Skip to main content

Workflow Automations - Security & Usage Allocation

This article explains the security, compliance, and data protection practices of Workato and how Workato task allocations/plans are managed.

Updated this week

1. Security Considerations

Workato is designed to meet enterprise security standards across industries, with certifications and safeguards that align with global compliance frameworks.

Certifications and Security Standards

Workato holds a range of certifications:

  • SOC 1 / SOC 2 Type II: Audited internal controls for security and availability

  • ISO 27001 & ISO 27701: Information security and privacy governance

  • PCI-DSS v4.0.1 Level 1: Secure cardholder data processing

  • HIPAA: Healthcare data protection (with Business Associate Agreements available)

  • IRAP: Alignment with Australian government cybersecurity requirements

Key Security Practices

  • Bug Bounty Program: Workato runs a bug bounty via HackerOne, inviting external security researchers to identify and report vulnerabilities — a proactive and transparent layer of protection.

  • RBAC and Access Control: Workato enforces Role-Based Access Control (RBAC), separating user permissions across development, testing, and production environments.

  • Audit Logs and Monitoring: User activity is logged, and Automation HQ provides visibility across workspaces.

  • Network Security: All platform access occurs over HTTPS with strong encryption algorithms (128-bit or greater).

  • Incident Monitoring: Security systems are monitored 24/7 with real-time alerting. Uptime and system health are visible at status.workato.com.

Data Privacy

  • Workato maintains a public privacy policy that outlines what personal data is collected, how it’s handled, and what rights users have.

  • Fully GDPR compliant, Workato also supports cross-border data transfer protections through a Data Protection Addendum (DPA).

  • Privacy controls are included in Workato’s SOC 2 audit under the Privacy Trust Principle.

  • Workato is also certified under ISO 27701:2019, a global standard for privacy management.

Credential & Encryption Practices

  • OAuth 2.0 is the default connection method whenever possible

  • Stored credentials are encrypted with 256-bit key encryption

  • A hierarchical key model limits exposure by isolating encryption levels — with a Customer Main Key (CMK) at the top

You can review more at:

2. Tasks Allocation in Workato

Currently, each company receives a customized task package (aka a plan in Workato) that can be updated or expanded based on business needs and actual usage patterns. These allocations are reviewed to maintain fair and balanced usage during the beta phase.

The following plans are currently supported:

  1. A Company in POC will automatically be assigned with the trial plan in Workato.

  2. A Company which is a customer will automatically be assigned with the bronze plan in Workato.

Plans may be changed automatically based on the customer's status,

Any changes to pricing will be communicated in advance, with an option to review and approve before activation. You will not be charged automatically for Workato usage. Any transition from free to paid usage will occur only after official communication, including full pricing details.

Related Articles
CYE — AI Governance Overview
Did this answer your question?