Security

Our Approach to Security

Culture Amp's core mission is centered around empowering organizations to create a better world of work through the power of data-driven insights. This is why trust is at the center of what we do and why security is our top priority. We're transparent with our security practices so you are informed and feel safe using our platform.

Like culture is central to any organizations practices and success, culture is key to our approach to security. Culture Amp has a program of security, a number of controls to manage the condition of security, and a focus on protecting our customers data. We consider security across several domains, including securing our own workplace technologies and services, and how we ensure our products as secure as possible for our customers and users.

Our security philosophy

Our approach to security is based around a couple of core themes:

• Creating a culture within our company culture where security of data and services is everyone’s responsibility
• Meet (and aim to exceed) customer expectations for data security in the cloud
• Without putting your data or our platform at risk, being open and transparent about our security programs, controls, and monitoring.

All Campers (Culture Amp employees) are users of Culture Amp platform and when it comes to innovation and R&D we are “Customer Zero” and we’re invested in securing our products not only because we are custodians of important customer data, but also because we hold our people data in those same products ourselves.

Our security team & practice

We have an amazing security team, with a wide range of complementary skills and experiences, who are customer focused, and driven to deliver the best security capability possible. Our Security Team is led by our Melbourne based Chief Security and Risk Officer, and the team are global across our Melbourne, Sydney, Perth, Europe, and North American offices, with some remote team members in other Asia-Pacific locations. We have multiple security focus areas, including:

• Security architecture – responsible for defining the security strategy with the CSO and for defining the security requirements of our products and platform
• Application security – responsible for the security of our products and platform
• Corporate security – responsible for our internal security, the security of our ecosystem, and workplace technologies
• Cyber Defense - responsible for responsible for detecting and responding to security incidents and exercising Security Intelligence
• Trust - responsible for tracking and responding to customer expectations, and providing transparency into our processes and practices
• Development and SRE – responsible for building and running tooling for the security team
• Security Governance - responsible for 3rd party security reviews, establishing security policies & standards, and conducting awareness and training to ensure our employees and partners know how to work securely

While our global security team is accountable for ensuring our security practices are effective, everyone at Culture Amp is part of our mission to achieve better security and this is evidenced in our commitment to educating and training our campers throughout their time with us. Security is a shared responsibility at Culture Amp. We have a goal to lead our peers in security culture, meet all customer requirements for data security, and exceed industry security standards and certifications. We are proud to publish details about how we protect customer data.

Continually improving security

We are intent on ensuring our security program remains aligned to expectations of industry and best practice. We continually evaluate our current approach to security and identify opportunities for improvement.

With support from independent security consulting companies, we regularly undertake assessments of our security capability and our program(s). We take the outputs from these processes, including key recommendations, and use them to address any gaps and opportunities for improvement and to define programs for areas of security such as Application Security and Security Intelligence.

Through a defined set of metrics and a security reporting dashboard we monitor and measure success of these programs and of our core security operations. Monthly metrics are reviewed by the Culture Amp Security Steering Committee and used to identify and target areas for improvement across the practice.

More information

More information regarding our security capability and practices is available on our Culture Amp Trust Center.