Skip to main content


Data governance at Sitecore

Mission statement and message from Sitecore leadership

At Sitecore we understand the value of data and the importance of protecting it. Sitecore is committed to a security and privacy-first philosophy and emulating that in our own internal compliance framework as well as implementing privacy-by-design features and security-as-default in our products and services.

Having effective data governance, with privacy and security controls that our customers trust, is not a one-time effort; it requires ongoing monitoring of all Sitecore data flows, continuously improving our processes and optimizing data integrity.

To that end, Sitecore has developed a data strategy to adapt to evolving privacy and data security laws and embed robust data protection practices as part of our business culture. Some of these strategic activities include:

  • Sitecore has established an internal Data Governance Team to encourage centralized discussion of Sitecore’s strategic cross-functional privacy and security objectives, identify data governance risks and implement customer-oriented solutions.
  • The Data Governance Team is led by a Data Governance Committee (composed of Sitecore’s Executive leadership team) to ensure top-down advisory and management oversight, policy approval and appropriate awareness of privacy and security across all sectors of our organization.
  • When possible, we have set a global baseline for data-handling practices, following the most protective data protection laws, to ensure equal rights to privacy.
  • Privacy is built into services as part of our Software Secure Development Lifecycle.
  • Implementing strong security protocols, conforming to the highest international security standards, with policies and operational processes overseeing all aspects of our business practices, allowing us to ensure data protection throughout the data lifecycle.
  • Understanding that employees are our first line of defense, Sitecore provides mandatory privacy, data protection and security training to all Sitecore employees, consultants and contractors.
  • We want to be transparent with our customers, partners, service providers and web visitors about how we handle data in all your interactions with Sitecore, and process personal data only in accordance with specified instructions, as detailed in the Sitecore privacy policy.
  • Sitecore’s Privacy Team continuously reviews and monitors external global privacy laws, trends and developments so that changes required by applicable laws or which are appropriate to our business are made proactively.