false
Data Privacy

Data Privacy

As a big data company, Splunk understands the importance of data privacy. Our programs, products and services are structured to provide effective data privacy protections for Splunk, its customers, partners and employees.


passionate experts

Security

Security by Design is top-of-mind throughout our development process. Our products and services are designed to meet your data security needs, including access controls, monitoring and encryption.


partners-developers

Compliance

Splunk complies with industry and international security standards. This includes participating in rigorous third-party audits that verify security controls for our Cloud services.


partners-developers

Responsible AI

Splunk is committed to responsibly leverage AI technology. Splunk embraces the AI principles of Accountability, Transparency, Privacy, Fairness, and Resilience. And each product powered by Splunk AI undergoes review.


 guiding

Guiding Principles

Customers turn to Splunk to understand and improve their security posture. We practice what we preach. We are committed to adhering to global and industry compliance standards. We prepare for incidents and we help you prepare, respond to and remediate them as well.

Additional Resources

The Splunk Customer Trust Portal provides you with easy, on-demand access to documentation about Splunk’s global privacy, security, and compliance programs, including certifications, compliance reports, standard security questionnaires and white papers.

Privacy and Security Fact Sheets

The Privacy and Security Fact Sheet is designed and intended to provide an overview of core privacy and security measures we offer in the Splunk Cloud Platform, and serve as a resource to assist customers with their data protection impact assessments.

Whitepaper: International Data Transfers & the EU-U.S. Data Privacy Framework

Splunk is proud to be among the first organizations to obtain certification under the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and Swiss-U.S. Data Privacy Framework. In order to provide customers with key details on its certification, Splunk has created a Whitepaper on International Data Transfers & the EU-U.S. Data Privacy Framework.  This whitepaper is intended to answer common questions about Splunk’s Data Privacy Framework certifications and international data transfers. You may review a copy of the whitepaper here.

Splunk Data Request Guidelines

As part of our commitment to trust and transparency, our Data Request Guidelines outline Splunk’s procedures for responding to requests for customer data. The guidelines include information about our practices with respect to requests for third-party data, requests by legal authorities, and international requests for data.

Data Protection Addendum

Splunk offers Data Processing Addenda (DPAs) for customer compliance needs. Click here to download and electronically sign the Splunk DPA.

Financial Services

Splunk has created a dedicated financial services (FSI) program for our FSI customers subject to additional regulations related to outsourcing, third-party risk management and cloud services. We have taken into account various global regulations, and your need to comply with the highest security and resilience standards. To learn more about Splunk’s approach please visit “Splunk for Financial Services webpage”.

Security Addendums

The Splunk Cloud Security Addendum (CSA) sets forth the administrative, technical and physical safeguards Splunk takes to protect customer data in Splunk Cloud Platform. Benchmarked against industry standard requirements (ISO 27001, SOC 2, HIPAA, PCI DSS and FedRAMP, as applicable), the CSA provides details regarding the data security controls in the Splunk Cloud Platform environment, including information about risk management, incident response, breach notification and encryption. The controls are audited annually, and are designed to reflect the way Splunk Cloud Platform operates.

For safeguards specific to our Splunk Observability Cloud and Splunk Attack Analyzer products, see the Splunk Observability Cloud Security Addendum and the Splunk Attack Analyzer Security Addendum.

UK NCSC Cloud Security Principles

Splunk’s response to the UK National Cyber Security Centre’s (NCSC) Cloud Security Principles for the Splunk Cloud Platform and the Splunk Observability Cloud (Observability) is available for review here. These principles were first published as guidance for the UK public sector to evaluate cloud services. Splunk will periodically review and update the above document to reflect any applicable changes.

Consensus Assessment Initiative Questionnaire (CAIQ)

Founded as a research organization in 2008, the Cloud Security Alliance defines standards, certification programs and best practices for a secure cloud computing environment.

The Consensus Assessments Initiative Questionnaire (CAIQ) is an industry-accepted cloud security questionnaire covering a comprehensive range of security controls against which customers may assess a cloud provider. Authorized users can access related documentation in the Standardised Information Gathering (SIG) Core Questionnaire.

The SIG questionnaires was created by Shared Assessments, an organization that provides best practices and tools for third-party risk management teams.

The SIG Core is an extensive set of questions used to ascertain the security posture of third-party vendors. The SIG measures security risks across 18 distinct control areas and aligns with the most updated international regulatory guidance and standards. Authorized users can access SIG questionnaires for the Splunk Cloud Platform and Observability Offerings in the Customer Trust Portal.

Sub-processor and Subcontractor Notifications

Sign up to receive email notifications of changes to sub-processors and subcontractors for Splunk products and services. You can sign up here. View the current list of sub-processors and subcontractors here.

Splunk Cloud Platform: Shared Responsibility Model

The Splunk Cloud Platform SaaS operates on a shared responsibility model to ensure the optimum customer experience. This shared model can help relieve the customer’s operational burden as Splunk operates, manages and controls the Splunk Cloud Platform service components, which includes services from our cloud service provider partners, as needed. The nature of this shared responsibility provides customers flexibility and control of their Splunk Cloud Platform environment. You can review details on the Splunk Cloud Platform shared responsibility model here.

Report a security vulnerability

If you're a professional security researcher that discovered a vulnerability in a Splunk Product or Service, submit your findings to us.

 report