Over 2000 businesses and over one million of their employees around the globe rely on the Staffbase platform and products every day to securely communicate within their company. Our customers have a wide variety of security and privacy needs, with many coming from the most highly regulated and security-sensitive industries in the world. With this in mind, security is of utmost importance to our platform and vision.
At Staffbase, our strong foundation of product features and provider processes ensures industry-leading protection across the board.
Our best-in-class infrastructure protects customer data throughout its entire lifecycle in the platform. A powerful suite of customizable settings and tools also afford our customers the autonomy to further define their own security and privacy parameters.
We strongly believe that security shouldn’t be a second thought. With Staffbase’s enterprise-ready support, all of our customers can fully depend on a safe and reliable platform suited to their needs and concerns.
As of March 2023
If you have any security vulnerabilities to report on Staffbase-owned systems or products, please forward them to email@example.com. Currently, critical vulnerabilities with CVSS ratings >= 9.0 are eligible for bounty awards.
ISO 27001 is the de facto international standard for information security management. In 2018 Staffbase established an Information Security Management System (ISMS), which has been ISO 27001 certified the same year. Staffbase annually renews the certification through an ongoing auditing process. The most recent certificate can be found here, which outlines the scope of our ISMS.
As part of the Staffbase ISO 27001 certification, Staffbase routinely conducts risk assessments and prepares risk treatment plans to mitigate any identified risks. This way we continuously improve our security controls. The Staffbase Security team is also continually improving the suitability, adequacy and effectiveness of the ISMS.
Additionally, the Employee Email product and Canadian offices have been independently audited for SOC 2 compliance and have received a SOC 2 Type 2 report that underscores the commitments to security, availability, and confidentiality. The report is available on request. The Staffbase Security team is working on expanding the SOC 2 report to cover the entire Staffbase Group.
The report is available on request under mNDA.
We understand that hosting locations are important for our customers and their compliance requirements. As a result, Staffbase customers can choose between EU hosting or US hosting for the services. More information on our providers can be found at our subprocessor page .
Our Secure Development Lifecycle (SDLC) describes the processes and tools used in software development & operations to enhance security. The processes and tools are aligned with industry best-practices and related frameworks
With its roots in Germany and the EU, Staffbase has put privacy and data protection at the core of how we have developed our products, services, and our internal governance. Germany has some of the strictest data privacy laws in the world, and we bring our experience in Germany into the way we develop and build employee communications.