Your Workplace, your data
With Workplace, you always own your data. So you can feel secure in knowing that we’ll respect your privacy while keeping it safe. Download our security guides to learn more about how we protect your data.
Workplace is certified for the highest security standards
Our security foundation is based on the highest industry standards, compliance and regulatory requirements. At Workplace, we keep one step ahead by preparing for constantly-evolving security challenges, and our safety practices are regularly audited by independent third-parties.
Is Workplace data separate from Meta?
The great news is that Workplace benefits from Meta’s world-class security, infrastructure, features and technical innovation - so your company can experience the best of both worlds.
We don’t show third-party advertising to your users on Workplace. We also don’t use your data to provide or target ads to your users, or to personalize your users’ experience on their personal Facebook accounts.
How does Workplace process my data?
We process your data to give you the best possible experience on Workplace, such as generating your News Feed, highlighting what's important and creating insight reports. Your content is never shared between your Workplace and personal Facebook account.
Where does Workplace store my data?
Workplace is designed to stay up and running no matter what, thanks to our globally distributed infrastructure. While we look after your data, it belongs to you, so you can modify, delete or export it any time.
Workplace tools keep communities safe and their information secure
We use enterprise-grade protection mechanisms to keep your content safe.
- Third Party Data Loss Prevention (DLP) integrations
- Encryption in transit
- MDM controls via AppConfig
- Native mobile security admin controls
- Integrated video rights management
- Malicious file and link detection
- Vulnerability management and incident response
We make it easy to get the right people onto your Workplace – while keeping everyone else out.
- Single sign-on and automated provisioning
- Secure identities for email-less staff including two-factor authentication
- Enterprise device management
- Domain verification and claiming
Workplace is designed to stay up and running, no matter what, thanks to our globally distributed infrastructure.
- Physical security safeguards for our data centres and offices
- Mitigate against denial of service attacks or local disasters
- Advanced threat intelligence and automated detection using machine learning
- 24/7/365 monitoring by dedicated teams
Our tools will help you manage your community and create a great work environment.
- Custom user terms of service
- Native content reporting and review
- Off-the-clock access controls for hourly staff
- Audit logs and API support for retention and eDiscovery
Workplace from Meta takes a risk-informed approach that uses deep defense-in-depth investments and compensating security measures to protect your sensitive business information.
- Transport Layer Security (TLS) to encrypt all user interactions in transit
- Sensitive network traffic encrypted between data centers
- Key-based encryption to prevent unauthorized interception
- Content Delivery Network (CDN) infrastructure encrypted-at-rest
Download our certifications and reports
Workplace meets the ISO27001 security standard. Our ISO 27001 certification demonstrates security best practice and provides an independent validation of the design and operational effectiveness of our security management program and information security management system.
Workplace is certified to ISO 27018 security standard, a privacy focused international standard that builds on information security management systems. It indicates conformance with commonly accepted control objectives, controls and guidelines for public cloud service providers to protect Personally Identifiable Information (PII) housed on their services.
SOC 2 is an extensive independent audit of how we host and operate Workplace. It is performed annually by third-party auditors and covers everything from how we secure and protect the application and our data centers, to how we verify the identity and background of our employees. The report can be downloaded by Workplace customers from within the Admin Panel. Navigate to ‘Security’, then ‘More’, then ‘Certifications’. The report is also available upon request, subject to an NDA.
Workplace is GDPR compliant. We have a Data Processing Addendum in the agreement to offer the data processing protections of the General Data Protection Regulation (GDPR) to all of our customers. The commitments we make under the Data Processing Addendum apply to all customers and we do not differentiate between EU users and those in other territories.
We publish regular reports to give our community visibility into how we enforce our policies, respond to data requests and protect intellectual property, while also monitoring dynamics that limit access to Meta technologies.
As part of our ongoing effort to share more information about the requests we receive from governments around the world, Meta regularly produces this report on government requests for user data to provide information on the nature and extent of these requests, as well as the strict policies and processes we have in place to handle them.
Workplace requires users to pass our security review process. All apps that use one or more medium- or high-sensitivity permissions have to undergo a security review, which is required before your app can be used by any Workplace customer and will also be required annually. The report can be downloaded by Workplace customers from within the Admin Panel. Navigate to ‘Security’, then ‘More’, then ‘Certifications’. The report is also available upon request, subject to an NDA.
Big and small companies trust us with their data
Sign up for Workplace updates
Connect with Workplace and get the latest news and insights from the frontline of work.