Workplace takes its security and compliance requirements seriously. It has features that the Alumni can use to comply with their legal, policy, risk, and threat-monitoring requirements.

At a technical level, there are two main Workplace capabilities that support these requirements:

  • Graph API: Gives administrators read access to all user content in Workplace
  • Webhooks: Event-driven notifications that Workplace sends administrators when user content changes and for user/admin events

Cloud Access Security Brokers (CASB)

CASB partners deliver systems that extend compliance, data security, and threat protection capabilities. These are products that many organisations are familiar with for other on-premise systems into the cloud. CASB products:

  • Monitor Workplace in near-realtime via API introspection
  • Enforce compliance policies that are defined by AFLI admins
  • Protect organisations against threats like compromised accounts or data loss

Workplace is ISO 27001 certified. Independent third-party organizations regularly audit the hosting practices used by Workplace and report publicly. Workplace is hosted on Facebook's highly-available, globally distributed infrastructure, with an engineered target recovery time objective (RTO) of zero, and a target recovery point objective (RPO) of zero.