Skip to main content
Qualtrics Home page

Security Statement

June 10, 2024


Qualtrics’ most important concern is the protection and reliability of customer data. Our servers are protected by high-end firewall systems, and scans are performed regularly to ensure that vulnerabilities are quickly found and patched. Application penetration tests are performed annually by an independent third-party. Services have quick failover points and redundant hardware, with backups performed daily.

Access to systems is restricted to specific individuals who have a need-to-know such information and who are bound by confidentiality obligations. Access is monitored and audited for compliance.

Qualtrics uses Transport Layer Security (TLS) encryption (also known as HTTPS) for transmitted data. Surveys may be protected with passwords. Our services are hosted by trusted data centers that are independently audited using the industry standard SSAE-18 method.


SOC 2 Type II Certification

Qualtrics obtained a SOC 2 Type II report for the trust principles of Security, Availability, and Confidentiality. The report can be provided via the Trust Center or self-service repository.

ISO 27001, 27017, 27018, and 27701 Certifications

Qualtrics achieved ISO 27001, 27017, 27018, and 27701 certifications. A copy of the certificates can be provided via the Trust Center or self-service repository.

FedRAMP Authorization

Qualtrics is FedRamp Authorized. FedRAMP is the standard of U.S. government security compliance, with over 300 controls based on the highly-regarded NIST 800-53 that requires constant monitoring and periodic independent assessments. More information is found at


Qualtrics has undergone an IRAP Assessment and has been issued an IRAP Audit Report. IRAP has over 700 controls based on the Australian Information Security Manual (ISM). More information is found at


To better support our healthcare customers, Qualtrics achieved the HITRUST certification. The validated report can be provided via the Trust Center or self-service repository.


Qualtrics follows the question catalog of information security of the German Association of the Automotive Industry (VDA ISA). The TISAX (Trusted Information Security Assessment Exchange) Assessments are conducted by the accredited audit providers that demonstrate their qualification at regular intervals. The result is exclusively retrievable over the ENX Portal:

PCI – XM Discover VOC Data Integration Only

To better service customer service centers, the XM Discover Voice of Customer Data Integration is PCI DSS certified to handle call recording that may contain payment card information. The Attestation on Compliance (AOC) can be provided via the Trust Center or self- service repository.

More Information

Qualtrics current and prospective customers may request various security-related documents and questionnaires from our Trust Center.