The Zendesk Suite is covered under the Federal Risk and Authorization Management Program (FedRAMP) and has an Authority to Operate (ATO) at a Low (Li-SaaS) risk designation, as defined by FedRAMP.gov. 

The features / capabilities currently in-scope include:

• Ticketing & Agent Workspace (formerly Support)
• Help Center (formerly Guide)
• Community Forums (formerly Gather)
• Reporting & Analytics (formerly Explore)
• Voice (formerly Talk)
• Messaging (formerly Sunshine Conversations)
• AI Agents - Essential
• Specific Add-Ons*:
  • Copilot
  • Workforce Management (WFM)
  • Advanced Data Privacy & Protection (ADPP)

*As Zendesk's FedRAMP program continue to expand, please refer to this article for the most up-to-date scoping information.

 

Security Configurations

When using Zendesk, you must adhere to the following configurations in order to remain compliant:

• Enable Data Center Location - United States (US)
• Use U.S. - based phone numbers (Voice)

Additional Considerations

The above configurations ensure that all data stays within our FedRAMP-compliant environment. Failure to follow one of more of these configurations renders this obsolete (i.e., data is no longer contained within the environment). Supplemental Terms for Zendesk’s FedRAMP Tailored Certification

 

Disclaimer: The security configurations in this document may change from time to time due to changes in law, regulation or the Zendesk Service. This document contains Zendesk’s recommendations for the minimum effective security configurations when using the covered Services. It does not constitute an exhaustive template for all controls over such data nor does it constitute legal advice. Each Zendesk Subscriber should seek their own legal counsel with regard to their  security compliance requirements and should make additional changes to their security configurations in accordance with their own independent analysis, so long as such changes do not counteract or degrade the security of the configurations outlined in this document.