ZS’s commitment to global security and privacy certifications

We adopt trusted guidelines and frameworks, demonstrating our commitment to protect our clients’ information and to follow delivery excellence best practices.

Businessman in eyeglasses using his laptop

IMPACT BY THE NUMBERS

“Our clients trust ZS to do the right thing. Robust security and privacy compliance credentials help us exceed that expectation.”

Dan Holohan, Chief Information Officer, ZS

HOW WE DO IT

ZS’s security and privacy approach

Information security and privacy is a top priority for us. We are committed to maintaining the safety, security and privacy of our assets and personal information—whether they are people, products, policies, processes or systems. As we bring more consistency, transparency and structure to how we develop and maintain our technology, we continue to pursue leading security and compliance certifications, paving the way to delivery excellence.

Enterprise-process-certifications

Enterprise process certifications

We pursue recognized worldwide certifications to make sure we’re building the appropriate standardization and quality into our documentation, processes, products and services. 

Data-and-technology-guidelines

Data and technology guidelines

ZS keeps our teams up to date on the latest security and privacy frameworks and standards for data management. This includes our work to align our policies and processes with the National Institute of Standards and Technology (NIST) in the U.S., with other associated benchmarks, frameworks and standards we comply with, and with those that underpin our technology solutions that are used globally.

“At ZS, we consider our environments an extension of our clients’ threat landscapes, which is why we work to mature our security posture while decreasing risk to ZS and our clients.”

Andre Elder, Chief Information Security Officer, ZS

Current data security and privacy certifications

ISO 27001 certification: Information security management system

ZS’s ISO 27001 certification for 28 office locations focuses on protecting confidentiality, integrity and the availability of information. ISO 270001 certification demonstrates ZS’s commitment to information technology, security techniques and information security management systems. It helps ensure that all of the information, data, associated systems and resources that ZS handles are protected.

ISO 27701 certification: Privacy information management

The ISO 27701 standard provides guidance on how to establish, implement, maintain and continually improve a Privacy Information Management System (PIMS). It prepares organizations to put standards in place that will help them comply with global data protections including GDPR.

ISO 27017 certification: Code of practice for cloud security controls

The ISO 27017 standard is an international framework that can help reduce the risk of data breaches and build client trust by indicating an organization’s commitment to information security. The standard also gives guidance on what to expect from cloud service providers. 

SOC 2 Type 2 and SOC 3 Attestations: Service Organization Control

ZS has completed this for its JAVELIN and ZAIDYN suite of applications. SOC 2 and SOC 3 attestations assure customers and prospects that a company is taking all the steps to keep data safe, protecting it from damaging breaches. Our SOC 2 Type 2 and SOC 3 attestations apply AICPA’s Trust Service Principles examining security, availability, confidentiality and privacy of our products and platforms to ensure our company’s security and privacy programs meet these objectives over a period of time.

Multi-Level Protection Scheme (MLPS) China: Level 3 certified

We have achieved this cybersecurity compliance standard for our instances of ZAIDYN™ Data & Analytics in China. Level 3 of information security as determined by the Ministry of Public Security in China applies to protect systems that would result in harm to social order, public interest and national security if damaged. 

Capability Maturity Model Integration (CMMI): Level 3 certified

ZS’s Business Technology capability group in India has been assessed at a CMMI maturity Level 3 by the Quality and Accreditation Institute (QAI) of India. CMMI is a model for evaluating the efficacy of an organization’s processes by developing and comparing essential competencies. CMMI Maturity Level-3 means that the organization is performing at a “defined” level, where processes are thoroughly characterized and understood, as well as documented in standard procedures, tools and methodologies.

HITRUST: Health Information Trust Alliance for ZS Connected Research Platform and ePHI enclave

The HITRUST certification demonstrates an organization’s credibility and status in the healthcare industry based on how it follows the HITRUST Common Security Framework (CSF). It is both risk- and compliance-based, providing a global approach that combines multiple standards and regulations into a single framework.

“We pursue certifications that prioritize the physical safety of our employees and their well-being to maintain a productive, innovative and engaged workforce.”

Mohit Sood, Regional Managing Principal, ZS

Current health, safety and well-being-focused certifications

ISO 45001 certification: Occupational health and safety management

ZS’s ISO 45001 certification covers our largest offices, which account for nearly 80% of our employees. This certification focuses on establishing robust mechanisms to provide safe and healthy workplaces for our employees and to avoid work-related health risks. Our commitment to this certification ensures that ZSers experience a safe and healthy work environment. 

ISO 45003 certification: Psychological health and safety at work

ZS’s ISO 45003 certification covers our largest offices, which account for nearly 80% of our employees. This certification establishes robust mechanisms to set global standards and practices to manage overall employee well-being in the workplace. It provides systemic guidance on how to manage risks related to employee safety as part of an occupational health and safety management system. As of 2023, we are one of the few organizations that have achieved this accreditation.