By Heather Ceylan
Third-party certifications and attestations serve as industry-defining standards that help demonstrate a security program’s effectiveness, allowing organisations to provide assurance over the security of their products and services.
At Zoom, third-party certifications and attestations are integral to our security program’s foundation and allow us to provide customers with transparency into our security program and control environment. That’s why we’re excited to expand our list of industry-recognised certifications and attestations with two new additions: ISO/IEC 27001:2013 and SOC 2 + HITRUST.
Zoom Meetings, Zoom Phone, Zoom Chat, Zoom Rooms, and Zoom Video Webinars are now certified as International Organisation for Standardisation (ISO) / International Electrotechnical Commission (IEC) 27001:2013 compliant. Conducted by an independent third-party auditor, the ISO/IEC 27001:2013 certification is a widely recognised, international standard that specifies security management best practices and comprehensive security controls. It requires the development and implementation of a rigorous security program, including operationalising an Information Security Management System (ISMS). An ISMS is designed to help manage, monitor, review, and continuously improve an organisation’s security program.
SOC 2 + HITRUST
Zoom has expanded the scope of its existing SOC 2 Type II report to include additional criteria to meet Health Information Trust Alliance Common Security Framework (HITRUST CSF) control requirements. HITRUST is a security framework that leverages nationally and internationally accepted standards and regulations such as GDPR, ISO, NIST, PCI, and HIPAA.
Zoom’s SOC 2 + HITRUST report provides a transparent look at the controls in place that protect the security and availability of the Zoom platform as they align with the American Institute of Certified Public Accountants (AICPA) Trust Services Principles and Criteria and the HITRUST CSF. This attestation applies to Zoom Meetings, Zoom Phone, Zoom Chat, Zoom Rooms, and Zoom Video Webinars.
A commitment to the Zoom experience
At Zoom, we strive to create a seamless and secure experience for our users. Our compliance with these internationally-recognised standards helps demonstrate our commitment to data protection and user security. As we continue to evolve our security program here at Zoom, third-party certifications and attestations will continue to serve as a critical component of our work to create a platform built on trust.