opexxx/Information Security Program LinkedIn

## Information Security Program LinkedIn
Information Security Program
LinkedIn maintains a robust and extensive security program with policies and detailed security requirements that guide the program's execution. The objective of this program is to maintain the confidentiality, integrity and availability of information, intellectual property, and systems of LinkedIn and/or its users, members, guests, employees and business partners while meeting industry standards.
Compliance

LinkedIn policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001. In addition, we use an independent third-party body to audit our compliance with leading industry standards periodically.

Please see LinkedIn’s Security and Compliance page: https://security.linkedin.com/trust-and-compliance

Incident Management

A full security monitoring and incident response program is in place to alert, investigate, triage and remediate security events. Our Incident Response team performs a full investigation to determine the scope and impact of any security event or suspected incident and coordinates with the relevant teams for remediation.
Secure Software Development

LinkedIn maintains policies and procedures to ensure that system, device, application and infrastructure development is performed in a secure manner. A full Software Development Life Cycle (SDLC) framework, based on industry standards, is used to ensure secure design and engineering principles are integrated directly into the design and development process and are built into all products at LinkedIn.
Data Classification & Protection

LinkedIn maintains policies and procedures for data classification and protection governing how to securely handle different types of data.

Disaster Recovery and Business Continuity

LinkedIn maintains policies and procedures to ensure that LinkedIn may continue to perform business critical functions in the face of an extraordinary event. This includes data center resiliency and disaster recovery procedures for business critical data and processing functions.

Access Control

LinkedIn maintains policies and procedures to control access to LinkedIn’s facilities and systems using the least privilege paradigm where access is restricted to the minimum level necessary to perform business functions.

Risk Assessment Program

LinkedIn has a documented risk management procedure and Secure Software Development Life Cycle process. We perform risk assessments of our products and infrastructure on a regular basis, including review of our data classification policies and targeted reviews of highly confidential data flows.


LinkedIn maintains an Information Security Program to ensure the confidentiality, integrity, and availability of all computer and data communication systems while meeting the necessary legislative, industry, and contractual requirements.

LinkedIn policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001. In addition, we use an independent third-party body to audit our compliance with leading industry standards periodically.

The following is a list of industry standard certifications and standards that demonstrate our commitment to confidentiality and to members first.

ISO 27001

The International Organization for Standardization 27001 Standard (ISO 27001) is an Information Security Management System (ISMS) standard that is globally recognized. This standard leverages best practices and comprehensive security controls from ISO 27002. It includes people, processes and IT systems by applying risk management processes. LinkedIn’s ISO certification covers products and services on the LinkedIn platform and is available to view here.

Learning Solutions
Marketing Solutions
Sales Solutions
Talent Solutions

ISO 27018

The International Organization for Standardization 27018 Standard (ISO 27018) covers privacy protections for the processing of personal information by cloud service providers.  LinkedIn’s ISO certification covers products and services on the LinkedIn platform and is available to view here.

Learning Solutions
Marketing Solutions
Sales Solutions
Talent Solutions

SOC 2

Service Organization Control (SOC) report is based on American Institute of Certified Public Accountants (AICPA) trust service principles and criteria. The report provides detail on the effectiveness of a service organization’s controls focusing on the trust principles and criteria containing customer data. LinkedIn undergoes independent third-party assessment on relevant products and services. The LinkedIn SOC 2 report covers LinkedIn Learning Solutions, Marketing Solutions, Sales Solutions, and Talent Solutions. The Glint SOC 2 report covers the Glint platform. To request the SOC 2 report please reach out to your account management team.


PCI DSS

The Payment Card Industry Data Security Standards (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC). Reports are not shared with the public.
	Information Security Program
	LinkedIn maintains a robust and extensive security program with policies and detailed security requirements that guide the program's execution. The objective of this program is to maintain the confidentiality, integrity and availability of information, intellectual property, and systems of LinkedIn and/or its users, members, guests, employees and business partners while meeting industry standards.
	Compliance

	LinkedIn policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001. In addition, we use an independent third-party body to audit our compliance with leading industry standards periodically.

	Please see LinkedIn’s Security and Compliance page: https://security.linkedin.com/trust-and-compliance

	Incident Management

	A full security monitoring and incident response program is in place to alert, investigate, triage and remediate security events. Our Incident Response team performs a full investigation to determine the scope and impact of any security event or suspected incident and coordinates with the relevant teams for remediation.
	Secure Software Development

	LinkedIn maintains policies and procedures to ensure that system, device, application and infrastructure development is performed in a secure manner. A full Software Development Life Cycle (SDLC) framework, based on industry standards, is used to ensure secure design and engineering principles are integrated directly into the design and development process and are built into all products at LinkedIn.
	Data Classification & Protection

	LinkedIn maintains policies and procedures for data classification and protection governing how to securely handle different types of data.

	Disaster Recovery and Business Continuity

	LinkedIn maintains policies and procedures to ensure that LinkedIn may continue to perform business critical functions in the face of an extraordinary event. This includes data center resiliency and disaster recovery procedures for business critical data and processing functions.

	Access Control

	LinkedIn maintains policies and procedures to control access to LinkedIn’s facilities and systems using the least privilege paradigm where access is restricted to the minimum level necessary to perform business functions.

	Risk Assessment Program

	LinkedIn has a documented risk management procedure and Secure Software Development Life Cycle process. We perform risk assessments of our products and infrastructure on a regular basis, including review of our data classification policies and targeted reviews of highly confidential data flows.


	LinkedIn maintains an Information Security Program to ensure the confidentiality, integrity, and availability of all computer and data communication systems while meeting the necessary legislative, industry, and contractual requirements.

	LinkedIn policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001. In addition, we use an independent third-party body to audit our compliance with leading industry standards periodically.

	The following is a list of industry standard certifications and standards that demonstrate our commitment to confidentiality and to members first.

	ISO 27001

	The International Organization for Standardization 27001 Standard (ISO 27001) is an Information Security Management System (ISMS) standard that is globally recognized. This standard leverages best practices and comprehensive security controls from ISO 27002. It includes people, processes and IT systems by applying risk management processes. LinkedIn’s ISO certification covers products and services on the LinkedIn platform and is available to view here.

	Learning Solutions
	Marketing Solutions
	Sales Solutions
	Talent Solutions

	ISO 27018

	The International Organization for Standardization 27018 Standard (ISO 27018) covers privacy protections for the processing of personal information by cloud service providers. LinkedIn’s ISO certification covers products and services on the LinkedIn platform and is available to view here.

	Learning Solutions
	Marketing Solutions
	Sales Solutions
	Talent Solutions

	SOC 2

	Service Organization Control (SOC) report is based on American Institute of Certified Public Accountants (AICPA) trust service principles and criteria. The report provides detail on the effectiveness of a service organization’s controls focusing on the trust principles and criteria containing customer data. LinkedIn undergoes independent third-party assessment on relevant products and services. The LinkedIn SOC 2 report covers LinkedIn Learning Solutions, Marketing Solutions, Sales Solutions, and Talent Solutions. The Glint SOC 2 report covers the Glint platform. To request the SOC 2 report please reach out to your account management team.


	PCI DSS

	The Payment Card Industry Data Security Standards (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC). Reports are not shared with the public.