The security program at Slack protects our organization and your data at every layer
Compliance certifications and attestations
Trust Services Principles
APEC for Processors Certification
Privacy Recognition for Processors (PRP) System
Cloud Security Alliance
Meet specific industry regulations and international security and data privacy standards
Health Insurance Portability and Accountability Act (HIPAA)
Slack can be configured for HIPAA compliance, including electronically protected health information (e-PHI).
Financial Industry Regulatory Authority (FINRA)
Slack is FINRA 17a-4 configurable so your team can collaborate and still meet your compliance requirements.
Federal Risk and Authorization Management Program (FedRAMP)
Slack is FedRAMP Moderate authorized so organizations in the public sector can use our platform in a compliant manner.
GovSlack is not FedRAMP Moderate authorized but is pursuing FedRAMP High and DoD CC SRG IL4 compliance certification.
Trusted Information Security Assessment Exchange
TISAX and TISAX results are not intended for the general public.
Information Security Registered Assessors Program (IRAP)
Slack has been assessed by an independent IRAP assessor against the requirements of the Australian Information Security Manual (ISM). Customers can contact their Slack Account team to request a copy of our IRAP report.
Information System Security Management and Assessment Program (ISMAP)
Slack was assessed for the Information System Security Management and Assessment Program (ISMAP), a Japanese Government program evaluating the security posture of cloud service providers. Slack's registration may be viewed on the ISMAP list of registered services.
Data residency for Slack lets organizations choose the country or region where they want to store their encrypted data at rest.
EU General Data Protection Regulation (GDPR)
Slack is committed to helping users understand their rights and obligations under the General Data Protection Regulation (GDPR). Slack has specific customer tools and processes to ensure compliance with GDPR requirements.