Skip to main content
Qualtrics Home page

Qualtrics Security and Compliance

Ultimate data protection

The Qualtrics Experience Management Platform™ isn’t just trusted by 80% of the Fortune 100 to provide breakthrough insights that drive growth — it’s also trusted because it gives them unrivalled protection of their customer and employee data. Check out our security, reliability and compliance policies and accreditations to see for yourself.

Industry leader in security

ISO 27001 CERTIFICATION

The recognized standard for proactive risk management, ISO 27001 ensures information security best practices in asset management, access control, cryptography, and network security.

Learn More

FEDRAMP

The gold standard of U.S. federal security compliance, FedRAMP provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

Learn More

HITRUST

The industry standard for HIPAA security requirements, Qualtrics is the only experience management platform that is Health Information Trust Alliance (HITRUST) certified.

Learn More

SOC2 TYPE 2 CERTIFICATION

The widely recognized standard for a comprehensive security program, Qualtrics has achieved SOC2 Type 2 certification with the security, availability, and confidentiality trust principles.

Platform controls at your fingertips

Sensitive data controls

Easily redact and/or restrict the gathering of sensitive data or Personally Identifiable Information (PII) across your organization.

GDPR controls

Quickly and easily comply with GDPR right to erasure requests. Delete personal data stored in survey responses, tickets, and contacts, regardless of data origination – all with a click of a button.

Your data, your rules

You decide what data you collect, retain, and delete. Frequent data backups to support recovery and all accounts are password protected with available complexity controls.

User Access Controls

Make user management simple with single sign-on authentication. Add an additional security layer by enforcing multi-factor authentication for your users.

Project approval controls

Control the quality and content of your studies with project controls. Implement a workflow that mirrors your processes.

Admin Reports

Get visibility into your users and data with admin reports which highlight user engagement, activity, consumption, department-specific usage, and more.

Platform security & data management

Security Operations Center (SOC)

Our in-house Security Operations Center monitors the confidentiality, integrity, availability and performance of your data with sophisticated intrusion detection systems, performance and health systems, and security event correlation systems.

Encryption of data in transit

To protect from attacks, eavesdropping and session hijacking, we encrypt all data in transit using Hypertext Transfer Protocol Secure (HTTPS) and enforces HTTP Strict Transport Security (HSTS).

Information Security Management System (ISMS)

Our Information Security Management System (ISMS) defines the overall security function at Qualtrics. Our ISMS outlines the roles and responsibilities of all our employees to help protect the confidentiality, integrity, and availability of the platform.

Incident response plan

We have a thorough, documented plan for how to keep your data safe and secure if something goes wrong.

Always confidential

All data is treated as highly confidential. Our proprietary, industry best-practice methods keep data safe from unauthorized users, even those within your organization.

SOC 2 data center certification

An independent, up-to-date audit of data center service providers means your data is protected behind the latest technology and the best controls.

Physical security controls

Your essential data is always there for you. Perimeter defense and high-end firewall systems are all monitored 24/7 by dedicated security professionals. Quick failover points, redundant hardware, and nightly encrypted backups mean your essential data is always there for you.

Vulnerability Disclosure Policy

We appreciate the security researcher community. If you think you’ve found a vulnerability, see our Vulnerability Disclosure Program for how to report.

Learn More

Data isolation

We’re the only experience management company that offers an extra level of protection, applying an additional layer of encryption where you can bring your own key.