IMPACT BY THE NUMBERS
7
Data security and privacy certifications attained
31
Offices are ISO 27001, 27701 and 27017 certified
“Our clients trust ZS to do the right thing. Robust security and privacy compliance credentials help us exceed that expectation.”
Dan Holohan, Chief Information Officer, ZS
HOW WE DO IT
ZS’s security and privacy approach
Information security and privacy is a top priority for us. We are committed to maintaining the safety, security and privacy of our assets and personal information—whether they are people, products, policies, processes or systems. As we bring more consistency, transparency and structure to how we develop and maintain our technology, we continue to pursue leading security and compliance certifications, paving the way to delivery excellence.
Enterprise process certifications
We pursue recognized worldwide certifications to make sure we’re building the appropriate standardization and quality into our documentation, processes, products and services.
Data and technology guidelines
ZS keeps our teams up to date on the latest security and privacy frameworks and standards for data management. This includes our work to align our policies and processes with the National Institute of Standards and Technology (NIST) in the U.S., with other associated benchmarks, frameworks and standards we comply with, and with those that underpin our technology solutions that are used globally.
“At ZS, we consider our environments an extension of our clients’ threat landscapes, which is why we work to mature our security posture while decreasing risk to ZS and our clients.”
Andre Elder, Chief Information Security Officer, ZS
Current data security and privacy certifications
ISO 27001 certification: Information security management system
ZS’s ISO 27001 certification for 28 office locations focuses on protecting confidentiality, integrity and the availability of information. ISO 270001 certification demonstrates ZS’s commitment to information technology, security techniques and information security management systems. It helps ensure that all of the information, data, associated systems and resources that ZS handles are protected.
ISO 27701 certification: Privacy information management
The ISO 27701 standard provides guidance on how to establish, implement, maintain and continually improve a Privacy Information Management System (PIMS). It prepares organizations to put standards in place that will help them comply with global data protections including GDPR.
ISO 27017 certification: Code of practice for cloud security controls
The ISO 27017 standard is an international framework that can help reduce the risk of data breaches and build client trust by indicating an organization’s commitment to information security. The standard also gives guidance on what to expect from cloud service providers.
SOC 2 Type 2 and SOC 3 Attestations: Service Organization Control
ZS has completed this for its JAVELIN and ZAIDYN suite of applications. SOC 2 and SOC 3 attestations assure customers and prospects that a company is taking all the steps to keep data safe, protecting it from damaging breaches. Our SOC 2 Type 2 and SOC 3 attestations apply AICPA’s Trust Service Principles examining security, availability, confidentiality and privacy of our products and platforms to ensure our company’s security and privacy programs meet these objectives over a period of time.
Multi-Level Protection Scheme (MLPS) China: Level 3 certified
We have achieved this cybersecurity compliance standard for our instances of ZAIDYN™ Data & Analytics in China. Level 3 of information security as determined by the Ministry of Public Security in China applies to protect systems that would result in harm to social order, public interest and national security if damaged.
Capability Maturity Model Integration (CMMI): Level 3 certified
ZS’s Business Technology capability group in India has been assessed at a CMMI maturity Level 3 by the Quality and Accreditation Institute (QAI) of India. CMMI is a model for evaluating the efficacy of an organization’s processes by developing and comparing essential competencies. CMMI Maturity Level-3 means that the organization is performing at a “defined” level, where processes are thoroughly characterized and understood, as well as documented in standard procedures, tools and methodologies.
HITRUST: Health Information Trust Alliance for ZS Connected Research Platform and ePHI enclave
The HITRUST certification demonstrates an organization’s credibility and status in the healthcare industry based on how it follows the HITRUST Common Security Framework (CSF). It is both risk- and compliance-based, providing a global approach that combines multiple standards and regulations into a single framework.
“We pursue certifications that prioritize the physical safety of our employees and their well-being to maintain a productive, innovative and engaged workforce.”
Mohit Sood, Regional Managing Principal, ZS
Current environmental and social responsibility-focused certifications
ISO 14001: Environmental management
ZS’s ISO 14001 certification covers our largest offices, which account for nearly 80% of our employees. This certification offers a framework for organizations to design environmental management systems (EMS) that comply with regulations, minimize their environmental footprint and achieve organizational sustainability objectives. Our commitment to this certification ensures ZSers operate in workplaces with sustainability as the focus.
ISO: 14064-1: Greenhouse gases
ZS’s ISO: 14064-1 certification covers all of our global offices and ensures that we quantify and report on our greenhouse gas (GHG) emissions. In 2023, we collaborated with an independent third party and emissions-reporting expert to calculate our 2019–2022 GHG emissions. This calculation was then externally audited and assured so that we have the most accurate information possible to support the implementation of our climate strategy. You can find the latest report-out of our emissions in our 2023 ESG report.
ISO 45001 certification: Occupational health and safety management
ZS’s ISO 45001 certification covers our largest offices, which account for nearly 80% of our employees. This certification focuses on establishing robust mechanisms to provide safe and healthy workplaces for our employees and to avoid work-related health risks. Our commitment to this certification ensures that ZSers experience a safe and healthy work environment.
ISO 45003 certification: Psychological health and safety at work
ZS’s ISO 45003 certification covers our largest offices, which account for nearly 80% of our employees. This certification establishes robust mechanisms to set global standards and practices to manage overall employee well-being in the workplace. It provides systemic guidance on how to manage risks related to employee safety as part of an occupational health and safety management system. As of 2023, we are one of the few organizations that have achieved this accreditation.
Do the right thing
Operating equitably, sustainably and responsibly is the right thing to do. Our recent Silver rating from EcoVadis is a testament to the steps we’ve taken to evolve our operations, mitigate our climate impact and improve health outcomes for all to achieve our ESG goals.