Geoff will be building upon our existing security controls and practices and addressing security policy, regulatory, and compliance issues, so that everyone at every level of your team can continue to be confident about what Slack is doing to keep your data safe. Previously, Geoff was the Chief Information Security Officer at Palantir. In his downtime, apparently, Geoff enjoys being an advisor to a number of start-ups, non-profits, and think tanks on cybersecurity and policy issues. In retrospect, we’re not sure that we phrased our question about “downtime” to Geoff very well.
And we couldn’t be in a better place for Geoff to join. 2015 was a busy and transformational year for security at Slack. Here are a few of the highlights:
We revised and expanded our security documentation, with a new Security Practices page that goes into more detail about how we do security at Slack. We’ll keep these pages updated as we continue to develop future compliance and security programs.
Through our bug bounty program, we routinely collaborate with an international community of security researchers to keep Slack secure. We’ve rewarded researchers with over $117,000 in bounties for their efforts, and have recently updated our program to broaden the scope and increase reward amounts.
Finally, we’re happy to share that Slack has undergone a rigorous, grueling, but ultimately satisfying Service Organization Controls audit (Type II). This audit, known as the SOC2 report, highlights our ability to provide a mature and reliable service, going beyond security and covering a number of system controls recommended by the American Institute of Certified Public Accountants (AICPA) Guide. It reports on the work we do as a service organization relating to availability, process integrity, confidentiality, and privacy — all important parts of keeping your data safe. If you’re in a team with an account manager, and would like to obtain a copy of our SOC2 audit report, please contact your account manager. If you’re not, but would still like one, contact the address below.
For any other security concerns or questions, or anything else at all, as ever, please write to us at firstname.lastname@example.org. If you’re interested in helping make Slack safer and joining Geoff and the crew of ne’er do wrongs, our security team is also hiring!