Alteryx’s Information Security Program utilizes an overarching framework to address enterprise information security governance, protecting information assets and systems against attacks and incidents while ensuring appropriate security is a priority at all levels of the product development process. It is a risk-based program that aligns with industry-standard frameworks, such as NIST CF and SIRT, to incorporate those security principles applicable to our regulatory and contractual obligations.
Alteryx complies with its obligations under data protection law with respect to all restricted, cross-border transfers of personal data. Access to customer content through hosting, support, or professional services is managed as a data transfer subject to the standard contractual clauses outlined in Alteryx's standard data processing agreement (DPA). Internal data transfers between Alteryx entities utilize a comprehensive intra-company DPA and standard contractual clauses.
Alteryx's privacy program aligns to the NIST Privacy framework using a data lifecycle approach to both product development and our data practices. To comply with applicable law in the jurisdictions in which we do business, as well as to ensure alignment with industry best practices and customer obligations, Alteryx applies a consistent set of privacy principles based on those outlined by the GDPR and any additional requirements for privacy and marketing by state, province, country, or region.
Data Subject Rights
Alteryx is committed to promoting high standards of honest and ethical business conduct and compliance with applicable laws, rules and regulations. We lead the company guided by our Code of Business Conduct and Ethics and a set of core values that shape our behaviors and maintain our culture. Our shared values of Customer First, Accountability, Equality, Integrity, and Empowerment inform the development of our products, the service of our customers, and the achievement of our business objectives.
Alteryx maintains a comprehensive information security program designed to protect the confidentiality, integrity, and availability of customer and user data in accordance with all applicable industry standards and practices. Our security program includes measures intended to meet or exceed data protection requirements for personal data, including those outlined by the GDPR and CCPA.
Alteryx provides a desktop analytics and server environments that meet the thresholds for Federal Information Processing Standards (FIPS) compatibility as established by the National Institute of Standards and Technology (NIST) and in accordance with the Federal Information Security Management Act (FISMA) and as approved by the Secretary of Commerce.
Alteryx strives to deliver stable solutions that customers can operate with confidence, and we take defects and downtimes seriously. Alteryx follows ISO 22301 guidelines for managing and maintaining plans for continuity of operations. This includes identifying critical processes, reviewing their components, and verifying response times in line with the company’s recovery time objectives.
We recently completed our first-ever ESG Materiality Assessment, which will guide our ESG reporting and disclosures going forward. We are currently signed on to three pledges, including: Pledge 1% (free product donations and volunteering time), CEO Action Pledge (diversity, equity and inclusion), and America Is All In (Paris Climate Agreement). We are also members of ImpactCloud, a coalition of tech companies committed to supporting nonprofit digital transformation.