Nearly one million employees around the globe rely on the Staffbase platform every day to securely communicate within their company. Our customers have a wide variety of security and privacy needs, with many coming from the most highly regulated and security-sensitive industries in the world. With this in mind, security is of utmost importance to our platform and vision.
At Staffbase, our strong foundation of product features and provider processes ensures industry-leading protection across the board.
Our best-in-class infrastructure protects customer data throughout its entire lifecycle in the platform. A powerful suite of customizable settings and tools also afford our customers the autonomy to further define their own security and privacy parameters.
We strongly believe that security shouldn’t be a second thought. With Staffbase’s enterprise-ready support, all of our customers can fully depend on a safe and reliable platform suited to their needs and concerns.
Last updated: January 2022
ISO 27001 is the de facto international standard for information security management. In 2018 Staffbase established an Information Security Management System (ISMS), which has been ISO 27001 certified the same year. Staffbase annually renews the certification through an ongoing auditing process. The most recent certificate can be found here.
As part of the Staffbase ISO 27001 certification, Staffbase routinely conducts risk assessments, and then prepares risk treatment plans to mitigate any identified risks so that we continuously improve our security controls. The Staffbase Security team is continually improving the suitability, adequacy and effectiveness of the ISMS.
Additionally, the Employee Email product and Canadian offices have been independently audited for SOC 2 compliance and have received a SOC 2 Type 2 report that underscores the commitments to security, availability, processing integrity, confidentiality, and privacy. The report is available on request.
We understand that hosting locations are important for our customers and their compliance requirements. As a result, Staffbase customers can choose between EU hosting or US hosting for the services.
In order to ensure a high level of security within Staffbase Services, our customers can customize settings and access privileges and roles depending on their individual needs. Some of the features below depend on the exact plan selected by our customers.
With its roots in Germany and the EU, Staffbase has put privacy and data protection at the core of how we have developed our products, services, and our internal governance.
Germany has some of the strictest data privacy laws in the world, and we bring our experience in Germany into the way we develop and build employee communications.