LinkedIn maintains an Information Security Program to ensure the confidentiality, integrity, and availability of all computer and data communication systems while meeting the necessary legislative, industry, and contractual requirements.
LinkedIn policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001. In addition, we use an independent third-party body to audit our compliance with leading industry standards periodically.
The following is a list of industry standard certifications and standards that demonstrate our commitment to confidentiality and to members first.
The International Organization for Standardization 27001 Standard (ISO 27001) is an Information Security Management System (ISMS) standard that is globally recognized. This standard leverages best practices and comprehensive security controls from ISO 27002. It includes people, processes and IT systems by applying risk management processes. LinkedIn’s ISO certification covers products and services on the LinkedIn platform and is available to view here.
The International Organization for Standardization 27018 Standard (ISO 27018) covers privacy protections for the processing of personal information by cloud service providers. LinkedIn’s ISO certification covers products and services on the LinkedIn platform and is available to view here.
Service Organization Control (SOC) report is based on American Institute of Certified Public Accountants (AICPA) trust service principles and criteria. The report provides detail on the effectiveness of a service organization’s controls focusing on the trust principles and criteria containing customer data. LinkedIn undergoes independent third-party assessment on relevant products and services. The LinkedIn SOC 2 report covers LinkedIn Learning Solutions, Marketing Solutions, Sales Solutions, and Talent Solutions. The Glint SOC 2 report covers the Glint platform.To request the SOC 2 report please reach out to your account management team.
The Payment Card Industry Data Security Standards (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC). Reports are not shared with the public.