#1 in Security Leadership
ISO 27001 Certification
The recognised standard for proactive risk management, ISO 27001 ensures information security best practices in asset management, access control, cryptography, and network security.
FedRAMP
The gold standard of U.S. federal security compliance and a requirement for all SaaS providers to government agencies. Qualtrics is the only experience management platform that is FedRAMP Authorised — a requirement for government agencies.
HITRUST
The industry standard for HIPAA security requirements, Qualtrics is the only experience management platform that is Health Information Trust Alliance (HITRUST) certified.
Platform controls at your fingertips
Sensitive data handling
Easily redact and/or restrict the gathering of sensitive data or Personally Identifiable Information (PII) across your organisation.
GDPR One-touch data deletion
Quickly and easily comply with GDPR right to erasure requests. Delete personal data stored in survey responses, tickets, and contacts, regardless of data origination – all with a click of a button.
Your data, your rules
You decide what data you collect, retain, and delete. Frequent data backups to support recovery and all accounts are password protected with available complexity controls.
Single sign-on
Make user management simple with single sign-on authentication.
Auditing and Logging
Monitor user logs and account activity via Control Panel and APIs
Multi-factor authentication
Keep your data secure by enforcing multi-factor authentication for your users.
Platform security & data management
Security Operations Center (SOC)
Our in-house Security Operations Center monitors the confidentiality, integrity, availability and performance of your data with sophisticated intrusion detection systems, performance and health systems, and security event correlation systems.
Physical security controls
Your essential data is always there for you. Perimeter defense and high-end firewall systems are all monitored 24/7 by dedicated security professionals. Quick failover points, redundant hardware, and nightly encrypted backups mean your essential data is always there for you.
Information Security Management System (ISMS)
Our Information Security Management System (ISMS) defines the overall security function at Qualtrics. Our ISMS outlines the roles and responsibilities of al our employees to help protect the confidentiality, integrity, and availability of the platform.
Encryption of data in transit
To protect from attacks, eavesdropping and session hijacking, we encrypt all data in transit using Hypertext Transfer Protocol Secure (HTTPS) and enforces HTTP Strict Transport Security (HSTS).
Incident response plan
We have a thorough, documented plan for how to keep your data safe and secure if something goes wrong.
Always confidential
All data is treated as highly confidential. Our proprietary, industry best-practice methods keep data safe from unauthorised users, even those within your organisation.
SOC 2 data center certification
An independent, up-to-date audit of data center service providers means your data is protected behind the latest technology and the best controls.
Vulnerability Disclosure Policy
We appreciate the security researcher community. If you think you’ve found a vulnerability, see our Vulnerability Disclosure Program for how to report.
Data isolation
We’re the only experience management company that offers an extra level of protection, applying an additional layer of encryption where you can bring your own key.