Security at WorkSpan

Awesome technology is only valuable when it is fully trusted and battle tested. WorkSpan has taken trust and security extremely seriously from the day we were founded. We continue to take that responsibility extremely seriously today. We respect your data as if it was our own and our teams work tirelessly to continue to earn that trust every day.

graphical user interface
graphical user interface, textgraphical user interface, textgraphical user interface, textgraphical user interface, textgraphical user interface, text

What You Can Expect

Look no further than our extensive list of enterprise customers and you’ll know that WorkSpan has passed and exceeded security evaluations by some of the world’s largest and most rigorously secure companies in the world.  

We look forward to earning your trust as well, so you and your organization can take advantage of the awesome technology WorkSpan provides to help you run your business and drive more revenue with your partner ecosystem!

Learn more about our certifications and security standards below. Of course, if you have questions, we’re always here to help.

WorkSpan Powers Secure Partner Ecosystems

icon

Access Security

WorkSpan has sophisticated attribute-based access control for fine-grained security. Attribute-based access control is designed for the unique requirements of securing data over a network.

Fully SOC2 and GDPR compliant, WorkSpan has already passed the rigorous security reviews of the top technology companies in the world.

icon

Data Security

WorkSpan comes with peace of mind. You decide data privacy policies once and then securely share joint opportunities, sales plans, solutions across your ecosystem with confidence.

You can even enable Privacy Mode to limit what's shown on your own screen when sharing over a conference call!

icon

Program Security

WorkSpan helps partner professionals digitize, streamline, and report on large and varied ecosystems of partners.

Easily govern simple and complex partnering models, from "one-to-one" partnerships to "one-to-many" scaled channels, and "many-to-many" partner-to-partner motions.

Certifications

WorkSpan regularly performs a wide variety of audits and assessments to protect our customer’s data and ensure we’re meeting or exceeding industry standards. 
logo

SOC II

WorkSpan has been awarded SOC 2 Type II certification, SOC 2 is a report based on AICPA’s existing Trust Services principles and criteria. The purpose of the SOC 2 report is to evaluate an organization’s information systems relevant to security, availability, and confidentiality, and is ideal for SaaS and cloud service organizations that want to assure customer information is secure and available whenever needed. 

WorkSpan strictly adheres to AICPA’s Trust Service Principles. Our SOC 2 report is unique to our business practices. WorkSpan undergoes a regular third-party audit to certify individual products against this standard.

For more information on WorkSpan’s SOC 2 certification, please send an email to privacy@workspan.com.
logo

GDPR

WorkSpan strictly adheres to all GDPR tenets, including Right to Access, Right to Rectification, Right to Erasure, Right to Portability, and Right to Object. You can access your personal profile and communication preferences, request that we export and/or delete your personal data, and contact us to let us know that you object to the further use of or disclosure of your data for certain purposes.

WorkSpan can provide evidence for GDPR compliance—including requests for access of profile information, rectification, erasure, and portability requests. Email privacy@workspan.com for more information.

Our SOC 2 Tenets

icon

Availability

WorkSpan takes immense pride in ensuring that we continue to meet our business objectives based on contracts and Service Level Agreements (SLAs). We take stringent measures, including disaster recovery, incident management, and change management, to ensure the operational readiness of information and systems.

icon

Security

Security is serious business at WorkSpan. We are committed to the protection of information and systems resources against unauthorized access, theft, or misuse of the software. We enforce cutting edge protective measures, including multi-factor authentication, intrusion detection, and network & application firewalls.

icon

Confidentiality

If data can be accessed and disclosed only to a specific set of persons or organizations, then it is confidential. WorkSpan enforces rigorous safeguards to ensure that your confidential data stays that way. We bring to bear fail-secure guards including attribute-based access control and data encryption.

A SOC 2 report is ideal for SaaS and cloud service organizations that want to assure customers that their information is secure and will be available whenever needed. A SOC 2 report also helps organizations to establish the effectiveness of any controls that may be required by their governance process. Enterprises view SOC 2 compliance as a critical requirement when considering a SaaS provider. We cannot overstate the importance of WorkSpan attaining this certification.For more information on WorkSpan’s SOC 2 certification, please send an email to privacy@workspan.com.

For more information on WorkSpan’s SOC 2 certification, please send an email to privacy@workspan.com.

logo

We Take GDPR Seriously.

WorkSpan stringently adheres to all GDPR tenants.

1. Right to access:

You can access your personal profile and communication preferences via a secure page on WorkSpan.

2. Right to rectification:

You can update your personal profile and communication preferences via a secure page on WorkSpan.

3. Right of erasure:

You can request that we erase some or all of your personal data from our systems.

4. Right to portability:

You can request an export of your personal data.

5. Right to object:

You can contact us to let us know that you object to the further use or disclosure of your data for certain purposes.

icon
WorkSpan can provide evidence for GDPR compliance—including requests for access of profile information, rectification, erasure, and portability requests. You can make a request to privacy@workspan.com.
icon

Data Security With Zero Compromises

WorkSpan has advanced data security strategy, capability, & policies in place.
How safe is my data?
Access to your data is defined by attribute based access controls—allowing users, owners, and admins to have fine grained application access control far more advanced than traditional role based applications security models.

