It takes a lot of trust to put your data in the Cloud. In return, you want to know that the partners with whom you share this information consider security a top priority. Our Subscribers use varying standards and frameworks to manage sensitive information so we’ve implemented the following International Organization for Standardization (ISO) benchmarks across our services to keep your data secure and compliant.
The ISO/IEC 27000 standards provide a series of frameworks to help organizations benchmark their treatment of data. The most common of these standards, “ISO/IEC 27001” provides requirements for an Information Security Management System (ISMS) and assurance that requirements are met for organizations that complete a successful audit.
ISO/IEC 27018 provides guidelines based on ISO/IEC 27002, and is focused on the protection of Personally Identifiable Information (PII) for Cloud service providers, such as Zendesk.
ISO/IEC 27701:2019 specifies requirements and guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS). It serves as a complement to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within an organization. This lays a framework for the management of personal data used by data controllers and data processors, aligning both security and privacy controls.
Zendesk services and processes in scope for these audits
The scope of the ISO/IEC 27001:2013, ISO/IEC 27018:2014 and ISO/IEC 27701:2019 certifications are bounded by Zendesk, Inc.’s global network infrastructure and corresponding products and services including the management of development, operations, maintenance, and delivery of Support, Guide, Chat, Connect, Inbox, and Explore which are centrally managed out of the Zendesk headquarters, and supported from the following in-scope office locations: San Francisco, CA and Madison, WI (United States of America), Copenhagen (Denmark), Dublin (Ireland), Manilla (Philippines), Melbourne (Australia), Montpellier (France), and Singapore.
In addition, an Infrastructure-as-a-Service (IaaS) Data Center provider is used to protect the infrastructure that runs all of the services offered in the IaaS Cloud. Zendesk's security controls for managing the IaaS environment are included in the scope of this certificate, with the exception of physical and environmental controls.
Our Sub-Processor for hosting services is currently AWS, which has several ISO certifications of their own. For more information, please see their compliance page here.
What this means for customers
Internally, we pursue these independent audits to ensure that our security management and privacy functions adhere to leading industry standards. For our customers, these externally validated compliance standards confirm that we are meeting our obligations to you in terms of how we treat your data. Additionally, ISO/IEC 27701 requires organizations to declare applicable laws and regulations as part of its audit criteria, allowing this standard to map to requirements such as General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other legislation.
All customers using in-scope products receive this protection
These certifications are for our services as listed above. You don’t need to pay anything extra or configure your instance in any way to be protected by them.
Zendesk’s ISO 27001, ISO 27018 and ISO 27701 certifications vs. customer certifications
Our ISO 27001, ISO 27018 and ISO 27701 certifications cover security and privacy management processes over a specified scope of Zendesk services. If you wish to pursue any of these certifications while operating a part of your service using Zendesk, please note that you won’t automatically be certified by association. However, our certifications may make it easier for you to obtain these certifications for your own instance.
Obtaining Zendesk’s ISO certifications
You can freely access our ISO certificates at any time, free of cost—without NDA—by filling out the following form: https://www.zendesk.com/product/zendesk-security/#anchor-security-resources