skip to main content

Gallup Information Security & Data Privacy

To accomplish its mission of helping leaders and organizations solve their most pressing problems, Gallup collects and analyzes vast amounts of data. As such, it is dedicated to ensuring that the necessary information security and privacy safeguards are in place to adequately protect data and ensure individual data subject rights.

As a global organization, Gallup has chosen to ensure maximum coverage of client requirements by implementing controls for information security and privacy that are found under the frameworks of the American Institute of Certified Public Accountants (AICPA), the International Standards Organization (ISO) and National Institute of Standards and Technology (NIST).

Gallup adheres to all U.S. and international data protection and security laws, and routinely undergoes regular information security and privacy audits of its systems and infrastructure to ensure its policies, procedures and controls meet or exceed the high standards of its global clients.

Certifications and Accreditations

Certifications and Accreditations

ISO/IEC 27001:2022Gallup Inc. has established and maintains an Information Security Management System (ISMS) in accordance with the ISO 27001:2022 certification standard for Gallup's survey and reporting platforms.

ISO/IEC 27001:2022 is an internationally recognized information security standard for the establishment and certification of an Information Security Management System (ISMS). The standard specifies the requirements for the implementation of a continuous monitoring program with adequate security controls.

ISO 27701:2019The first globally recognized privacy certification, ISO 27701:2019 is the privacy extension to ISO 27001. ISO 27701 builds on the same information security controls and objectives associated with collection and processing of personally identifiable information (PII) and other types of personal data consistent with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and other data privacy requirements.

Download Gallup's ISO 27001:2022/27701:2019 certificate

SOC 2The SOC 2 audit report provides detailed information and assurance about Gallup's security, confidentiality, and privacy controls, based on its compliance with the American Institute of Certified Public Accountants' (AICPA) Trust Services Criteria (TSC).

Complete the form to request a copy of Gallup's SOC 2, Type 2 report

SOC 3Like the SOC 2, the SOC 3 report is based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) Trust Services Criteria (TSC). The SOC 3 evaluates Gallup's effectiveness in the Trust Services Criteria of security, confidentiality, and privacy. The SOC 3 is a publicly releasable report.

Download Gallup's SOC 3 report

Contact Us

Get more information about Gallup's Security & Privacy practices.

Complete the form below to request a copy of Gallup's SOC 2, Type 2 report, Gallup's Cybersecurity and Data Privacy Overview document, or for other general inquiries related to Gallup's Information Security program.

Report a potential security vulnerability or incident to Gallup:

Please note, due to the confidential details contained within the SOC 2 report, a Non-Disclosure Agreement must be in place prior to releasing this report.

(*) Required