Data is stringently protected via encryption:

  • Data in flight is secured via 128 bit TLS 1.2 using AES_128_GCM with ECDHE_RSA key exchange.
  • For Data at rest, each cloud storage object’s data and metadata is encrypted under the 256-bit Advanced Encryption Standard (AES-256).
WorkSpan policies for its internal employees ensure safe and compliant handling of user data.
What is the retention period for data in the system?
Application data related to company’s use of information is subject to company’s data retention policies. Data can be permanently deleted at user or company request. User’s personal data is removed after user is no longer part of WorkSpan.
Can I access the WorkSpan application from any region or geography?
Absolutely. You can access the WorkSpan application from anywhere in the world with secure credentials.
Does WorkSpan give me the capability to selectively share information with my partners?
With WorkSpan, you can easily enforce your company’s data privacy and access policy uniformly across all partner facing teams. You can share the data at a record level, and further restrict access at a field level in a shared record:

  • Record Level: Selectively share specific records with your partner companies, specific users in the partner companies, or within your company.
  • Field Level: WorkSpan’s extensible architecture enables you to add shared and private fields. Private fields are only viewable to people in your own company. Shared fields allow you to share the data with your partner teams.
Where can I find the list of sub-processors for WorkSpan products and services?
We maintain the current list of all of our sub-processors at Workspan's Sub-Processor Repository Page.
Do you have a data protection officer? If no, who is responsible for the GDPR Compliance function?
Yes, WorkSpan’s Chief Information Security Officer, Milind Joshi, is our data protection officer and responsible for GDPR compliance.
Where is my data stored in WorkSpan?
Customer data is stored in secure enterprise-grade public clouds such as Google Cloud, Microsoft Azure, and Amazon Web Services.
How do I set the controls for who can share my data?
WorkSpan provides three modes for sharing: Owner Mode, Partner Mode, and Network Mode. These modes are set at a record level. Only Owners can set the sharing mode.

  • Owner Mode: Most restrictive mode, where only the owner can share the data.
    • Example: Only the owner can add new users or companies, and set the company flags for employees to find and request to join.
  • Partner Mode: Delegate the sharing to other member users, facilitating seamless collaboration.
    • Example:All members can share with new users and companies. However, they can only grant access level equivalent to or below the access level that the member has.
  • Network Mode: Broadcast to all companies on the network.
    • Example: All members can share with new users and companies. However, they can only grant access level equivalent to or below the access level that the member has. In addition, any user from any company on the WorkSpan Network can discover and request to join.
icon

Your Privacy Will Always Be Protected.

WorkSpan goes the extra mile to protect your data privacy.
What categories of processing are performed on personal data and for what purpose?
We process personal data to operate, improve, understand, and personalize our services. For example, we may use personal data to:

  • Create and manage user profiles
  • Communicate with you about the services
  • Enable communication and collaboration between users of the services
  • Contact you about service announcements, updates, or offers
  • Provide support and assistance for the services
  • Provide your employer or sponsoring organization with information about your usage of the services
  • Personalize content and communications based on your preferences
  • Meet contract or legal obligations
  • Respond to user inquiries
  • Fulfill user requests
  • Comply with our legal or contractual obligations
  • Resolve disputes
  • Protect against or deter fraudulent, illegal, or harmful actions
  • Enforce our Terms of Service
Does the system provide a privacy statement or notice?
Yes, WorkSpan provides a privacy statement. Please find a copy here
Where can I find my user agreement?
Yes, WorkSpan provides a user agreement. Please find a copy here
How does WorkSpan communicate MDF terms and conditions with partners?
In your WorkSpan instance, navigate to the strategy tab on the Programs page. At the bottom of this page, you can find the program policy documents. Similarly, the Campaigns tab has a section at the bottom of the page containing program policy documents for that particular program.
Is an information security risk assessment performed at a planned interval or upon significant organizational, IT, or other relevant changes? Are documented risk assessment results retained?
Yes, information security risk assessment is performed annually and after every major change. Risk assessment is presented to the leadership team for discussion and action.
Can I remove or replace an existing user profile from the WorkSpan system?
Yes. An existing user can be removed from every WorkSpan object with a single click. It’s just as quick and easy to remove a user as it is to replace an existing user with another in the system.
What categories of personal data are processed?
WorkSpan collects personal data about you when you provide such information directly to us, when third parties such as our business partners or service providers provide us with personal information about you, or when personal data about you is automatically collected in connection with your use of our services. WorkSpan applications use your:
  • Name (required)
  • Work email address (required)
  • Profile picture (optional)
  • User added content (which may include personal data if you include personal data in such content)
In addition, via the WorkSpan website, if you sign up for a newsletter, event, webinar, etc. you may volunteer to provide telephone and physical address as needed.
Does the personal data include special category data? Does the personal data include criminal convictions and offenses? If “Yes” please provide details.
No special, sensitive data (e.g. race, ethnicity, gender, trade union, health, sexual preference), or criminal convictions are ever captured on WorkSpan.
Does your organization provide information security awareness training to employees and relevant third-party contractors upon hire, and at least annually thereafter?
Yes, WorkSpan treats security and privacy as a top priority and conducts awareness training for employees and contractors annually and upon hire.
Does your organization define capacity requirements and monitor service availability?
WorkSpan monitors services availability and capacity in real-time, and auto provisions for higher availability for peak performance and failover.
Does WorkSpan provide an audit trail for all activity?
Absolutely. WorkSpan has an “always on” audit trail that gives you accurate and reliable information at all times of who did what and when in the system.