WalkMe Security Compliance
Brief Overview
WalkMe is the Digital Adoption Platform pioneer and leads the industry standard for security and compliance. WalkMe complies with both GDPR and CCPA in WalkMe's services to its customers.
You can find more about WalkMe's privacy policies, compliance standards, and certifications below.
Security
Below is a highly technical document covering key aspects of the WalkMe security datasheet.
Below is the WalkMe Security, Privacy, & Architecture White Paper document. This is an informational document issued by WalkMe to introduce WalkMe's security, privacy, and architecture.
WalkMe White Paper – Security, Privacy, & Architecture
Below is the WalkMe DAP Solution Overview White Paper document. This is an informational document issued by WalkMe to promote and highlight the features of our solution.
WalkMe White Paper – DAP Solution Overview
Privacy
Below is a highly technical document listing exactly what is being tracked in Insights in all different tracking modes.
WalkMe Data Collected Whitepaper
WalkMe complies with GDPR as a data processor CCPA as a Service Provider in the provision of WalkMe's services to its customers and can make its Data Processing Addendum (DPA) available for execution. In addition, we are devoted to helping our customers with their GDPR and CCPA compliance processes by providing robust privacy and security protections built into our services and contracts.
By default, WalkMe does not collect personally identifiable information (PII) other than IP addresses in logs for security purposes, end-users' approximate geolocation (country and city in which they are located) and masked IP addresses for the ongoing operation of the WalkMe system, and assigns collected metadata to anonymous random GUID. Moreover, WalkMe collects and transfers environment properties such as browser and OS, page URL, and title.
the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act set national standards for the privacy and security of electronically protected healthcare information.
WalkMe Data Protection Overview
The EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF were respectively developed by the U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union, United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law.
Certification
WalkMe received the International Organization for Standardization Certification for Information Security (ISO 27001:2022). The audit evaluated WalkMe's information security management system from the product, infrastructure, and organizational aspects, and verified that WalkMe has the necessary information security controls in place to ensure the confidentiality, integrity, and availability of sensitive information assets. IQC issued, accredited by the Dutch Accreditation Council (RvA #C560 Mgmt. Sys.)
ISO/IEC 27701:2019 is a privacy extension to ISO/IEC 27001. The design goal is to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS). The standard outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage privacy controls to reduce the risk to the privacy rights of individuals.
ISO 27017 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO 27002 and ISO 27001 standards. This standard provides additional information security controls implementation guidance specific to cloud service providers. WalkMe's attestation to the ISO 27017:2015 guidance demonstrates our ongoing commitment to align with globally recognized best practices and verifies that WalkMe has a system of highly precise controls in place that are specific to our cloud services.
ISO 27018 is a standard that focuses on the protection of personal data in the cloud. It is based on ISO information security standard 27002 and provides implementation guidance on ISO 27002 controls applicable to public cloud personally identifiable information (PII). It also provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO 27002 control set. WalkMe customers can know where their data is stored.
Customer data won't be used for marketing or advertising without explicit consent.
ISO 27799 gives guidelines for organizational information security standards and information security management practices including the selection, implementation, and management of controls in health informatics of ISO/IEC 27002 and is a companion to that International Standard.
WalkMe is ISO/IEC 27032 certified for Guidelines for Cybersecurity. ISO/IEC 27032:2023 provides guidance for improving the state of Cybersecurity, drawing out the unique aspects of that activity and its dependencies on information security, network security, internet security, and critical information infrastructure protection (CIIP) domains
WalkMe is ISO/IEC 20243:2018 (O-TTPS) certified for Mitigating maliciously tainted and counterfeit products (Supply Chain security management). ISO/IEC 20243:2018 is applicable to WalkMe LTD's Digital Adoption Platform Supply chain security management to meet ISO/IEC 20243-1:2018 Open Trusted Technology Provider (O-TTPS) standard requirements. The scope applies to the entire organization and consists of provisioning software, configuration, implementation, and services to include delivery of products, services and solutions to our federal government, state and local and commercial customers globally.
WalkMe is ISO 27036-2∶2022 for certified for Cybersecurity Supplier relationships. ISO 27036-2:2022 is part of the ISO/IEC 27036 series, which focuses on information security for supplier relationships. Specifically, Part 2 provides guidelines for managing information security risks within these relationships. It addresses the processes and practices necessary to safeguard sensitive information when working with suppliers, including contracts, agreements, and risk assessments, ensuring that security standards are maintained across the supply chain.
WalkMe also achieved a STAR Certification from the Cloud Security Alliance (CSA). STAR Certification is an internationally recognized cloud security certification program jointly developed by CSA and BSI, that specifies comprehensive and stringent cloud security requirements for software vendors.
WalkMe was given a Accessibility Statement of Compliance from UserWay stating that WalkMe is compliant with the ADA and Section 508 requirements for website accessibility based on WCAG 2.1 AA.
Reports
WalkMe completed a Service Organization Control (SOC) 2 Type II audit, which is one of the most stringent international standards for security, availability, processing integrity, confidentiality, and privacy. Our commitment to the SOC 2 Type II report is ongoing and periodic audits are performed on a regular basis. Available only with NDA.
We have a SOC 3 Type II General Use Report, demonstrating that WalkMe has met the AICPA auditable trust services principles (security, availability, processing integrity, confidentiality, and privacy), which is publicly available for free distribution without prior need for NDA.
WalkMe's Digital Adoption Platform was awarded the highest Skyhigh CloudTrust™ rating of Enterprise-Ready™ by fulfilling a comprehensive set of requirements for data protection, identity verification, service security, business practices, and legal protection.
WalkMe completed the 2017 Standardized Information Gathering (SIG) Questionnaire, administered by The Santa Fe Group.
WalkMe completed the Consensus Assessments Initiative Questionnaire (CAIQ) organized by CSA to assist in general principles of cloud security.
This whitepaper provides guidance for using WalkMe products in the context of GxP and the content has been developed in conjunction with WalkMe pharmaceutical and medical device customers, as well as software partners, who are currently using WalkMe products in their validated GxP systems.
For customers, the AWS Partner Network makes it easy to find top APN Partners who:
- With our partnership for AWS customers, are given prioritization over development tasks
- Possess extensive experience building and deploying customer solutions that are built on or integrated with AWS.
- Provide well-architected solutions for AWS customers.
- Develop and retain a strong bench of AWS trained and certified experts.
This report covers the degree of conformance for the following accessibility standard/guidelines:
This report covers the degree of conformance for the following accessibility standard/guidelines: