// Trust & Security Report

    Wrike, Inc. logo

    Wrike, Inc.

    Wrike AI: generative AI features embedded in the Wrike work management platform, including Wrike Copilot (AI assistant), AI Agents (task routing, intake, sprint management), AI Insights, AI Essentials and AI Elite tiers, Wrike MCP Server, and Whiteboard AI. All AI features run on top of the core Wrike SaaS platform.

    Certifications held

    11

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Wrike Type II SOC 2 Report and Wrike SOC2 Bridge Letter for 2026 are listed as downloadable resources in the Trust Center. Trust center compliance section explicitly lists SOC 2 Type II.

    Verify on security.wrike.com
    SOC 3 Type II
    HELD

    Wrike Type II SOC 3 Report listed as a downloadable resource in the Trust Center alongside SOC 2. Trust center compliance section explicitly lists SOC 3 Type II.

    Verify on security.wrike.com
    ISO/IEC 27001:2022
    HELD

    ISO 27001:2022 certificate listed as a downloadable resource in the Trust Center. Trust center compliance section explicitly lists ISO 27001:2022.

    Verify on security.wrike.com
    ISO/IEC 27017:2015
    HELD

    ISO 27017:2015 certificate listed as a downloadable resource in the Trust Center. Trust center compliance section explicitly lists ISO 27017:2015.

    Verify on security.wrike.com
    ISO/IEC 27018:2019
    HELD

    ISO 27018:2019 certificate listed as a downloadable resource in the Trust Center. Trust center compliance section explicitly lists ISO 27018:2019.

    Verify on security.wrike.com
    ISO/IEC 27701:2019
    HELD

    ISO 27701:2019 certificate listed as a downloadable resource in the Trust Center. Trust center compliance section explicitly lists ISO 27701:2019.

    Verify on security.wrike.com
    HIPAA (Type 1 assessment + BAA)
    HELD

    Wrike is now HIPAA certified! Published May 21, 2026. Wrike got independently assessed against HIPAA and HITECH. You will find our HIPAA Type 1 Report in our Trust Center under Resources. NOTE: This is a Type 1 (design assessment) report, not Type 2 (operational effectiveness over time). BAA is separately available. PHI permitted only in Wrike-designated portions of the Service and only after signing a BAA.

    Verify on security.wrike.com
    GDPR (DPA + SCCs)
    HELD

    Trust center lists GDPR in the compliance section. Privacy policy states Wrike acts as data processor under GDPR. DPA referenced at https://www.wrike.com/legal/trust-center/ and incorporated into Terms of Service.

    Verify on security.wrike.com
    CCPA
    HELD

    Trust center compliance section lists CCPA COMPLIANT. Wrike maintains a dedicated Privacy Choices page for California residents and a CA Notice at Collection.

    Verify on security.wrike.com
    CSA STAR Level 1
    HELD

    CSA STAR Level 1 listed in trust center compliance section. Wrike Cloud Security Alliance STAR L1 listing (CAIQ) is listed as a downloadable questionnaire. NOTE: CSA STAR Level 1 is a self-assessment via the CAIQ form, not an independent third-party certification (Level 2 would be third-party certified).

    Verify on security.wrike.com
    TX-RAMP Level 1
    HELD

    TX-RAMP Level 1 listed in trust center compliance section. TX-RAMP Level 1 certificate available as a downloadable resource.

    Verify on security.wrike.com
    > Show 4 unconfirmed / not-held certifications
    FedRAMP
    NOT CONFIRMED

    No mention of FedRAMP in the trust center or any captured pages. Not listed among certifications.

    source: security.wrike.com
    PCI DSS
    NOT CONFIRMED

    No mention of PCI DSS in the trust center or any captured pages. Not listed among certifications.

    source: security.wrike.com
    ISO/IEC 42001 (AI governance)
    NOT CONFIRMED

    No mention of ISO 42001 in the trust center. Wrike has an AI Ethics Policy and an 'AI security' controls section listed, but no ISO 42001 certification is claimed.

    source: security.wrike.com
    CSA STAR AI
    NOT CONFIRMED

    No mention of CSA STAR AI certification on vendor domain. Only CSA STAR Level 1 (general) self-assessment is held.

    source: security.wrike.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    US and EU data centers; customers can request region placement (US or EU)

    Wrike is a data processor for Customer Data under GDPR. The ToS defines Wrike AI as generative AI that creates output 'based on Customer Data that Customer provides... as input to Wrike AI' (in-context use, not foundation-model training). Privacy Policy states: 'Wrike does not permit third-party providers engaged to provide transcription, storage, analytics, or AI-assisted services to use such data to train their own general-purpose AI models, except where expressly authorized by Wrike and permitted by applicable law and contract.' Customers are also explicitly barred from 'using Wrike AI to develop foundation models or other large-scale models that compete with Wrike or Wrike AI.' One flag: the Privacy Policy mentions 'internal training' in the context of AI-assisted processing of sales videoconferences and emails -- this is Wrike's own first-party business operations (not customer platform data), but the phrasing is slightly ambiguous. Wrike has published a separate AI Ethics Policy (available in the Trust Center). Wrike AI Output becomes Customer Data once submitted back to the Service.

