We’ve attained three new certifications and attestations — here are all the details
We know organizations are facing a more complex threat landscape and stricter regulatory requirements than ever before. We’re expanding our own security initiatives and efforts as a result — and part of that means attaining certifications and attestations to make sure Zoom is on par with security standards set around the globe.
That’s why we’re excited to announce three new additions to our list of industry-recognized certifications and attestations. These additions include the:
- Cloud Computing Compliance Controls Catalog (C5)
- Esquema Nacional de Seguridad (ENS) High
- Infosec Registered Assessors Program (IRAP)
Zoom’s C5 attestation demonstrates our commitment to providing security assurance and transparency to our German customers. C5 is a government-backed attestation framework, which was introduced in Germany by the Federal Office for Information Security (BSI) — an organization that we previously worked with for our Common Criteria certification. C5 helps companies demonstrate operational security against common cyber attacks within the context of the German government’s “Security Recommendations for Cloud Providers” guidelines.
We strive to enable seamless and secure communication for organizations around the world, and our newly attained ENS certification helps us do that for Spain’s public sector organizations.
ENS establishes security standards that apply to Spain’s government agencies, public organizations, and service providers on which Spanish public services depend. It is regulated under the Spanish Royal Decree 3/2010 and is a compulsory requirement for central government customers in Spain. It establishes a uniform set of requirements for the sector, promotes continuous security management, and offers a reference for effective security posture in the modern day.
IRAP provides a framework for assessing the implementation and effectiveness of an organization’s security controls against the Australian government’s security requirements. When assessed against the IRAP framework, we demonstrated that we provide the necessary controls for customers hoping to achieve effective security based on two sets of guidelines:
- The Information Security Manual: Guidelines focused on helping organizations build internal security frameworks based on risk assessment.
- The Protective Security Policy Framework (PSPF): A set of core requirements that apply to Australian government agencies that emphasize common security standards.
Our successful IRAP assessment not only validates the relevance of our security controls but also helps customers make risk-informed decisions when using the Zoom platform.
Our Progress on Obtaining ISMAP Certification
In Japan, we recognize the importance of the Information system Security Management and Assessment Program (ISMAP) and have prioritized our resources to pursue ISMAP registration.
We have engaged a third-party assessment firm to conduct a preliminary assessment that was completed in March 2023 and have engaged the same third-party assessment firm to conduct the registration assessment. We are planning for the assessment to be completed and the assessment report necessary for registration to be submitted to the Information-technology Promotion Agency (IPA) in August 2023. We aim to complete registration by the end of 2023.
Security without sacrifice
Third-party certifications and attestations are integral to our security program’s foundation — we know they not only demonstrate our program’s effectiveness but also help nurture customer trust.
We expand our security initiatives so our customers can safely exchange important information without having to sacrifice speed, flexibility, and experience. They can embrace agile and meaningful digital communications while simultaneously strengthening their own security posture.
To learn more about Zoom privacy and security, explore our recently refreshed Trust Center, which now offers a self-service portal where you can access information about our security certifications and attestations.