What about Security and Backups?

Security is our #1 priority. Yammer recognizes that the confidentiality, integrity, and availability of our
customersʼ information are vital to their businesses and to our own success.

Application Security
Yammer takes every measure to protect against the loss and unauthorized access of your data.
Connection to Yammer is always over a secure channel (SSL 3.0/TLS), ensuring that the
transmission of data between your computer and Yammer is never compromised. Your data is never
accessible via http, and we redirect all http connections to https (SSL/TLS). User passwords stored
on our servers are rendered unreadable using a cryptographically strong salted hash algorithm.

Low-Level Logical Barriers between Networks

Your data is private and separate from other Yammer networks. Low-level logical separation ensures
that data cannot be leaked between Yammer networks, even in the event of a programming error.

Data Center Security

Yammer stores your information on hardened Linux servers in our enterprise-grade data center. We
employ 24/7/365 video surveillance, strict personnel access controls, on-site security, and audits to
keep your information safe. Any visitor to our premises must be authorized, and further authorization
is required to access areas with servers, workstations, or networking equipment. As part of our strict
visitor access controls, a visitor log is kept to maintain a physical audit trail of visitor activity.

Data Backup and Disaster Recovery

We have equipped our data center with redundant load balancers and core switches to ensure the
integrity and availability of your data. Customer data is automatically backed up to a geographically
separate site, and is immediately bulk encrypted (we use AES - Advanced Encryption Standard).

Anti-Virus Security
We deploy anti-virus software across all systems commonly affected by viruses and other malware
and work vigilantly to protect against newly discovered vulnerabilities.

Internal and 3rd Party Testing

We thoroughly test our source code for security vulnerabilities. We run weekly internal and external
network vulnerability scans, and 3rd party penetration tests are run at least quarterly and after any
significant network change. We also employ file integrity monitoring software to alert personnel to
unauthorized modification of critical system or content files.

Logical Firewall
You can restrict access to your Yammer network to a specific IP range, so that Yammer is only
accessible at designated physical locations.

Password Policies
Set password policies for members of your Yammer network (requiring any combination of length,
numbers and letters, and special characters, as well as changing passwords on a regular interval).

Strong Authentication
Protects against "phishing attacks" and compromise of secondary email accounts.