Security Overview

SOC2 Compliance

Workleap Officevibe has been SOC2 compliant since December 2022. Our latest SOC2 certification was received in March 2024.

The Service Organization Control (SOC) 2 Type II is an audit that ensures a high standard of accountability in regard to how a company or product handles sensitive information and data.

Contact an Officevibe sales representative for more information.


ISO 27001

Our security program is aligned with ISO 27001


GDPR Compliance

We have reviewed our security policies to make sure we are compliant with GDPR requirements. Our sub-processors having access to personal data are certified ISO 27001 and we hold Standard Contractual Clauses with them.


Security within the organization

Dedicated teams for application and operational security with the full support of upper management.


Vulnerability Management

Regular scans for vulnerabilities as done and reviewed. In addition, we have a private bug bounty program with HackerOne for continuous intrusion testing.


Data Protection

Data is always encrypted at rest using AES 256 and in transit using TLS 1.2. Database backups are performed at a high frequency, encrypted at rest.


Access Controls

Only a select few senior production support staff have access to customer data. MFA and VPN are required for access. Production data never leaves the production environment without being fully anonymized including feedback content, group names, company names etc.


Incident Response

Our Security Incident Response Team is well prepared to handle any incident. Our clients are notified within 48 hours in the event of a breach or compromise of Officevibe’s security program resulting in a real risk of significant harm to individuals.


Application Security

Single Sign-On options including SAML 2.0 are available. Passwords are hashed using PBKDF2 and are salted with unique salts. Logging and auditing are meticulous and monitored.


Employee Policies Employee Policies 

All employees undergo a background check and have required security training and awareness.