April 23, 2021
OUR SECURITY, BRIEFLY STATED
Qualtrics’ most important concern is the protection and reliability of customer data. Our servers are protected by high-end firewall systems and scans are performed regularly to ensure that any vulnerabilities are quickly found and patched. Application penetration tests are performed annually by an independent third-party. All services have quick failover points and redundant hardware, with backups performed daily.
Access to systems is restricted to specific individuals who have a need-to-know such information and who are bound by confidentiality obligations. Access is monitored and audited for compliance.
Qualtrics uses Transport Layer Security (TLS) encryption (also known as HTTPS) for all transmitted data. Surveys may be protected with passwords. Our services are hosted by trusted data centers that are independently audited using the industry standard SSAE-18 method.
SOC 2 Type II Certification
Qualtrics obtained a SOC 2 Type II report for the trust principles of Security, Availability, and Confidentiality. The report can be provided upon request.
ISO 27001, 27017, and 27018 Certifications
Qualtrics achieved ISO 27001, 27017, and 27018 certifications. A copy of the certificates can be provided by your account executive.
Qualtrics is FedRamp Authorized. FedRAMP is the standard of U.S. government security compliance, with over 300 controls based on the highly-regarded NIST 800-53 that requires constant monitoring and periodic independent assessments. More information is found at https://www.fedramp.gov.
To better support our healthcare customers, Qualtrics achieved the HITRUST certification. The validated report is available upon request to your account executive.
Qualtrics customers may request various security-related documents and questionnaires by contacting their account executive.