and TISAX results are not intended for the general public.
Information Security Registered Assessors Program (IRAP)
Slack has been assessed by an independent IRAP assessor against the requirements of the Australian Information Security Manual (ISM). Customers can contact their Slack account team to request a copy of our IRAP report.
ISMAP
Information System Security Management and Assessment Program (ISMAP)
Slack was assessed for the Information System Security Management and Assessment Program (ISMAP), a Japanese government programme evaluating the security posture of cloud service providers. Slack's registration can be viewed on the ISMAP list of registered services.
C5
Cloud Computing Compliance Criteria Catalogue (C5)
Slack completed its attestation for the Cloud Computing Compliance Criteria Catalogue (C5), a standard created by the Federal Office for Information Security (BSI) in Germany. Customers can contact their Slack account team to request a copy of the C5 report.
South Korea Cloud Service Providers (CSP) Safety Assessment
Slack completed its evaluation for the Cloud Service Providers (CSP) Safety Assessment, a programme performed by the Korean Financial Security Institute (K-FSI) to ensure that CSPs comply with a defined set of cybersecurity standards managed by the Regulation on Supervision of Electronic Financial Transactions (RSEFT) programme.
Frequently asked questions
We are committed to helping our customers and users to understand and, where applicable, comply with the General Data Protection Regulation (GDPR). For more information, please see our commitment page.
The GDPR does not require EU data to reside in the European Union. Slack’s Data processing agreement and the EU Model Clauses will continue to ensure compliance for EU personal data transfers outside of the EU.
We’re committed to helping Slack customers and users to understand and exercise their rights under the California Consumer Privacy Act (CCPA). On this page, we clarify Slack’s role and obligations under the CCPA and provide additional information to help our customers to meet their compliance needs.
Slack offers data processing addenda that supplement the customer terms of service or any MSA.
This page provides important information about the identity, location and role of Slack Subprocessors.
Slack’s Modern Slavery Statement can be found here
Yes, you can make this request using our Privacy and security form