Security Trust Centre

Start your security review
View & download sensitive information
Search items
ControlK

Overview

Welcome to Culture Amp's Security Trust Centre. Our commitment to data privacy and security is embedded in every part of our business. Use this Security Trust Centre to learn about our security posture and request access to our security documentation.

Compliance

CCPA Logo
CCPA
CSA STAR Logo
CSA STAR
GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
LGPD Logo
LGPD
SOC 2 Logo
SOC 2

Documents

Featured Documents

AIResponsible AI Statement
COMPLIANCEISO 27001 SoA
COMPLIANCEISO 27001
COMPLIANCESOC 2
REPORTSPenetration Test Report
DATA PRIVACYPrivacy Paper

Risk Profile

Third Party DependenceYes
HostingMajor Cloud Provider

Product Security

Audit Logging
Integrations
Product Architecture
View more

Reports

Penetration Test Report

Self-Assessments

CAIQv4.0.3
Other Self-Assessments
VSA Core

Data Security

Access Monitoring
Data Backups
Data Erasure
View more

App Security

Responsible Disclosure
Secure Development Training
Vulnerability & Patch Management
View more

AI

AI Governance
Responsible AI Statement

Legal

SubprocessorsAtlassian-company-logoAmazon-company-logoBugsnag-company-logoBox-company-logoDatadog-company-logo
Cyber Insurance
Privacy Policy
View more

Data Privacy

Privacy Paper

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
Separate Production Environment

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management
View more

Network Security

IDS/IPS
Security Information and Event Management
Virtual Private Cloud

Corporate Security

Employee Training
Incident Response
Penetration Testing

Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
View more

Security Grades

We are constantly monitoring the security of our website. We will post our grades from public security rating agencies when they become available.

Security Trust Centre Updates

Ivanti CVE - Not Impacted

Copy link
Vulnerabilities
January 15, 2025

You may be aware that Ivanti has issued an important security update addressing recently identified vulnerabilities for Ivanti Connect Security, Policy Secure, and Neurons for ZTA Gateways.

Culture Amp does not use Ivanti and is not impacted by this security issue.

Culture Amp Security Documentation not downloadable - 01/08/2024

Copy link
General
August 1, 2024

Hi all, Culture Amps Security Documentation may be temporarily only available in read only format as we tweak some settings with the underlying platform. For anyone performing due dilligence activities, most documentation should be downloadable (if required) hopefully by Monday US-time. The exception to this will be our SOC2 report, which will remain available in read only format indefinitely.

Culture Amp SOC2 Type 2 complete. SOC3 Report available.

Copy link
Compliance
July 21, 2023

Culture Amp SOC2 Type 2 complete. SOC3 Report available for download from our security trust centre.

Citrix ADC and Citrix Gateway

Copy link
Vulnerabilities
July 20, 2023

Culture Amp is not impacted by the Citrix Vulnerabilities (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467).

If you think you may have discovered a vulnerability, please send us a note.
Report issue
Built onSafeBase by Drata Logo