Zoom Gains New Security Certifications and Attestations
Third-party certifications and attestations serve as industry-defining standards that help demonstrate a security program’s effectiveness, allowing organizations to provide assurance over the security of their products and services.
At Zoom, third-party certifications and attestations are integral to our security program’s foundation and allow us to provide customers with transparency into our security program and control environment. That’s why we’re excited to expand our list of industry-recognized certifications and attestations with two new additions: ISO/IEC 27001:2013 and SOC 2 + HITRUST.
Zoom Meetings, Zoom Phone, Zoom Team Chat, Zoom Rooms, and Zoom Webinars are now certified as International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) 27001:2013 compliant. Conducted by an independent third-party auditor, the ISO/IEC 27001:2013 certification is a widely recognized, international standard that specifies security management best practices and comprehensive security controls. It requires the development and implementation of a rigorous security program, including operationalizing an Information Security Management System (ISMS). An ISMS is designed to help manage, monitor, review, and continuously improve an organization’s security program.
SOC 2 + HITRUST
Zoom has expanded the scope of its existing SOC 2 Type II report to include additional criteria to meet Health Information Trust Alliance Common Security Framework (HITRUST CSF) control requirements. HITRUST is a security framework that leverages nationally and internationally accepted standards and regulations such as GDPR, ISO, NIST, PCI, and HIPAA.
Zoom’s SOC 2 + HITRUST report provides a transparent look at the controls in place that protect the security and availability of the Zoom platform as they align with the American Institute of Certified Public Accountants (AICPA) Trust Services Principles and Criteria and the HITRUST CSF. This attestation applies to Zoom Meetings, Zoom Phone, Zoom Team Chat, Zoom Rooms, and Zoom Webinars.
A commitment to the Zoom experience
At Zoom, we strive to create a seamless and secure experience for our users. Our compliance with these internationally-recognized standards helps demonstrate our commitment to data protection and user security. As we continue to evolve our security program here at Zoom, third-party certifications and attestations will continue to serve as a critical component of our work to create a platform built on trust.