Zendesk's commitment to international standards for information security and privacy
We at Zendesk know that it takes a lot of trust to put your data in the Cloud. As a customer, you need to know that the partners you share this information with have the secure treatment of such information as their top priority. We also understand that we have customers in many different regions, who in turn deal with many different standards and frameworks for the proper treatment of sensitive information. With this in mind, we pursue globally respected industry benchmark standards put forth by the International Organization for Standardization in the form of ISO 27001 and ISO 27018.
The ISO 27001 and ISO 27018 standards
The ISO/IEC 27000 standards provide a series of frameworks to help organizations benchmark their treatment of data. The most common of these standards, “ISO/IEC 27001” provides requirements for an Information Security Management System (ISMS) and assurance that requirements are met for organizations that complete a successful audit.
ISO/IEC 27018 provides guidelines based on ISO/IEC 27002, and is focused on the protection of Personally Identifiable Information (PII) for Cloud service providers, such as Zendesk.
Zendesk services and processes in scope for these audits
The scope of the ISO/IEC 27001:2013 and ISO/IEC 27018:2014 certifications are bounded by Zendesk, Inc.’s global network infrastructure and corresponding products and services including the management of development, operations, maintenance, and delivery of Support, Guide, Chat, Connect, Inbox, and Explore which are centrally managed out of the Zendesk headquarters, and supported from the following in-scope office locations: San Francisco, CA and Madison, WI (United States of America), Copenhagen (Denmark), Dublin (Ireland), Manilla (Philippines), Melbourne (Australia), Montpellier (France), and Singapore.
In addition, an Infrastructure-as-a-Service (IaaS) Data Center provider is used for
protecting the infrastructure that runs all of the services offered in the IaaS
Cloud. Zendesk security controls for managing the IaaS environment are included in the
scope of this certificate, with the exception of the physical and environmental controls.
Our Sub-Processor used for hosting services is currently AWS, who have ISO certifications of their own. For more information, please see their compliance page here.
What this means for customers
Internally, we pursue these independent audits to ensure that our security management and privacy functions adhere to leading industry standards. For our customers, these externally validated compliance standards confirm that we are meeting our obligations to you in terms of how we treat your data.
All customers using in-scope products receive this protection
These certifications are for our services as listed above. You don’t need to pay anything extra or configure your instance in any way to be protected by them.
Zendesk’s ISO 27001 and ISO 27018 certifications vs. our customer’s certifications
Our ISO 27001 and ISO 27018 certifications cover the security management process over a specified scope of Zendesk services. If you are pursuing either certification while operating a part of your service using Zendesk, you aren’t automatically certified by association, but our certifications may make it easier for you to obtain these certifications yourself.
Obtaining Zendesk’s ISO certifications
You may freely download our ISO certificates at any time, free of cost, and without NDA by filling out a short form here: https://www.zendesk.com/product/zendesk-security/#anchor-security-resources