LinkedIn maintains an Information Security Program to ensure the confidentiality, integrity, and availability of all computer and data communication systems while meeting the necessary legislative, industry, and contractual requirements.
LinkedIn policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001. In addition, we use an independent third-party body to audit our compliance with leading industry standards periodically.
The following is a comprehensive list of industry standard certifications to validate our commitment to members first.
The International Organization for Standardization 27001 Standard (ISO 27001) is an Information Security Management System (ISMS) standard that is globally recognized. This standard leverages best practices and comprehensive security controls from ISO 27002. It includes people, processes and IT systems by applying risk management process. LinkedIn’s ISO certification covers products and services on the LinkedIn platform and is available to view here.
The International Organization for Standardization 27018 Standard (ISO 27018) covers privacy protections for the processing of personal information by cloud service providers. LinkedIn’s ISO certification covers products and services on the LinkedIn platform and is available to view here.
Service Organization Control (SOC) report is based on American Institute of Certified Public Accountants (AICPA) trust service principles and criteria. The report provides detail on the effectiveness of a service organization’s controls focusing on the trust principles and criteria containing customer data. LinkedIn undergoes independent third-party assessment on relevant products and services. The LinkedIn SOC 2 report covers LinkedIn Recruiter, Sales Navigator, and LinkedIn Learning Solutions.
To request the SOC 2 report please reach out to your account management team.
The Payment Card Industry Data Security Standards (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC).
For certain Services, for which we act as a data processor, LinkedIn has certified under the EU-U.S. Privacy Shield framework. For additional information about the multiple legal mechanisms (including EU Standard Contractual Clauses) which LinkedIn has in place to help customers validate transfers of personal data from the European Economic Area to LinkedIn's services, please see this FAQ well as our Data Processing Agreement.
The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.