Back to ESG

Leading with Security and Ensuring Privacy

At Manhattan Associates, security is integral to our products, services, and our business processes. We utilise industry-leading tools, technologies, and procedures to monitor and evaluate the performance and security of our production services. Our approach enables us to provide comprehensive data protection and privacy programs to protect customer information. 

  • Today’s cyber threats move fast. Across all our products and services, we help keep customers protected with our constantly evolving tools, technologies, expertise and safeguards.  
  • Manhattan Associates invests heavily in technology development and practices to actively protect company and customer data.  
  • Our comprehensive security and compliance programs are based on industry best practices and standards.
  • We maintain a comprehensive set of compliance certifications, attestations, and third-party assessments to give customers confidence that their information is safe.


Manhattan Associates understands that compliance is crucial to success. Compliance improves performance, drives consistency, and reduces errors so our customers receive better solutions with more efficiency.   

We build our security management and compliance programs based on industry standards from CIS, ISO27001, and NIST.  Our security risk management framework establishes the mandate, commitment, guiding principles and established roles and accountabilities for managing, monitoring and improving risk management practices within the organisation.  

We perform internal testing of key security and privacy controls to validate adherence to established frameworks. This includes third party security penetration testing on an annual basis. The results of those tests are communicated to executive management and remediation efforts are monitored. Controls are retested as appropriate to ensure security protection.  

Security and privacy controls are audited yearly by an independent third party to verify that technology, processes and procedures are in place and followed.  

Our Partner Code of Conduct applies to all Manhattan Associates’ business partners who we expect and require to follow.   

Data Security

Responsibility for ongoing monitoring and remediations is shared among our security and product teams. Documented procedures are in place to facilitate the timely response of any security incident. Our dedicated cybersecurity teams manage security controls and monitoring activities designed to protect customer data and strengthen company operations. Methods of protecting customer data from cyber-attacks and other fraudulent intrusions include but are not limited to: 

  • Data Encryption Protocols 
  • Information Protection Programs 
  • Data Retention Programs
  • Data Processing Agreements 
  • Continual Security Training including OWASP & Phishing Exercises 
  • Third Party Security Penetration Testing 
  • Third Party Risk Assessments
  • 24x7 Monitoring, Alerting, & Response 


Our dedicated security governance and privacy teams are responsible for developing and overseeing the privacy and security practices of our organisation. Manhattan Associates continuously seeks to enhance its privacy culture and all employees undergo privacy and security training. 

Our Privacy Policy describes what information we collect, how we collect it, how we use it, with whom we may share it and what choices customers have regarding our use of information.   

We recognise that data is one of the most valuable assets and we are committed to protecting customer information within our services.


In May 2018, the General Data Protection Regulation (GDPR) took effect. The GDPR is a European Union regulation that seeks to harmonise existing data protection laws across Europe and is designed to strengthen data protection rules for the processing of personal data of EU residents including the transfer of personal data outside the EU. 

Manhattan Associates has committed to incorporating the GDPR’s core principles and requirements into our global privacy and data protection programs. We maintain a Data Protection Officer (DPO) and conduct internal assessments to evaluate our readiness to meet and maintain our obligations under the law.


Manhattan Associates maintains corporate security policies and subsidiary documents which establish the requirements for accessing, using, storing, transmitting, protecting and disposing of information and information systems for which Manhattan Associates is responsible.  

Those policies provide the standards and guidance on security controls used to govern our information and information systems.  Policies include but are not limited to:

  • Acceptable Use
  • Access Control
  • Audit
  • Change Management
  • Cloud Security
  • Data Classification, Protection, Retention
  • Incident Response
  • Risk Management
  • Patch Management
  • Password
  • Penetration & Vulnerability Testing
  • Vendor Risk

We consider the protection of information and information systems to be critical to the success of the company and as such it is company policy to require all reasonable effort be made in order to provide:

  • Confidentiality and integrity of sensitive company, client and employee information
  • Availability of critical systems, resources and information
  • Timely responses to potentially damaging and disruptive incidents
  • Compliance with relevant laws and regulations

Deliver On Your Promise to Customers

Contact the Manhattan team to learn more.

Contact Us