Workday
Certifications & attestations
| Certification | Status | Source | Last verified |
|---|---|---|---|
| SOC 1 Type II Issued under ISAE 3402. Applies to Workday Enterprise Products, Adaptive Planning, VNDLY. | Verified | vendor source ↗ | June 10, 2026 |
| SOC 2 Type II SOC 2+ also maps controls to NIST CSF and NIST 800-171. Covers Enterprise Products, Adaptive Planning, Peakon, VNDLY, HiredScore and more. | Verified | vendor source ↗ | June 10, 2026 |
| SOC 3 Public reports for Enterprise Products, Peakon Employee Voice, Strategic Sourcing, and Evisort. | Verified | vendor source ↗ | June 10, 2026 |
| ISO 27001 Consolidated certificate; separate certificate for VNDLY. Also holds ISO 27017 and ISO 27018. | Verified | vendor source ↗ | June 10, 2026 |
| ISO 27701 Privacy Information Management System extension to ISO 27001. | Verified | vendor source ↗ | June 10, 2026 |
| ISO 42001 AI management systems — covers HCM, Financial Management, Adaptive Planning, Peakon, and other products. | Verified | vendor source ↗ | June 10, 2026 |
| FedRAMP (Moderate) FedRAMP Authorized at Moderate level for Workday Government Cloud. | Verified | vendor source ↗ | June 10, 2026 |
| HIPAA Third-party HIPAA attestation for Workday Enterprise Products. | Verified | vendor source ↗ | June 10, 2026 |
| Cyber Essentials Plus UK government-backed scheme. | Verified | vendor source ↗ | June 10, 2026 |
| TX-RAMP Level 2 | Verified | vendor source ↗ | June 10, 2026 |
| TISAX Result on the ENX portal. IRAP (PROTECTED), G-Cloud, CCCS (Canada), EU Cloud CoC, CSA STAR L1, and Data Privacy Framework also listed. | Verified | vendor source ↗ | June 10, 2026 |
→ Direct answer: Does Workday have SOC 2?
Subprocessors
Subprocessor extraction for Workday is pending.
Hosting & data residency
- Infrastructurenot yet recorded
- Data residencynot yet recorded
Trust documents & links
- Trust centerhttps://www.workday.com/en-us/why-workday/trust/overview.html
- Security pagehttps://www.workday.com/en-us/why-workday/trust/security.html
- DPAnot yet recorded
- Status pagehttps://community.workday.com/trust/status
Security incidents & disclosures
No incidents on record in the public sources we track, as of June 10, 2026. Absence of a record is not a guarantee — see methodology.
Change history
2026-06-10
Vendor added with a verified initial snapshot: SOC 1/2 Type II, public SOC 3, ISO 27001/27017/27018/27701, ISO 42001, FedRAMP Moderate (Workday Government Cloud), HIPAA attestation, Cyber Essentials Plus, TX-RAMP L2, and TISAX confirmed against Workday's compliance page with direct certificate PDFs (fetched 2026-06-10). Status dashboard requires a Workday Community login.