At Zendesk we care about security and strive to employ the best practices for information security. Zendesk is ISO 27001:2013 certified, which exemplifies our commitment to information security.
What is ISO 27001 certification?
ISO 27001 is a globally recognized standard that specifies information security management best practices. The certification requires us to:
- Systematically evaluate our information security risks
- Manage security risk by designing and implementing information security controls
- Ensure information security controls meet our information security needs on an ongoing basis
The ISO 27001 certification is focused on the Zendesk Information Security Management System (ISMS) and measures how our internal security practices follow the ISO standard.
What Zendesk services are in scope for the ISO 27001 certification?
The ISO 27001 certification applies to the management of development, operations, maintenance, and delivery of the SaaS products provided to customers by Zendesk, including Zopim. Zendesk's certification doesn't extend to cover any third-party services.
What does this mean to me as a customer?
Compliance with ISO 27001, validated by an independent third-party audit, confirms that our information security management program is comprehensive and follows leading security practices. This certification provides assurance for customers evaluating the breadth and strength of our security practices.
Do I need to do anything to gain this level of security?
No. The certification is a security credential for your reference.
Can I, as a customer, be ISO 27001 certified by association?
The ISO 27001 certification covers the security management process over a specified scope of Zendesk services and data centers. If customers are pursuing ISO 27001 certification while operating a part of their service using Zendesk, they are not automatically certified by association but it may make it easier for them to certify.
Is ISO 27001:2013 certification a replacement for Zendesk’s SOC 2 Type I certification?
No. Zendesk plans to maintain both security certifications.
How can I request Zendesk’s ISO 27001:2013 certificate?
You can reach out to Zendesk support team for the certificate.