In the second blog post in this series, we answer the final 5 questions you ask the most about Workplace by Facebook. Here you’ll find details on Workplace security, compliance, and data protection. And we also explore how the platform integrates with other software and the Workplace tools that will transform the way you work.

6) How does Workplace manage risk and security, issues around compliance, and legal concerns?

A critical part of our mission is providing a secure community for everyone who uses Workplace. So ensuring the security of your information is at the very heart of what we do. Every decision we make involves understanding in detail the impact a new product, feature, or process might have on security and privacy. It’s a key part of our culture at Facebook and it plays a critical role at Workplace.

  • Your Workplace account is separate from your personal Facebook account

Posts made in your personal account are not visible in your Workplace account, and vice versa. Your login credentials for each account are also separate. You can choose to manage your login administration centrally to include additional security with single-sign-on and automatic user management. It means you control who is in or out of your organization’s account.

  • Workplace has industry-leading security controls and hosting operations

When it comes to the safety of data, we hold ourselves to the highest standard. Workplace is proud to be ISO 27001 certified. Independent third-party organizations regularly audit our hosting practices. You can see our industry-standard SOC3 report here. We can also provide a SOC2 report with additional details for Workplace Premium customers.

We host Workplace on Facebook’s highly available, globally distributed infrastructure. It’s engineered with a target recovery time objective (RTO) of zero, and a target recovery point objective (RPO) of zero.

  • Security is our top priority

We designed Workplace in collaboration with our security experts and we regularly evaluate and test the security of the service. Examples of these activities include full source code reviews, penetration tests, and security audits by an independent third-party. We’re happy to share these reports and results with our Workplace Premium customers if they ask us to.

  • Data controls

As a Workplace Premium customer, your organization owns and manages your data so your System Administrators can modify, delete, or export your data at any time. We provide industry standard APIs to give you real-time activity monitoring and content export. You can find all the relevant documents right here.

If we receive a request for your data from a third party, we will redirect the request to the Administrator. And if you’d like to use third-party tools for e-discovery and compliance, we provide integration with many industry-leading providers.

Workplace Standard customers own all of the content you post and share as part of Facebook’s community standards. Users have the option to delete or deactivate their account at any time.

  • Security and privacy

Workplace commits to security and privacy. This includes our certification under the EU-U.S. Privacy Shield Framework. You can find more information about this in our FAQs.

7) How does Workplace safeguard data?

We take Security and Compliance requirements seriously. Workplace has features that our customers around the world can use to comply with their legal, policy, risk, and threat-monitoring requirements.

At a technical level, there are two main Workplace capabilities that support these requirements:

  1. Graph API: Gives administrators read access to all user content in your Workplace instance
  2. Webhooks: Event-driven notifications that Workplace sends administrators when user content changes and for user/admin events

Cloud Access Security Brokers (CASB)

CASB partners deliver systems that extend compliance, data security, and threat protection capabilities. These are products that many organizations are familiar with for other on-premise systems into the cloud. CASB products:

  • Monitor Workplace in near-realtime via API introspection
  • Enforce compliance policies that you define
  • Protect your organization against threats like compromised accounts or data loss

Read more about our CASB partners on the following links: Netskope | Skyhigh

8) And how does it deal with e-Discovery and legal hold?

Our e-Discovery, Archive, and Compliance partners offer products that can:

  • Archive all of your electronic communications into a single repository
  • Enable organizations in regulated industries to comply with retention and oversight requirements
  • Support your lawyers or legal teams to find and review electronic communications in the event of a lawsuit

Find out more about Workplace’s e-Discovery, Archive, Compliance, and Information Governance partners: CSDisco | Smarsh | PwC

Securing your data

Workplace holds SOC2 and ISO27001 compliance. We’re very happy to share further details under NDA.

For more information about our approach to data and e-discovery head over to our Workplace Developer Documents website.

9) How can we use Workplace to collaborate, and how do teams use the platform in the most effective way?

Workplace provides a mobile and intuitive experience. And, because people already know how to use Facebook, it’s a platform that’s familiar to users. By connecting everyone, Workplace allows all employees to communicate and collaborate in new ways.

Key features that allow collaboration are:

  • Groups: Groups are the heart of Workplace. And they’re where work gets done. They enable discussions to happen on any topic (projects, department, interests, company announcements) for a specific audience to help build collective knowledge. And they help you organize and make sense of large-scale conversations, and use rich media to provide feedback and reaction in comments. Many organizations tell us that Groups have created some of their most impressive results such as cost savings and the automation of processes by using bots
  • Multi-company groups: Many tasks at work involve working with people from other organizations. With multi-company groups, you can create secure groups to share posts, photos, videos and documents with anyone – even if they don’t already have a Workplace account. Our customers use multi-company groups to get the work done with vendors, agencies and contract staff
  • Live: Using Workplace Live Video from anywhere allows you to include everyone in your most important events and meetings. It helps organizations with shift workers to have virtual meetings. And it brings remote workers into the conversation and allows them to participate and ask questions
  • Profiles & Org Chart: Org Chart visualizes your organization and helps you quickly find people and teams. Your Org Chart is an interactive view of everyone in your company and how they fit together. By clicking on people, you can navigate through departments and find out more about them. And, once you’ve found them, you can quickly say hello via a Work Chat message or an email
  • Work Chat: Employees have a need to communicate in real time with other colleagues. Using Work Chat has allowed companies to get customer responses faster, to change shifts, and host video calls or meetings. This has led to a reduction in team meetings of up to 35%. And a reduction in email traffic of up to 50%. There’s also no need to share personal phone numbers because the directory lives securely within Workplace
  • Events: Companies are now able to increase participation in events and retain collective knowledge more effectively. For example, executives running their annual summit can now use a Workplace Event to add the agenda, presentations, and polls that discuss the learning points. This knowledge remains accessible in the future and people can go easily return to items of interest from any previous events
  • Search: Workplace indexes all of your content. So your people can find the right information at the right time even if they’re new to the organization or have moved departments. Knowledge remains accessible and usable

See more about what’s new in Workplace.

10) How does Workplace fit in with the other tools we use?

Workplace integrates seamlessly with all the other productivity tools your organization uses (Office 365, G-Suite, Box, Salesforce, Quip, Dropbox, Okta, Bluejeans, Onelogin, Azure AD, and much more). And, just like the other apps in the Facebook family, we’ve built Workplace to be mobile-first.

Workplace Premium includes built-in content integrations to some of the world’s leading enterprise services, including OneDrive, to make it easier to share, preview and organize files, documents and work with customer records. Additionally, System Admins can develop custom integrations to extend the functionality of Workplace by using APIs. For more information, visit our Developer documents.

With these integrations, we’re making it simpler for people to use Workplace to share ideas and collaborate in their teams.

Read about our vision for the future of work and how our customers use Workplace to connect their organizations in part one of the series.


Find out how others use Workplace to bring people together across their organizations, and join Workplace Premium for a free 90-day trial right here.

What's next

Read more Latest news

Answered: The Top 10 Questions You Ask About Workplace

We’ve put together a list of the 10 questions our customers ask us most about Workplace by Facebook. And here […]