Workato Achieves PCI DSS Level 1 (Version 4.0), ISO 27001, and ISO 27701 Certifications: Workato’s Commitment to Elevating Enterprise Security
At Workato, security isn’t just a feature—it’s the foundation of everything we do. That’s why we’re thrilled to announce that we’ve achieved PCI DSS Level 1 (v4.0) service provider compliance. Additionally, Workato is now ISO 27001 and ISO 27701 compliant, reinforcing our commitment to safeguarding customer data. These certifications ensure that you can automate with confidence, knowing your data is protected by industry-leading security standards.
“Achieving PCI-DSS and ISO compliance underscores our commitment to rigorous security practices, ensuring our customers can fully trust Workato to protect their data and workloads at every stage,” said Jayesh Shah, SVP of Product & Field Success and Operations. Hans Gustavson, CISO at Workato, added: “This certification reflects our focus in supporting a secure and scalable orchestration platform that aligns with the evolving needs of our broad base of customers across industries, regions and their size—enterprise, government, startups, SMBs, and beyond—in today’s interconnected world.”
Raising the Bar for Security and Compliance: Our Latest Certifications
PCI DSS Level 1: The Payment Card Industry Data Security Standards (PCI-DSS) are a set of requirements prescribed by the PCI DSS Council. Achieving the Level 1 Service Provider compliance allows Workato customers to store, process, and transmit cardholder data using the Workato platform. This unlocks tremendous business value by reducing the risk associated with handling sensitive payment data, particularly across industries like financial services, e-commerce, fintech, and retail. Workato’s rigorous security standards ensure customers can confidently manage their payment processing needs while maintaining the highest levels of data protection. The financial services industry is undergoing significant changes, such as digitization and AI adoption, making it essential for them to work with trusted solution providers. Workato’s achievement of this certification reflects our deep commitment to safely handling sensitive customer information for our customers in regulated industries combined with cyber-resilience, and operational excellence as an organization.
Workato engaged with an approved third-party assessment by a Qualified Security Assessor (QSA) for the certifications.
ISO 27001: ISO/IEC 27001 is the world’s best-known standard for information security management systems (ISMS) and specifies the requirements for establishing, implementing, maintaining and continually improving an ISMS within an organization. Compliance with this standard is a testament of our commitment to providing and maintaining a secure and trusted platform to support our customers evolving data and business transformation initiatives.
ISO 27701: Built on ISO 27001, ISO 27701 defines requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS). This is crucial for safeguarding Personally Identifiable Information (PII) and complying with global regulations such as the General Data Protection Regulation (GDPR).
Attestation of Compliance (AoC) for PCI DSS and copies of our ISO27701/ISO27701 certificates are available upon request.
Enhanced Data Protection for Regulated Industries
Workato’s security capabilities include advanced features designed for organizations in highly regulated industries, providing complete control over their data. Workato offers data masking to protect sensitive information and can operate as a passthrough platform, ensuring no sensitive data is stored. Enterprise Key Management (EKM) allows customers to bring their own encryption keys, offering enhanced flexibility in data protection. External Secrets Manager (SM) enables seamless integration with customers’ secret stores, for secure management of sensitive credentials. Virtual Private Workato (VPW) offers a private deployment option for enterprises requiring more complete workload and data isolation, delivering a dedicated and managed instance of the Workato platform within a AWS Virtual Private Cloud (VPC) tenant. These features empower organizations to meet stringent security and compliance requirements with confidence.
Workato’s robust security capabilities and our compliance certifications provide the trust our customers require in highly regulated industries, such as financial services and healthcare, to safely and securely navigate the complexities of their data.
Read more about our security capabilities here:
- Data Masking
- Custom data retention
- Enterprise Key Management
- External Secrets Manager
- Virtual Private Workato (VPW)
Our Commitment to Security
At Workato, we continue to push the boundaries of data security and privacy, with a laser focus on safeguarding customer data and ensuring ongoing compliance with evolving regulatory requirements. Customers across industries and regions can rely on Workato to provide the secure infrastructure they need to orchestrate and automate workflows across their enterprise.