Qualtrics Security and Compliance
Security proven at the world’s highest standards
When the U.S. government and the world’s strictest regulators trust Qualtrics with their most sensitive AI initiatives, it sets the benchmark. Those same foundations now safeguard your customer experiences and business-critical data, so you can run your programs with confidence knowing they are protected by the highest standards anywhere.
Proven at the strictest global and federal security levels,
trusted across every industry
trusted across every industry
ISO 27001 & 42001 CERTIFICATIONS
ISO 27001 proves your data is managed with rigorous global security practices, while ISO 42001 (the world’s first standard for AI systems) validates responsible AI governance. Together, they give you the assurance that your programs run on a platform certified to the toughest international standards.
FEDRAMP HIGH
FedRAMP High is the U.S. government’s highest bar for cloud security. Achieving this authorization means the same protections trusted to safeguard sensitive federal workloads are now available to every organization running on Qualtrics.
HITRUST
HITRUST certification ensures that Qualtrics meets the most rigorous requirements for healthcare and beyond. It integrates HIPAA and other critical standards, giving you confidence that sensitive data is protected across regulated industries.
SOC 2 TYPE 2 CERTIFICATION
SOC 2 Type 2 validates that Qualtrics operates with continuous, independent oversight of security, availability, and confidentiality. For you, it means every interaction is backed by a platform designed to protect business-critical data every day.
Platform controls at your fingertips
Sensitive data controls
Easily redact and/or restrict the gathering of sensitive data or Personally Identifiable Information (PII) across your organization.
GDPR controls
Quickly and easily comply with GDPR right to erasure requests. Delete personal data stored in survey responses, tickets, and contacts, regardless of data origination – all with a click of a button.
Your data, your rules
You decide what data you collect, retain, and delete. Frequent data backups to support recovery and all accounts are password protected with available complexity controls.
User Access Controls
Make user management simple with single sign-on authentication. Add an additional security layer by enforcing multi-factor authentication for your users.
Project approval controls
Control the quality and content of your studies with project controls. Implement a workflow that mirrors your processes.
Admin Reports
Get visibility into your users and data with admin reports which highlight user engagement, activity, consumption, department-specific usage, and more.
Platform security & data management
Security Operations Center (SOC)
Our in-house Security Operations Center monitors the confidentiality, integrity, availability and performance of your data with sophisticated intrusion detection systems, performance and health systems, and security event correlation systems.
Encryption of data in transit
To protect from attacks, eavesdropping and session hijacking, we encrypt all data in transit using Hypertext Transfer Protocol Secure (HTTPS) and enforces HTTP Strict Transport Security (HSTS).
Information Security Management System (ISMS)
Our Information Security Management System (ISMS) defines the overall security function at Qualtrics. Our ISMS outlines the roles and responsibilities of all our employees to help protect the confidentiality, integrity, and availability of the platform.
Incident response plan
We have a thorough, documented plan for how to keep your data safe and secure if something goes wrong.
Always confidential
All data is treated as highly confidential. Our proprietary, industry best-practice methods keep data safe from unauthorized users, even those within your organization.
SOC 2 data center certification
An independent, up-to-date audit of data center service providers means your data is protected behind the latest technology and the best controls.
Physical security controls
Your essential data is always there for you. Perimeter defense and high-end firewall systems are all monitored 24/7 by dedicated security professionals. Quick failover points, redundant hardware, and nightly encrypted backups mean your essential data is always there for you.
Vulnerability Disclosure Policy
We appreciate the security researcher community. If you think you’ve found a vulnerability, see our Vulnerability Disclosure Program for how to report.
Learn MoreData isolation
We’re the only experience management company that offers an extra level of protection, applying an additional layer of encryption where you can bring your own key.