Security and privacy at a glance

account protection icon

Account Protection

Get comprehensive control over your account’s security. Centrally manage access policies with Single Sign-on, Role-Based Access Control, and SCIM user provisioning.

data encryption icon

Data Encryption

We utilize strong encryption protocols to safeguard your data at all times. Data-in-transit is encrypted using TLS 1.2+ and data-at-rest is encrypted using AES-256 or greater, ensuring an extra layer of protection.

data backup and recovery icon

Data Backup & Recovery

We leverage high-availability configurations to minimize downtime and maintain seamless service. Our transaction logging setup enables us to achieve point-in-time recovery (PITR), providing you with peace of mind and data integrity.

data privacy and protection icon

Data Privacy & Protection

WorkStep is compliant with relevant data protection regulations, including SOC 2 type II and regularly performs security audits and vulnerability assessments (audit report available upon request).

Learn more about security at WorkStep

Visit WorkStep’s Trust Center for more security and compliance resources, as well as information on the data privacy and security measures that help keep your data safe.


Security highlights

Industry best practices and world-class protocols and response.

Network & infrastructure security graphic

Network & infrastructure security

WorkStep is a fully cloud-based service. Our Virtual Private Cloud (VPC) is hosted on Google Cloud Platform (GCP) Amazon Web Service (AWS). WorkStep is fortified with advanced security features, including a stateful firewall and intrusion detection system (IDS). These measures actively monitor and defend against potential threats. Our internal networks are protected with IAM (Identity and Access Management) authorization, ensuring that only authorized individuals have access to sensitive resources.

User data privacy graphic

User data privacy

Access to stored customer data is subject to strict policies and procedures. WorkStep uses the principle of “least privilege” for user access and access to customer data is restricted and only granted as is deemed required for job function. All access to our internal administration tools is logged and periodically reviewed. Any access to user data requires security approval. To learn more, please review our Privacy Policy.

Incident response and monitoring graphic

Incident response and monitoring

At WorkStep we take your data protection seriously. Our rigorous incident response processes and monitoring mechanisms guarantee your data is always protected. We conduct frequent application testing and scanning, alongside third-party vulnerability audits, to ensure a robust platform.