Security Trust Centre

Start your security review
View & download sensitive information
ControlK

Overview

Welcome to Culture Amp's Security Trust Centre. Our commitment to data privacy and security is embedded in every part of our business. Use this Security Trust Centre to learn about our security posture and request access to our security documentation.

Compliance

CCPA Logo
CCPA
CSA STAR Logo
CSA STAR
GDPR Logo
GDPR
ISO/IEC 27001 Logo
ISO/IEC 27001
ISO/IEC 27001 SoA Logo
ISO/IEC 27001 SoA
LGPD Logo
LGPD
SOC 2 Logo
SOC 2
ISO/IEC 42001:2023 Logo
ISO/IEC 42001:2023

Documents

Featured Documents

REPORTSPenetration Test Report
COMPLIANCEISO/IEC 27001
COMPLIANCEISO/IEC 27001 SoA
COMPLIANCESOC 2
AIAI Governance & Compliance FAQs
DATA PRIVACYTransfer Impact Assessment Whitepaper

Risk Profile

Third Party DependenceYes
HostingMajor Cloud Provider

Product Security

Architecture Diagram
Audit Logging
Integrations
View more

Reports

Penetration Test Report

Self-Assessments

CAIQv4.0.3
Other Self-Assessments

Data Security

Access Monitoring
Data Backups
Data Erasure
View more

App Security

Responsible Disclosure
Secure Development Training
Vulnerability & Patch Management
View more

AI

AI - CSA Trustworthy Pledge
AI Governance
AI Governance & Compliance FAQs

Legal

SubprocessorsAtlassian-company-logoAmazon-company-logoBugsnag-company-logoBox-company-logoDatadog-company-logo
Cyber Insurance
Privacy Policy
View more

Data Privacy

Transfer Impact Assessment Whitepaper
IRAP

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
Separate Production Environment

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management
View more

Network Security

IDS/IPS
Security Information and Event Management
Virtual Private Cloud

Corporate Security

Employee Training
Incident Response
Penetration Testing

Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
View more

Security Grades

We are constantly monitoring the security of our website. We will post our grades from public security rating agencies when they become available.

Security Trust Centre Updates

React Server Components (CVE-2025-55182) Vulnerability - Not Impacted

Copy link
Vulnerabilities

You may be aware of the critical vulnerability (CVE-2025-55182) within the React Server Components Framework that was published on December 3rd, 2025.

Culture Amp confirms that our infrastructure is not impacted by this security issue. We do not utilise the vulnerable React Server Components (RSC) functionality or affected packages.

Ivanti CVE - Not Impacted

Copy link
Vulnerabilities

You may be aware that Ivanti has issued an important security update addressing recently identified vulnerabilities for Ivanti Connect Security, Policy Secure, and Neurons for ZTA Gateways.

Culture Amp does not use Ivanti and is not impacted by this security issue.

Culture Amp Security Documentation not downloadable - 01/08/2024

Copy link
General

Hi all, Culture Amps Security Documentation may be temporarily only available in read only format as we tweak some settings with the underlying platform. For anyone performing due dilligence activities, most documentation should be downloadable (if required) hopefully by Monday US-time.
The exception to this will be our SOC2 report, which will remain available in read only format indefinitely.

Culture Amp SOC2 Type 2 complete. SOC3 Report available.

Copy link
Compliance

Culture Amp SOC2 Type 2 complete. SOC3 Report available for download from our security trust centre.

Citrix ADC and Citrix Gateway

Copy link
Vulnerabilities

Culture Amp is not impacted by the Citrix Vulnerabilities (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467).

If you think you may have discovered a vulnerability, please send us a note.
Report issue
Built onSafeBase by Drata Logo