2 min read
Updated on September 29, 2022
Published on December 17, 2021
Third-party certifications and attestations serve as industry-defining standards that help demonstrate a security program’s effectiveness, allowing organizations to provide assurance over the security of their products and services.
At Zoom, third-party certifications and attestations are integral to our security program’s foundation and allow us to provide customers with transparency into our security program and control environment. That’s why we’re excited to expand our list of industry-recognized certifications and attestations with two new additions: ISO/IEC 27001:2013 and SOC 2 + HITRUST.
Zoom Meetings, Zoom Phone, Zoom Team Chat, Zoom Rooms, and Zoom Webinars are now certified as International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) 27001:2013 compliant. Conducted by an independent third-party auditor, the ISO/IEC 27001:2013 certification is a widely recognized, international standard that specifies security management best practices and comprehensive security controls. It requires the development and implementation of a rigorous security program, including operationalizing an Information Security Management System (ISMS). An ISMS is designed to help manage, monitor, review, and continuously improve an organization’s security program.
Zoom has expanded the scope of its existing SOC 2 Type II report to include additional criteria to meet Health Information Trust Alliance Common Security Framework (HITRUST CSF) control requirements. HITRUST is a security framework that leverages nationally and internationally accepted standards and regulations such as GDPR, ISO, NIST, PCI, and HIPAA.
Zoom’s SOC 2 + HITRUST report provides a transparent look at the controls in place that protect the security and availability of the Zoom platform as they align with the American Institute of Certified Public Accountants (AICPA) Trust Services Principles and Criteria and the HITRUST CSF. This attestation applies to Zoom Meetings, Zoom Phone, Zoom Team Chat, Zoom Rooms, and Zoom Webinars.
At Zoom, we strive to create a seamless and secure experience for our users. Our compliance with these internationally-recognized standards helps demonstrate our commitment to data protection and user security. As we continue to evolve our security program here at Zoom, third-party certifications and attestations will continue to serve as a critical component of our work to create a platform built on trust.
Want to learn about our certifications and attestations? Visit our Trust Center or chat with a Zoom expert one-on-one today.
3 min read
Zoom’s Bug Bounty Program incentivizes the discovery and responsible disclosure of security vulnerabilities. Here's a look at the past year's highlights.
3 min read
Compliance management tools like Zoom Compliance Manager can help you navigate the tricky communications landscape. Learn how it works.
2 min read
Zoom is now registered with the Information system Security Management and Assessment Program (ISMAP). Find out what this means for our customers.
