Information Security Program

LinkedIn maintains a robust and extensive security program with policies and detailed security requirements that guide the program's execution. The objective of this program is to maintain the confidentiality, integrity and availability of information, intellectual property, and systems of LinkedIn and/or its users, members, guests, employees and business partners while meeting industry standards.

Compliance

LinkedIn policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001. In addition, we use an independent third-party body to audit our compliance with leading industry standards periodically.

Please see LinkedIn’s Security and Compliance page: https://security.linkedin.com/trust-and-compliance

Incident Management

A full security monitoring and incident response program is in place to alert, investigate, triage and remediate security events. Our Incident Response team performs a full investigation to determine the scope and impact of any security event or suspected incident and coordinates with the relevant teams for remediation.

Secure Software Development

LinkedIn maintains policies and procedures to ensure that system, device, application and infrastructure development is performed in a secure manner. A full Software Development Life Cycle (SDLC) framework, based on industry standards, is used to ensure secure design and engineering principles are integrated directly into the design and development process and are built into all products at LinkedIn.

Data Classification & Protection

LinkedIn maintains policies and procedures for data classification and protection governing how to securely handle different types of data.

Disaster Recovery and Business Continuity

LinkedIn maintains policies and procedures to ensure that LinkedIn may continue to perform business critical functions in the face of an extraordinary event. This includes data center resiliency and disaster recovery procedures for business critical data and processing functions.

Access Control

LinkedIn maintains policies and procedures to control access to LinkedIn’s facilities and systems using the least privilege paradigm where access is restricted to the minimum level necessary to perform business functions.

Risk Assessment Program

LinkedIn has a documented risk management procedure and Secure Software Development Life Cycle process. We perform risk assessments of our products and infrastructure on a regular basis, including review of our data classification policies and targeted reviews of highly confidential data flows.