Workplace Meets ISO 27001 Security Standard


Workplace by Facebook continues to put security at the heart of everything we do.

Workplace takes security very seriously. Every decision we make involves understanding how a new product or process could affect information privacy and security. And now, Workplace is certified to the ISO 27001 standard. Here’s how we achieved it.

ISO27001:2013 is one of the most well-regarded and accepted standards for the security of enterprise software. The International Organization for Standardization (ISO) is an independent, non-governmental international organization. They bring together experts to share knowledge and develop consensus-based international standards.

How we achieved certification

Our ISO27001 certification comes after an extensive audit of Facebook’s Information Security Program. An independent auditing firm validated the design and operational effectiveness of Workplace’s security management program. They also assessed the underlying information security management system (ISMS) implemented for the functioning of this Information security Program for Workplace. ISMS is a system we implemented through technical controls, security practices and processes including:

“Earning the ISO 27001 certification demonstrates our commitment to protecting Workplace customer data.”

  1. Facebook’s infrastructure and associated systems
  2. Software design and development practices including Product design and development, engineering and security
  3. Physical locations e.g. Data Centers, PoP Sites and Facebook offices
  4. Customer service management processes
  5. Security and Risk Management policies, procedures, and requirements aligned with Workplace’s business objectives and internal requirements

Alex Stamos, Chief Security Officer at Facebook says: “Security is a top priority for Workplace. Earning the ISO 27001 certification demonstrates our commitment to protecting Workplace customer data. We’re proud of this milestone and look forward to continuing to help make businesses more connected and productive.”

What does this mean for you?

The ISO/IEC 27000 family of standards help organizations keep information assets secure. The 27001 standard is the best-known for establishing, implementing, maintaining and improving an ISMS. It ensures the confidentiality, integrity, and availability of information that organizations control and process. And it applies a risk management process which means organizations can manage risk.

This certification demonstrates that our Information Security Program complies with international best practices. It shows our commitment to protecting your information. And it reinforces our focus on maintaining industry-leading security programs and practices.

Other Security features

Data controls
As a Workplace Premium customer, your organization owns and manages your information. Your System Administrators can modify, delete, or export your information at any time. We also provide industry standard APIs so you can monitor real-time activity on your instance and export content. You can find all the relevant documents here.

Security controls and hosting operations
ISO is only one of the security standards we adhere to. You can see our industry-standard SOC3 report here. We’re happy to share our SOC2 report with Workplace Premium customers as well. We also follow the data privacy practices of the EU/US Privacy shield. You can find more about that in our FAQs.

Workplace is separate from Facebook
Your Workplace account is separate from your personal Facebook account. You’ll never see a post made on one platform appear in the other. Login credentials are also separate. You can manage login administration centrally and add single-sign-on and automatic user management.

Workplace has industry-leading security controls and hosting operations
We host Workplace on Facebook’s global infrastructure. It’s engineered with a target recovery time objective (RTO) of zero, and a target recovery point objective (RPO) of zero.

To find out more about the levels of security you can expect from Workplace take a look at the website. And if you’d like to have a chat about how Workplace can help you securely transform the way you work, just get in touch.