Below is a highly technical document covering key aspects of the WalkMe security datasheet.

WalkMe Security Datasheet

Below is the WalkMe Digital Adoption: Security, Privacy, & Architecture White Paper document. This is an informational document issued by WalkMe to introduce WalkMe's security, privacy, and architecture.

WalkMe Digital Adoption White Paper: Security, Privacy, & Architecture

Below is the WalkMe Solution Overview. This is an informational document issued by WalkMe to promote and highlight the features of our solution.

WalkMe Solution Overview

Below is the WalkMe Customer Shared Responsibility. This is an informational document that outlines the shared responsibility model that WalkMe operates and the controls that will be the responsibility of its customers.

WalkMe Customer Shared Responsibility

Below is a highly technical document listing exactly what is being tracked in Insights in all different tracking modes.

WalkMe Data Collected White Paper

WalkMe complies with GDPR as a data processor CCPA as a Service Provider in the provision of WalkMe's services to its customers and can make its Data Processing Addendum (DPA) available for execution. In addition, we are devoted to helping our customers with their GDPR and CCPA compliance processes by providing robust privacy and security protections built into our services and contracts.
By default, WalkMe does not collect personally identifiable information (PII) other than IP addresses in logs for security purposes, end-users' approximate geolocation (country and city in which they are located) and masked IP addresses for the ongoing operation of the WalkMe system, and assigns collected metadata to anonymous random GUID. Moreover, WalkMe collects and transfers environment properties such as browser and OS, page URL, and title.

the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act set national standards for the privacy and security of electronically protected healthcare information.

WalkMe Data Protection Overview

WalkMe solutions offering

WalkMe offers pre-configured solutions in the Solutions Gallery that help customers display privacy notices and support compliance with their internal data protection requirements. These solutions enable customers to provide end users with choices regarding WalkMe data collection and processing, as described below.

WalkMe Privacy Statement solution
WalkMe offers a pre-configured WalkMe Privacy Statement solution in the Solutions Gallery, which includes two Smart Walk-Thrus. This solution helps customers display privacy notices and support compliance with their internal data protection policies.
By using this solution, customers can give users the option to opt out of WalkMe processing their personal data for analytics purposes. Please note the following important considerations:

• Opt-out duration: When a user opts out, a cookie is saved in their browser to enforce this setting. The cookie is valid for one year. After it expires, the user must opt out again using the same opt-out option provided through the solution.
• Domain-specific opt-out: The opt-out setting applies to each main website domain where the solution is implemented. If an application is accessed from multiple separate domains, users must opt out individually on each domain.
Note: This does not apply to embedded content such as cross-domain iframes, which inherit the opt-out setting from the main page.
• Cookie clearing: If a user clears their browser cookies, the opt-out cookie is removed. To remain opted out, the user must complete the opt-out flow again using the solution.
• Impact on Insights: When users opt out, WalkMe no longer collects their analytics data, which may result in limited Insights.
• Deletion following opt-out: Since WalkMe acts as a processor on behalf of the controller (the customer), WalkMe may delete customer data only upon the customer's request. Accordingly, if a user opts out, the customer is responsible for requesting deletion of any personal data collected prior to the opt-out and for providing the relevant user identifier so WalkMe can assist with the deletion.

Session Playback Privacy Statement solution
WalkMe offers an additional pre-configured Session Playback Privacy Statement solution in the Solutions Gallery, which includes two Smart Walk-Thrus. This solution helps customers display Session Playback–specific privacy notices and support compliance with consent requirements applicable to Session Playback recording. By using this solution, customers can give users the option to opt in or opt out of Session Playback recording. Please note the following important considerations:

• Consent behavior and segmentation: The popup content and behavior depend on the customer's Session Playback segmentation setup:
  • If Session Playback is enabled for the user by default, the user is given the option to opt out of recording.
  • If Session Playback is disabled for the user by default , the user is given the option to opt in to recording.
    • The user's choice determines whether Session Playback recording is enabled or disabled for that user starting from the next session.
• Consent precedence: User consent collected through the Session Playback Privacy Statement takes precedence over the customer's Session Playback segmentation configuration for that user.
• Consent duration and storage: When a user opts in or opts out, a cookie is saved in the user's browser to enforce the selected preference. The cookie is valid for one year. If the cookie expires or is deleted (for example, if the user clears browser cookies), the user may be required to provide consent again.
• Relationship to the WalkMe Privacy Statement solution: If a user opts out through the WalkMe Privacy Statement solution, that opt-out applies to Session Playback as well. In such cases, the Session Playback Privacy Statement solution is not applicable.

How to access the solutions
1. Navigate to the Solutions Gallery in the WalkMe Console
2. Open the Solutions Catalog
3. Click Open Catalog under the Universal Content section
4. Use the Category dropdown and select Privacy
5. Click Apply
6. The relevant solutions will appear in the filtered list

The EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF were respectively developed by the U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union, United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law.

