As a big data company, Splunk understands the importance of data privacy. Our programs, products and services are structured to provide effective data privacy protections for Splunk, its customers, partners and employees.
Security by Design is top-of-mind throughout our development process. Our products and services are designed to meet your data security needs, including access controls, monitoring and encryption.
Splunk complies with industry and international security standards. This includes participating in rigorous third-party audits that verify security controls for our Cloud services.
Splunk is committed to responsibly leverage AI technology. Splunk embraces the AI principles of Accountability, Transparency, Privacy, Fairness, and Resilience. And each product powered by Splunk AI undergoes review.
Customers turn to Splunk to understand and improve their security posture. We practice what we preach. We are committed to adhering to global and industry compliance standards. We prepare for incidents and we help you prepare, respond to and remediate them as well.
The Splunk Customer Trust Portal provides you with easy, on-demand access to documentation about Splunk’s global privacy, security, and compliance programs, including certifications, compliance reports, standard security questionnaires and white papers.
The Privacy and Security Fact Sheet is designed and intended to provide an overview of core privacy and security measures we offer in the Splunk Cloud Platform, and serve as a resource to assist customers with their data protection impact assessments.
Splunk is proud to be among the first organizations to obtain certification under the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and Swiss-U.S. Data Privacy Framework. In order to provide customers with key details on its certification, Splunk has created a Whitepaper on International Data Transfers & the EU-U.S. Data Privacy Framework. This whitepaper is intended to answer common questions about Splunk’s Data Privacy Framework certifications and international data transfers. You may review a copy of the whitepaper here.
As part of our commitment to trust and transparency, our Data Request Guidelines outline Splunk’s procedures for responding to requests for customer data. The guidelines include information about our practices with respect to requests for third-party data, requests by legal authorities, and international requests for data.
Splunk offers Data Processing Addenda (DPAs) for customer compliance needs. Click here to download and electronically sign the Splunk DPA.
Splunk has created a dedicated financial services (FSI) program for our FSI customers subject to additional regulations related to outsourcing, third-party risk management and cloud services. We have taken into account various global regulations, and your need to comply with the highest security and resilience standards. To learn more about Splunk’s approach please visit “Splunk for Financial Services webpage”.
The Splunk Cloud Security Addendum (CSA) sets forth the administrative, technical and physical safeguards Splunk takes to protect customer data in Splunk Cloud Platform. Benchmarked against industry standard requirements (ISO 27001, SOC 2, HIPAA, PCI DSS and FedRAMP, as applicable), the CSA provides details regarding the data security controls in the Splunk Cloud Platform environment, including information about risk management, incident response, breach notification and encryption. The controls are audited annually, and are designed to reflect the way Splunk Cloud Platform operates.
For safeguards specific to our Splunk Observability Cloud and Splunk Attack Analyzer products, see the Splunk Observability Cloud Security Addendum and the Splunk Attack Analyzer Security Addendum.
Splunk’s response to the UK National Cyber Security Centre’s (NCSC) Cloud Security Principles for the Splunk Cloud Platform and the Splunk Observability Cloud (Observability) is available for review here. These principles were first published as guidance for the UK public sector to evaluate cloud services. Splunk will periodically review and update the above document to reflect any applicable changes.
Founded as a research organization in 2008, the Cloud Security Alliance defines standards, certification programs and best practices for a secure cloud computing environment.
The Consensus Assessments Initiative Questionnaire (CAIQ) is an industry-accepted cloud security questionnaire covering a comprehensive range of security controls against which customers may assess a cloud provider. Authorized users can access related documentation in the Standardised Information Gathering (SIG) Core Questionnaire.
The SIG questionnaires was created by Shared Assessments, an organization that provides best practices and tools for third-party risk management teams.
The SIG Core is an extensive set of questions used to ascertain the security posture of third-party vendors. The SIG measures security risks across 18 distinct control areas and aligns with the most updated international regulatory guidance and standards. Authorized users can access SIG questionnaires for the Splunk Cloud Platform and Observability Offerings in the Customer Trust Portal.
The Splunk Cloud Platform SaaS operates on a shared responsibility model to ensure the optimum customer experience. This shared model can help relieve the customer’s operational burden as Splunk operates, manages and controls the Splunk Cloud Platform service components, which includes services from our cloud service provider partners, as needed. The nature of this shared responsibility provides customers flexibility and control of their Splunk Cloud Platform environment. You can review details on the Splunk Cloud Platform shared responsibility model here.
If you're a professional security researcher that discovered a vulnerability in a Splunk Product or Service, submit your findings to us.