Zoom achieves new global security standards for core products with ISMAP registration
Zoom is now registered with the Information system Security Management and Assessment Program (ISMAP). Find out what this means for our customers.
Updated on September 01, 2022
Published on April 20, 2020
Zoom’s engineering teams continue to roll out enhanced security features for Zoom’s industry-leading unified communications platform. Last week we wrote about new data routing options for your Zoom meetings, webinar, and team chat data. The feature was released this weekend, and we'd like to explain a little more about how it works.
Customers on paid accounts can now customize their data center settings with respect to data in transit for Zoom Meetings and Zoom Webinars. As of April 18, Zoom admins and account owners of paid accounts can, at the account, group, or user level, opt out of, or in to, specific data center regions with respect to meeting/webinar data in transit. Data in transit, or data in motion, is data actively moving from one location to another such as across the internet or through a private network. Data at rest is data that is not actively moving from device to device or network to network such as data stored in a cloud data center. All paid admins can make regional selections in Account Settings. If you do not opt in to China data routing by April 25, 2020, your meeting data will not be routed through
A common question is, if you opt-out of a region but someone needs to join your meeting from that region, can they still join? The good news is that they can still join your meeting without the meeting data going through that data center, but they may experience some latency or performance issues.
We also want to make clear that data center region selections apply only for meeting and webinar traffic and do not apply to Zoom Phone or related features.
This data center option feature is designed to give you more control over your data and interaction with our global network and does not affect any data-at-rest locations. Long-term file storage is always in your home data center region.
Additionally, admins on business accounts and above can view in the Zoom Dashboard the data center a client connects to, as well as any data centers connected to an HTTP Tunnel (HT) server if used. Housed in various public clouds and Zoom data centers, HT servers offer a connection point to clients unable to connect to the Zoom platform through other network channels. The HT data is collected for meetings hosted as of this release and won't include connectivity details from past meetings. Zoom Conference Room Connector (CRC) data centers and gateways also are visible in the dashboard and in downloadable CSV files.
To opt in/opt out now, or to get more information on this feature, read our support article on selecting data center regions for hosted meetings and webinars.
Cloud recording password guidelines: Admins can now define meeting and webinar cloud recording password guidelines to be a minimum length and include letters, numbers, special characters, or just be numeric passwords.
Linking accounts: Admins can now securely share contacts across multiple accounts using a new self-serve web feature to link their accounts to one organization. This feature can be found in Account Management - IM Management - IM Settings.
Voicemail PIN: Zoom Phone administrators can require a longer PIN to access voicemail.
Call recording access: Zoom Phone account owners and admins can now enable or disable users’ ability to access, download, or delete their automatic call recordings.
Editor's note: This post was updated Nov. 6, 2020, to clarify language around customizing your data routing settings.
3/17/21: This blog was updated with minor word usage changes for clarity/specificity.