Security compliance certifications

SUMMARY

Workato upholds rigorous security standards with the following certifications:

• PCI-DSS Level 1: Secure cardholder data.
• ISO 27001 & 27701: Information and privacy management aligned with global standards.
• SOC 1 and SOC 2 Type II: Audited controls for financial and security integrity.
• HIPAA: Healthcare data protection, with Business Associate Agreements (BAAs) available.

Workato empowers organizations in finance, healthcare, and government to securely manage data workflows and integrations with our security features and certifications.

Workato prioritizes data security and regulatory compliance, ensuring that users can rely on our platform to automate workflows and integrate applications without compromising sensitive data.

Workato maintains comprehensive security compliance certifications to safeguard customer data. These certifications meet global standards, ensuring our users can operate with confidence across industries.

PCI-DSS level 1

Workato holds PCI-DSS Level 1 (v4.0) compliance for Payment Card Industry Data Security Standards. These security standards ensure that the data and data activities are protected:

• Cardholder data storage
• Data processing
• Data transmission

PCI-DSS Level 1 compliance allows financial services industry users to use the Workato platform for payment-related operations with confidence. We undergo an annual assessment by an approved Qualified Security Assessor (QSA) to maintain compliance.

Attestation of Compliance (AoC) available upon request.

ISO 27001

ISO 27001 certification specifies controls for establishing, implementing, and improving information security across Workato’s systems, making it the global standard for information security management systems (ISMS). This certification underlines our commitment to data security and operational resilience.

AoC available upon request.

ISO 27701

ISO 27701 extends ISO 27001 for Privacy Information Management Systems (PIMS), addressing the requirements for handling Personally Identifiable Information (PII) and aligning with global privacy regulations like GDPR.

AoC available upon request.

SOC 1 Type II

Our SOC 1 Type II certification evaluates Workato’s controls related to customers’ financial reporting, specifically assessing the internal controls relevant to user entities’ financial statements. This compliance is essential for organizations that require financial statement audits, providing assurance on the impact of Workato’s services on their reporting.

Audit reports available to customers under NDA.

SOC 2 Type II

The SOC 2 Type II certification is aligned with the American Institute of CPAs (AICPA) Trust Services Criteria, and evaluates Workato’s effectiveness in the following data concerns:

• Security
• Availability
• Processing integrity
• Privacy
• Confidentiality

This certification reflects our ongoing commitment to robust data protection practices and transparent service delivery.

Audit reports available to customers under NDA.

HIPAA

As a Business Associate, Workato is compliant with HIPAA standards, safeguarding Protected Health Information (PHI) for customers in healthcare. We can sign Business Associate Agreements (BAA) and undergo an annual HIPAA attestation from an independent auditing firm.

More resources

Workato provides advanced security features to support highly regulated industries, enabling secure management of data, credentials, and integrations with the following security features:

• Enterprise Key Management: Customers can control their encryption keys, enhancing data security.
• External Secrets Management: Integrate existing secret stores with Workato to strengthen credential management.
• Virtual Private Workato: Deploy Workato in a dedicated AWS Virtual Private Cloud (VPC) for added data isolation and compliance.