Enterprise-grade security at Slack

Trust Slack to keep your data secure and meet your compliance requirements.

Enterprise-grade security is built into every aspect of how users collaborate and get work done in Slack, without sacrificing usability so that you can get the most value out of Slack and do your best work.

Trusted by:

Ameritrade logoNikkei logoRoche logo

Slack’s Internal Security Program

Slack’s industry-leading security program is based on the concept of defense in depth: securing our organization-and your data-at every layer. We continue to earn certifications adhering to the most broadly recognized security standards, offer solutions to help you address your compliance requirements, and employ rigorous measures at the architectural and operational levels to keep your data safe.

Compliance certifications and regulations

Slack meets and exceeds some of the most broadly recognized security standards and offers solutions to help you address your compliance requirements.

Slack certifications and attestations 

ISO/IEC 27001 logoISO IEC 27017ISO IEC 27018 logoAICPA SOC 2 logoAICPA SOC 3 logoCloud Security Alliance logoFedRAMP Moderate logo

Slack supports customers’ compliance with 

HIPPA logoFINRA compliant logoGDPR logoData Residency logo

Security architecture and practices

Slack’s dedicated security team uses industry-accepted best practices and frameworks to keep your data safe. Our security approach focuses on security governance, risk management, and compliance. This includes encryption at rest and in transit, network security and server hardening, administrative access control, system monitoring, logging and alerting, and more.

Slack’s Product Security Features

Slack includes a robust set of security and data protection product features that give you the control, visibility, and flexibility you need to manage all your security challenges, without compromising agility.

Identity and device management

Securing your information starts with identity controls, no matter where your users are located. Slack allows you to manage users and groups, streamline authentication using your identity provider, and assign roles and permissions. We give you the solutions to ensure that only the right people and approved devices can access your company’s information in Slack.

Identity and access controls

  • SAML-based single sign-on
  • Session duration
  • Two-factor authentication
  • User and group provisioning via SCIM/JIT
  • Domain claiming

Device management 

  • Enterprise Mobility Management (EMM)*
  • Secondary authentication*
  • Session management
  • Block message copy and file download*
  • Default browser control*
  • Block jailbroken or rooted devices*
  • Minimum app version*

Data protection 

By default, Slack encrypts data at rest and data in transit as part of our foundational security controls. We also provide tools that give you even further visibility and control.

Information governance 

Every company needs an ongoing strategy to reduce the risk of compromised data, and there’s no one-size-fits-all approach. Slack offers governance and risk-management capabilities that are flexible enough to meet your organization’s needs, no matter what they are.

  • Global retention policies
  • eDiscovery^
  • Data exports
  • Custom terms of service (TOS)

 

 

* Mobile feature
^ Third-party solution required (supported by Slack’s Discovery API)

Contact slack.com/contact-sales to learn more.

Was this resource useful?

0/600

Awesome!

Thanks so much for your feedback!

Got it!

Thanks for your feedback.

Oops! We're having trouble. Please try again later!

Related Resources