Skip to main content
Qualtrics Home page

Qualtrics Security and Compliance

Securing your data
with HITRUST

Ensuring compliance with a rigorous control framework


The HITRUST Alliance initially created this framework to help customers demonstrate compliance with HIPAA and HITECH regulations. The HITRUST CSF initially focused on creating a control framework for protecting healthcare related data. The framework has since grown to encompass ISO, NIST, PCI, and FFIEC related controls. The Experience Management Platform™ meets all the specifications of HiTRUST, so you can be sure your platform is compliant.

NIST Cybersecurity Framework

In addition to the HITRUST certification, we’ve mapped the results of testing to the NIST Cybersecurity Framework (NIST CSF). This specifically addresses controls around identifying, protecting, detecting, responding, and recovering risks to the organization.

Protecting Health Information

Our HITRUST certification allows you to map your specific requirements to our ~300 controls. These controls are evaluated at least annually as part of our internal audit and external assessments. Information around our controls and how they are performed are published as part of our Security White Paper.

Built for Enterprise Security &
trusted by 10,000+ brands


  • Email Security (SMTP Server Setup, DKIM)
  • Data encryption in transit
  • SOC 2 data center certification
  • Local and offsite data redundancy
  • 3rd-Party Scans
  • Continuous network monitoring
  • Control password parameters and expirations
  • In-house 24/7 security operations center
  • Active session management
  • Users can opt-out of re-contact for a survey
  • Industry-leading security evaluations
  • Role-based authentication
  • U.S., Canada, Asia-Pacific, and EU data centers
  • Cyber Essentials Certified
  • Federal Government data and processing done in GovCloud
  • Data isolation option for unique encryption keys
  • EU-US Privacy Shield Certified
  • Swiss-US Privacy Shield Certified
  • ISO 27001 certified
  • HIPAA Self Certified
  • FedRAMP Moderate Level Authorized
  • Single Sign On (SSO)

Contact our sales team to learn more
about Qualtrics Security