Learn More

WalkMe received the International Organization for Standardization Certification for Information Security (ISO 27001:2022). The audit evaluated WalkMe's information security management system from the product, infrastructure, and organizational aspects, and verified that WalkMe has the necessary information security controls in place to ensure the confidentiality, integrity, and availability of sensitive information assets. IQC issued, accredited by the Dutch Accreditation Council (RvA #C560 Mgmt. Sys.)

View Here

ISO/IEC 27701:2019 is a privacy extension to ISO/IEC 27001. The design goal is to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS). The standard outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage privacy controls to reduce the risk to the privacy rights of individuals.

View Here

ISO 27017 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO 27002 and ISO 27001 standards. This standard provides additional information security controls implementation guidance specific to cloud service providers. WalkMe's attestation to the ISO 27017:2015 guidance demonstrates our ongoing commitment to align with globally recognized best practices and verifies that WalkMe has a system of highly precise controls in place that are specific to our cloud services.

View Here

ISO 27018 is a standard that focuses on the protection of personal data in the cloud. It is based on ISO information security standard 27002 and provides implementation guidance on ISO 27002 controls applicable to public cloud personally identifiable information (PII). It also provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO 27002 control set. WalkMe customers can know where their data is stored.
Customer data won't be used for marketing or advertising without explicit consent.

View Here

ISO 27799 gives guidelines for organizational information security standards and information security management practices including the selection, implementation, and management of controls in health informatics of ISO/IEC 27002 and is a companion to that International Standard.

View Here

WalkMe is ISO/IEC 27032 certified for Guidelines for Cybersecurity. ISO/IEC 27032:2023 provides guidance for improving the state of Cybersecurity, drawing out the unique aspects of that activity and its dependencies on information security, network security, internet security, and critical information infrastructure protection (CIIP) domains

View Here

WalkMe is ISO/IEC 20243:2018 (O-TTPS) certified for Mitigating maliciously tainted and counterfeit products (Supply Chain security management). ISO/IEC 20243:2018 is applicable to WalkMe LTD's Digital Adoption Platform Supply chain security management to meet ISO/IEC 20243-1:2018 Open Trusted Technology Provider (O-TTPS) standard requirements. The scope applies to the entire organization and consists of provisioning software, configuration, implementation, and services to include delivery of products, services and solutions to our federal government, state and local and commercial customers globally.

View Here

WalkMe is ISO 27036-2∶2022 for certified for Cybersecurity Supplier relationships. ISO 27036-2:2022 is part of the ISO/IEC 27036 series, which focuses on information security for supplier relationships. Specifically, Part 2 provides guidelines for managing information security risks within these relationships. It addresses the processes and practices necessary to safeguard sensitive information when working with suppliers, including contracts, agreements, and risk assessments, ensuring that security standards are maintained across the supply chain.

View Here

WalkMe also achieved a STAR Certification from the Cloud Security Alliance (CSA). STAR Certification is an internationally recognized cloud security certification program jointly developed by CSA and BSI, that specifies comprehensive and stringent cloud security requirements for software vendors.

View Here

WalkMe was given a Accessibility Statement of Compliance from UserWay stating that WalkMe is compliant with the ADA and Section 508 requirements for website accessibility based on WCAG 2.1 AA.

View Here

WalkMe completed a Service Organization Control (SOC) 2 Type II audit, which is one of the most stringent international standards for security, availability, processing integrity, confidentiality, and privacy. Our commitment to the SOC 2 Type II report is ongoing and periodic audits are performed on a regular basis. Available only with NDA.

We have a SOC 3 Type II General Use Report, demonstrating that WalkMe has met the AICPA auditable trust services principles (security, availability, processing integrity, confidentiality, and privacy), which is publicly available for free distribution without prior need for NDA.

View Here

WalkMe's Digital Adoption Platform was awarded the highest Skyhigh CloudTrust™ rating of Enterprise-Ready™ by fulfilling a comprehensive set of requirements for data protection, identity verification, service security, business practices, and legal protection.

View Here

WalkMe completed the 2017 Standardized Information Gathering (SIG) Questionnaire, administered by The Santa Fe Group.

View Here

WalkMe completed the Consensus Assessments Initiative Questionnaire (CAIQ)  organized by CSA to assist in general principles of cloud security.

View Here

This whitepaper provides guidance for using WalkMe products in the context of GxP and the content has been developed in conjunction with WalkMe pharmaceutical and medical device customers, as well as software partners, who are currently using WalkMe products in their validated GxP systems.

View Here

For customers, the AWS Partner Network makes it easy to find top APN Partners who:

• With our partnership for AWS customers, are given prioritization over development tasks
• Possess extensive experience building and deploying customer solutions that are built on or integrated with AWS.
• Provide well-architected solutions for AWS customers.
• Develop and retain a strong bench of AWS trained and certified experts.

View Here

This report covers the degree of conformance for the following accessibility standard/guidelines:

• Web Content Accessibility Guidelines 2.0
• Web Content Accessibility Guidelines 2.1

View Here

This report covers the degree of conformance for the following accessibility standard/guidelines:

• Web Content Accessibility Guidelines 2.0
• Web Content Accessibility Guidelines 2.1

View Here