Zoom achieves new global security standards for core products with ISMAP registration
Zoom is now registered with the Information system Security Management and Assessment Program (ISMAP). Find out what this means for our customers.
Updated on November 08, 2022
Published on March 17, 2022
On behalf of its members, SURF negotiates with major software suppliers to procure and assess their tools’ compliance with European privacy and security standards and documents its findings in a DPIA. This gives SURF’s members freedom of choice when purchasing software such as video conferencing tools.
A SURF-published DPIA represents an important benchmark for technology providers — accurately tracking current performance on data protection and a risk analysis, as well as identifying opportunities for enhancing practices.
Zoom is grateful to SURF for the cooperation in preparing this DPIA. In addition to supporting Zoom’s efforts to continue improving its approach to data privacy, the DPIA reflects the respect that Zoom has for European data protection policies and principles. Zoom is committed to expanding its engagement with European companies, governments, and citizens.
A DPIA is a detailed technical and legal review of a company’s data collection and use practices to determine compliance with European Union (EU) data protection laws, especially the General Data Protection Regulation (GDPR). A DPIA analyzes how a company processes personal data, identifies risks associated with that processing, and provides measures to mitigate those risks.
During the DPIA evaluation process, Zoom specified its data collection and use practices and provided evidence to demonstrate those practices. SURF assessed Zoom’s current capabilities and made recommendations in the DPIA for improvement in practices, all in the effort of strengthening data protection for European citizens.
The assessments are published below this announcement.
SURF and Zoom agreed to several actions in the course of collaborating on the DPIA. These include:
Zoom states that the cooperation among SURF and Zoom — both on the DPIA and moving forward — will help Zoom benchmark and evolve their data privacy and protection strategies.
As the DPIA notes, “Thanks to Zoom’s many improvement measures, and the new DPA with a limitative list of specific purposes, Zoom’s customers should be able to rely on the contractual guarantees and privacy controls to prevent any personal data from being processed beyond these authorized purposes.”
To learn more about Zoom privacy and security, explore the Trust Center.