Illustrated graphic of a bright, dimensional basic lock, featuring a shield on its body.

Security, Encryption and Compliance at Slack

Enterprise-grade data Security solutions

Trust Slack to keep your data secure and meet your compliance requirements.

Security features for more control, visibility and flexibility

Identity and device management

Ensure that only the right people and approved devices can access your company’s information in Slack with features such as single sign-on, domain claiming and support for enterprise mobility management.

Data protection

In Slack, customer data is encrypted at rest and in transit by default. We protect your data with tools such as Slack Enterprise Key Management (Slack EKM), audit logs and native data loss prevention (DLP) as well as support for third-party DLP providers.

Information governance

Slack offers governance and risk-management capabilities that are flexible enough to meet your organisation’s needs, no matter what they are. This includes global retention policies, legal holds and support for e-discovery.


Meet specific industry regulations and international security and data privacy standards

Health Insurance Portability and Accountability Act logo

Health Insurance Portability and Accountability Act (HIPAA)

Slack can be configured for HIPAA compliance, including electronically protected health information (e-PHI).

FINRA logo

Financial Industry Regulatory Authority (FINRA)

Slack is FINRA 17a-4 configurable so your team can collaborate and still meet your compliance requirements.

Federal Risk and Authorization Management Program logo

Federal Risk and Authorization Management Program (FedRAMP)

Slack is FedRAMP Moderate authorised to meet the compliance needs of organisations in the US public sector.

GovSlack is FedRAMP JAB High authorised and is also pursing DoD CC SRG IL4 compliance.

Trusted Information Security Assessment Exchange logo

Trusted Information Security Assessment Exchange

Scope-ID SHYV0T
Assessment-ID AMHN37
TISAX and TISAX results are not intended for the general public.

IRAP logo

Information Security Registered Assessors Program (IRAP)

Slack has been assessed by an independent IRAP assessor against the requirements of the Australian Information Security Manual (ISM). Customers can contact their Slack account team to request a copy of our IRAP report.

ISMAP

Information System Security Management and Assessment Program (ISMAP)

Slack was assessed for the Information System Security Management and Assessment Program (ISMAP), a Japanese government programme evaluating the security posture of cloud service providers. Slack's registration can be viewed on the ISMAP list of registered services.


Data residency logo

Data residency

Data residency for Slack lets organisations choose the country or region where they want to store their encrypted data at rest.

GDPR logo

EU General Data Protection Regulation (GDPR)

Slack is committed to helping users understand their rights and obligations under the General Data Protection Regulation (GDPR). Slack has specific customer tools and processes to ensure compliance with GDPR requirements.

Industry-accepted best practices and frameworks

Our enterprise security approach focuses on security governance, risk management and compliance. This includes encryption at rest and in transit, network security and server hardening, administrative access control, system monitoring, logging and alerting and more.

Read the white paper

Slack’s security controls also align with the National Cyber Security Centre’s (NCSC) cloud security principles. Read more