The security of our customer data is always our top priority at Slido.
We strive to follow the best practices and comply with recognized standards to ensure that Slido is as secure as possible for you.
Over the past few years, we’ve made a number of improvements in this space which add to the protections of your Slido organization as well as for your users.
Here is everything you need to know about our most recent security updates.
#1. Slido’s acquisition by Cisco
As a business, Cisco is both passionate about and known for the security of its products.
When Slido was acquired by Cisco, we were able to leverage Cisco’s industry-leading security practises for the benefit of our users.
For example, in the security monitoring space, Slido now benefits from the use of the Security Incident & Event Management (SIEM) system as well as direct cooperation with Cisco’s Security Operations Center (SOC).
These systems significantly improve our ability to detect and respond to security events in a faster and highly coordinated manner.
For more information on how we comply with industry security standards, you can learn more in our area in Cisco’s Trust Portal.
#2. SOC 2 compliance
Over Slido’s 11 years, we’ve worked with thousands of companies around the world.
We understand how important it is for organizations to work with well-known, established security frameworks.
That’s why we have taken all the necessary measures to achieve SOC 2 Type II compliance in 2023.
This serves as an additional assurance to all our customers that Slido has all the right tools and procedures to safeguard their information. Customers can feel confident in trusting us with their data.
What is SOC 2 compliance?
SOC 2 stands for System and Organization Controls 2 and is a standard set for companies operating in the US, developed by the American Institute of Certified Public Accountants (AICPA).
This provides assurance that Slido’s service commitments and system requirements are achieved based on trust services criteria relevant to security, availability, confidentiality and privacy.
Slido has achieved a Type II compliance, which verifies the operational effectiveness of assessed controls over time.
Auditors use a randomized sampling technique to assess controls. They first assess the design of security processes at a specific point in time and then they assess how effective those controls are over time by observing operations for six to twelve months.
This provides a high level of assurance that the organization’s security controls are operationally effective.
Therefore Slido’s achievement of SOC2 Type II compliance attests to the high security standards in place.
Where can I view your SOC 2 certificate?
You can download Slido’s SOC 2 certificate here in our Trust Portal.
#3. ISO 27001 certification
Since February 2020, Slido has been fully compliant with ISO 27001.
This means that our security practices and operations are regularly audited by an independent certification authority.
What is ISO 27001?
ISO/IEC 27001 is an information security management system that helps keep consumer data safe in the private sector and government departments.
Organizations may be ISO 27001 certified upon meeting a set of security requirements and successful completion of a security audit done by an accredited certification body.
Can I view your ISO 27001 certificate?
Yes, you can download the ISO 27001 certificate here from our Trust Portal or view it below.
#4. Member SSO
Slido supports SSO (single sign-on) for participants and Enterprise clients alike.
This feature has been important for our Enterprise clients as it allows them to control who can join their private Slido events, like internal meetings or all-hands meetings.
The Member SSO works very similarly to a Participant SSO, but instead of participants, you use the SSO login for members (users or admins) within your Slido organization.
What is SSO?
SSO is an authentication process that enables a user to access multiple applications with one set of login credentials.
In Slido, it means that as an owner of the organization, you can give members (admins, users, guests) or participants access to Slido through their identity providers (IdP), such as Okta, Azure, OneLogin, Auth0 or others.
Why should I use it?
With SSO, you can control access to your Slido organization. You can integrate Slido with your IdP in order to make sure that only people from your company or department can log into and manage your Slido account or Slido events. This protects your data once someone leaves your organization.
How can I set up Member SSO?
You’ll find the complete step-by-step guide on how to set up Member SSO in your Slido organization by clicking this link.
Which plan offers this feature?
Both Member SSO and Participant SSO are currently available in our Enterprise plan.
Is Slido secure even if I don’t use Member SSO?
Definitely, yes. Slido abides by a number of strict security standards. Hence, even if you don’t use SSO login for either your users or participants, your data – as well as the data of your participants – are safe with us. See more details in our security policy.
#5. Member SCIM Provisioning
Since 2020, we have made your user account provisioning even safer by implementing a SCIM (System for Cross-domain Identity Management) protocol.
In a nutshell, SCIM-based member user provisioning is a process that enables you to manage users in your Slido Team Management safely using your IdP.
At the moment, we have verified user provisioning setups for Okta, OneLogin, Azure and Auth0 IdPs. However, it is also possible to use our implementation of the SCIM protocol with any other IdP that adheres to SCIM standards.
What is Member SCIM Provisioning?
SCIM is a standard for automating the exchange of user identity information between identity domains. SCIM communicates member identity data between your identity providers.
Slido supports all identity providers that cooperate with the SCIM protocol. For instance, Okta, OneLogin, Azure, and service providers requiring user identity information (in this case, Slido).
Why should I use it?
If you’re already using an IdP in your company, our SCIM-based Member Provisioning will allow you to integrate Slido and manage the members of your Slido organization right from the dashboard of your IdP, along with your other favorite workspace applications.
How can I set up Member SCIM Provisioning?
You’ll find the complete step-by-step guide on how to set up Member SCIM Provisioning for your Slido organization by clicking this link.
Which plan offers this feature?
Our Member SCIM Provisioning feature is currently available only in our Enterprise plan and can be used only when Member SAML SSO is enabled.
#6. Anonymous is truly anonymous
We’re often asked if the anonymity feature is 100% anonymous, especially when coupled with SSO.
Participants can rest assured that anything they submit through Slido anonymously will stay that way – unless they identify themselves through the comments, and admins will not see any identifying information from participants at any time.
Setting up anonymity can be done through privacy settings on both an event and organizational level.
Over to you
Hopefully, this article has shed some light on the improved security at Slido. We’re ready to help you make the most out of Slido in your company.
Contact our support or our sales team below who’ll be happy to find a tailored solution for your company.