    // Security controls

    Encryption in transit

    Implied by 'Data encryption utilized' listed under product security controls in the Trust Center; TLS for data in transit is standard for Wrike's SaaS.

    security.wrike.com

    Encryption at rest (customer-managed keys)

    Wrike Lock add-on provides customer-owned AES-256 encryption key management for enterprise customers (data sovereignty option).

    security.wrike.com

    Penetration testing

    Wrike Platform Pentest Report 2025 is listed as a downloadable resource in the Trust Center. 'Penetration testing performed' listed under product security controls.

    security.wrike.com

    AI security controls

    Dedicated 'AI security' section in trust center controls, covering information security in supplier relationships, ICT supply chain management, and monitoring/change management. Wrike AI Ethics Policy is a published policy document.

    security.wrike.com

    Uptime

    Stated 'Uptime Over 99.9%' on the main Wrike site and trust center.

    wrike.com

    Disaster recovery and business continuity

    'Continuity and Disaster Recovery plans established' and 'Continuity and Disaster Recovery plans tested' listed under internal security procedures controls.

    security.wrike.com

    Cybersecurity insurance

    'Cybersecurity insurance maintained' listed under internal security procedures controls.

    security.wrike.com

    Vulnerability assessment / access controls

    Trust center lists 200+ controls each in infrastructure, organizational, product, and internal security categories. Unique production database authentication, encryption key access restriction, and unique account authentication are explicitly highlighted.

    security.wrike.com

    // Products & data scope

    Wrike AI EssentialsEmbedded AI / generative work management

    data: Operates on Customer Data within the Wrike platform: tasks, projects, forms, boards, inbox. AI dashboard highlights, AI in automation rules, AI in request forms, AI in work items (content creation, editing, summaries), AI mobile features, Board AI.

    Included in mid-market and enterprise plans. Customer Data stays within the Wrike platform. Third-party LLM providers are sub-processors; cannot use data to train their own general-purpose models per Wrike policy.

    Wrike AI EliteAdvanced generative AI + agentic work management

    data: All of AI Essentials plus Wrike Copilot (AI assistant), AI Agents (intake, routing, sprint management, approvals), AI widget creation, Whiteboard assistant.

    Enterprise tier. AI Agents operate on Customer Data to automate multi-step workflows. Human control is maintained; AI outputs require human acceptance before submission to the Service.

    Wrike CopilotConversational AI assistant

    data: Answers questions and summarizes work data within a customer's Wrike workspace (Customer Data in-context only).

    Built into Wrike projects. Output is Customer Data once submitted. Does not train Wrike's underlying models on the workspace content.

    Wrike MCP ServerAI connectivity / integration

    data: Connects external AI assistants (e.g., Claude, other MCP-compatible clients) to a customer's Wrike workspace via the MCP protocol.

    Extends Wrike AI surface to external AI tooling. Customer-authorized third-party AI assistants operate under the customer's Wrike permissions and Wrike's standard data handling posture.

    // What to watch

    • HIPAA assessment is Type 1 only (design of controls), freshly certified May 2026. Type 2 (operational effectiveness over time) has not yet been attained. PHI use still requires a signed BAA and is restricted to Wrike-designated service portions.
    • CSA STAR Level 1 is a self-assessment (CAIQ questionnaire fill-in) -- not a third-party-certified Level 2. This should not be presented on par with ISO or SOC certifications.
    • AI training posture for Wrike's OWN models is not explicitly addressed: Privacy Policy restricts third-party AI sub-processors from training on customer data, but does not explicitly state Wrike itself does not use Customer Data to train or fine-tune its AI models. Based on context (Wrike as data processor, no explicit training claim) the assessment grades trains_on_customer_data=false, but an advisor review is advisable for high-sensitivity procurement.
    • Privacy Policy includes 'internal training' among permitted uses of AI-processed videoconferences and emails -- this applies to Wrike's own first-party sales/communications (not customer platform data) but the phrasing is ambiguous.
    • No ISO 42001 (AI governance) certification despite having a published AI Ethics Policy and an AI security controls section in the trust center. This is a gap for AI-governance-focused procurement evaluators.
    • Trust center (security.wrike.com) is JS-rendered; gated SOC 2 report, ISO certificates, pentest summary, and other documents require NDA/login to download -- not publicly accessible.

    // At a glance

    Pricing model

    Subscription, per-user (Full and Limited User licenses); AI features split into AI Essentials (mid-tier) and AI Elite (enterprise/add-on). Business-only, not for consumers. Enterprise pricing requires Contact Sales.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Wrike, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    security.wrike.com

    > Browse all vendor trust reports