Join Now or Log In

Security at Work

Here's what you can expect from Workplace

  • SOC 2
    Trust Services Principles
  • EU/US Privacy Shield
    Data Privacy Practices
  • SOC 3
    Service Organization Controls

Our trust principles

Your Workplace account is separate from your personal Facebook account.

Posts made in your personal account are not visible in your Workplace account, and vice versa. You can use separate login credentials for each account.

Workplace has industry-leading hosting operations.

Workplace's hosting practices are regularly audited by independent third party auditors. An industry standard SOC3 report is available here. For Workplace Premium customers, a more detailed SOC2 report is available upon request.

Security is our top priority.

Workplace is designed in collaboration with our security experts. The security of the service is regularly evaluated and tested. Examples of these activities include full source code reviews, penetration tests, and security audits by an independent third-party. We happily share these reports and results with our Workplace Premium customers upon request.

Data controls.

Workplace Premium customers: The company owns and administers the data so you can modify, delete, or export your data at any time. Our industry standard APIs are provided to allow for real-time activity monitoring and content export. The API documentation can be found here. If we receive a request for your data from a third party, we will always attempt to redirect the request to you. If you would like to use third-party tools for e-discovery and compliance, we provide integrations with several industry-leading providers.

Workplace Standard customers: In Workplace Standard, you own the content you post and share, although Facebook's community standards apply. You have the option to delete or deactivate your account at any time.

Security and privacy.

Learn more about our commitment to security and how we handle privacy, including our certification under the EU-U.S. Privacy Shield Framework. Read the FAQs.

Our security philosophy

A critical part of our mission to make the world more open and connected is providing a secure community for everyone who uses Workplace by Facebook. Ensuring the security of information on Facebook is at the very heart of what we do. Decisions we make always involve answering questions upfront about how a new product, feature, or process impacts security and privacy. Every decision we make is reviewed with this lens. It's simply part of our culture at Facebook.

From day one, when Facebook employees come on board, they attend training on security, ethics, and confidentiality. Instilling a security mindset from the start is how we ensure that all of our employees-no matter their function-understand the importance of protecting the information entrusted to us.

Our team of experts

Security is a top priority and we invest considerable resources to create a safe and secure Facebook experience. We have dozens of teams working around the clock to keep your information safe. Your connection to Facebook is protected with the same kind of strong encryption technology that banks use to keep financial data secure. A combination of advanced automated systems, techniques like machine learning, and teams of dedicated engineers defend your information.

And when it comes to physical security, we're serious about protecting our data centers, offices, and employees. Physical access restrictions are implemented and administered so that only authorized individuals have the ability to access Facebook facilities. Access to all Facebook facilities is restricted through badge access and monitored by guard staff 24x7 that follows up on any alarms. In addition, Facebook is responsible for authorizing and approving all access requests from Facebook staff to the owned and leased data centers and server rooms. All data center locations employ badge readers and/or biometric fingerprint devices.

Our infrastructure

Facebook data centers are top-of-the line facilities that house our core infrastructure that runs and delivers Facebook to the world. We own or directly lease all of our facilities so we have end-to-end control over the grounds, the buildings, the servers, the operations, and maintenance for each center. We also utilize a distributed network of equipment that increases the resiliency and speed at which people experience Facebook. In total, we maintain hundreds of thousands of servers that are serving our communities and customers.

Always looking ahead

Workplace is designed to safeguard company data with controls in place to help prevent and detect unauthorized access to enterprise data. We combine comprehensive threat intelligence and specialized tools to monitor the Workplace environment. Facebook also augments traditional prevention and detection systems with more subtle ways of enforcing data confidentiality and uncovering potential issues, including the operational health of our systems, changes to systems and configurations, and employee access policies and procedures.

We have a dedicated security incident response team and are members of industry best practice groups such as FIRST. Facebook employs detailed incident response procedures that follow industry best practices.

In addition to strict data access controls and incident management, our day-to-day processes continually assess risk across Facebook. Management conducts several compliance audits (SOX, PCI and FTC) and other security assessments such as technical security reviews, third-party risk assessments, and product security evaluations to ensure that appropriate controls are in place and are operating effectively to mitigate identified risks.

Workplace Premium

We're always working to create the best tools and controls for companies to create the work environment that meets their needs. Workplace Premium includes administrative controls to manage your community and integrations to third-party identity services. Plus, you have ownership of your data. Premium customers have the ability to export and capture all their Workplace data via an administrative API. You can choose how best to store this exported archive.

Workplace Premium customers can use APIs to subscribe to real-time activity in their Workplace instance and get alerts. Since not everyone wants to build their own security and compliance tools, we have integrations with several of the industry's leading cloud compliance, e-discovery and data loss prevention providers.

If we receive a legal request for information about your Workplace Premium instance, we will ask the requesting party to contact you directly, unless prohibited by law.

Company administrators can also monitor and delete data. If you choose to close your Workplace community, we will delete your company data from our servers.

The bigger picture

As Facebook works to make the world and workplace more connected, it is clear that our collective security depends heavily on one another. That's why Facebook invests considerable resources into making sure that not only Facebook is secure, but that the rest of the internet is, too.

THREAT EXCHANGE

In 2015, Facebook released ThreatExchange, an online sharing platform for security threat information. Bitly, Dropbox, Pinterest, Tumblr, Twitter, and Yahoo are among the companies that have joined.

OSQUERY

Facebook built osquery, a popular open-source tool that makes it easier for security teams to monitor their operating systems for suspicious behavior and threats.

SECURITY@SCALE CONFERENCE

Facebook brings together a range of security experts in a series of day-long conferences designed to share the latest in security technology and ideas for future innovations and collaborations.

© Facebook 2017. The Apple, Google Play, and Windows logos are trademarks of their respective owners. View the Workplace Privacy Policy.