INFORMATION SECURITY

Your survey data is your business. Keeping it secure is ours.

Information security is at the heart of your business. Qualtrics helps the world’s biggest
brands gather critical first-person data about customers, employees, and partners.
Our information security practices combine best-in-class cloud technology with superior
business processes. We obsess about enterprise security so you don’t have to.

Request demo

Closing Your Data Gaps

Your risks

You don’t know when employees are gathering sensitive information or how it’s being used.

Flight risk data gathered in personal accounts leaves with the account owner.

Individual accounts don’t follow company standards for branding or security.

Decentralized accounts can’t coordinate, so you risk bad methods, lost data, and angry customers.

Ad hoc survey tools can expose critical company data to unauthorized users.

Your Response

With Qualtrics, company managers can monitor usage and grant or revoke access at any time.

It’s yours with Qualtrics, you always see, own, and retain your sensitive business data.

You control which templates, images, and messages are sent from a central library.

Managers approve projects and methods, provide questions and disclosures, and manage customer contacts.

Role-based dashboards provide access and anonymity thresholds for sensitive data.

Qualtrics: Closing Your Data Gaps

Your risks

You don’t know when employees are gathering business information or how it’s being used.

Your response

With Qualtrics, company managers can monitor usage and grant or revoke access at any time.

Your risks

Data gathered in personal accounts leaves with the account owner.

Your response

With Qualtrics, you always see, own, and retain your business data.

Your risks

Individual accounts don’t follow standards for branding or security.

Your response

You control which templates, images, and messages are sent from a central library.

Your risks

Decentralized accounts can’t coordinate, so you risk bad methods, lost data, and angry customers.

Your response

Managers approve projects and methods, provide questions and disclosures, and manage customer contacts.

Your risks

Ad hoc survey tools can expose critical company data to unauthorized users.

Your response

Role-based dashboards provide access and anonymity thresholds for sensitive data.

Data Storage

Data sovereignty with data centers in the U.S., Canada, APAC, and EU // Data isolation available

SURVEY GOVERNANCE

Approval process // Compliant language
Approved methods // Contact management

SINGLE SIGN ON (SSO)

Auditable access // Prevent account sharing
Automatic self-enrollment // Disable ex-employees

Corporate oversight

Track number, user identity, and usage of accounts

Access Controls

Control for confidential data // Anonymity thresholds // Role-based dashboard access

Data Ownership

Ability to revoke access // Company always controls sensitive data

FEDRAMP

2017 target for highest U.S. data security standard

Brand Control

Brand-approved templates, images, language

Legal Review

Data protection agreement // Service-Level Agreement // Negotiated liability

Advanced security for the world’s most advanced experience management platform

FEDRAMP – IN PROCESS (2017 TARGET)

The highest U.S. data security standard available. Trusted and managed by the CIOs of the government’s most sophisticated data agencies.

DEDICATED DATA CENTERS

All data hosted by trusted third party data centers audited with SSAE-16 SOC 1 Type 2 method.

DEDICATED 24/7/365 SECURITY OPERATIONS CENTER

Qualtrics employees staff a permanent security operations center with round-the-clock monitoring and security engineering.

AVAILABLE DATA ISOLATION

For clients that demand advanced data encryption at rest, the Qualtrics Data Isolation feature uses AES-256 crypto.

The controls you need today, and the ones you’ll demand tomorrow

  • Email Security (SMTP Server Setup, DKIM)
  • Data encryption in transit
  • SOC 2 data center certification
  • Local and offsite data redundancy
  • 3rd-Party Scans
  • Continuous network monitoring
  • Single Sign On (SSO)
  • Privacy Shield
  • Managed security services
  • In-house security operations center
  • Active session management
  • Users can opt-out of recontact for a survey
  • Control password parameters and expirations
  • Role-based authentication
  • Data sovereignty: U.S., Canada, APAC, EU
  • Available data isolation
  • Web Application Firewall
  • HITRUST self assessed
  • IP whitelisting
  • HIPAA Self Certified