Offices are ISO 27001, 27701 and 27017 certified
“Our clients trust ZS to do the right thing. Robust security and privacy compliance credentials help us exceed that expectation.”
Dan Holohan, Chief Information Officer, ZS
Enterprise process certifications
We pursue recognized worldwide certifications to make sure we’re building the appropriate standardization and quality into our documentation, processes, products and services.
Data and technology guidelines
ZS keeps our teams up to date on the latest security and privacy frameworks and standards for data management. This includes our work to align our policies and processes with the National Institute of Standards and Technology (NIST) in the U.S., with other associated benchmarks, frameworks and standards we comply with, and with those that underpin our technology solutions that are used globally.
“At ZS, we consider our environments an extension of our clients’ threat landscapes, which is why we work to mature our security posture while decreasing risk to ZS and our clients.”
Andre Elder, Chief Information Security Officer, ZS
ISO 27001 certification: Information security management system
ZS’s ISO 27001 certification for 28 office locations focuses on protecting confidentiality, integrity and the availability of information. ISO 270001 certification demonstrates ZS’s commitment to information technology, security techniques and information security management systems. It helps ensure that all of the information, data, associated systems and resources that ZS handles are protected.
ISO 27701 certification: Privacy information management
The ISO 27701 standard provides guidance on how to establish, implement, maintain and continually improve a Privacy Information Management System (PIMS). It prepares organizations to put standards in place that will help them comply with global data protections including GDPR.
ISO 27017 certification: Code of practice for cloud security controls
The ISO 27017 standard is an international framework that can help reduce the risk of data breaches and build client trust by indicating an organization’s commitment to information security. The standard also gives guidance on what to expect from cloud service providers.
SOC 2 Type 2 and SOC 3 Attestations: Service Organization Control
ZS has completed this for its JAVELIN and ZAIDYN suite of applications. SOC 2 and SOC 3 attestations assure customers and prospects that a company is taking all the steps to keep data safe, protecting it from damaging breaches. Our SOC 2 Type 2 and SOC 3 attestations apply AICPA’s Trust Service Principles examining security, availability, confidentiality and privacy of our products and platforms to ensure our company’s security and privacy programs meet these objectives over a period of time.
Multi-Level Protection Scheme (MLPS) China: Level 3 certified
We have achieved this cybersecurity compliance standard for our instances of ZAIDYN™ Data & Analytics in China. Level 3 of information security as determined by the Ministry of Public Security in China applies to protect systems that would result in harm to social order, public interest and national security if damaged.
Capability Maturity Model Integration (CMMI): Level 3 certified
ZS’s Business Technology capability group in India has been assessed at a CMMI maturity Level 3 by the Quality and Accreditation Institute (QAI) of India. CMMI is a model for evaluating the efficacy of an organization’s processes by developing and comparing essential competencies. CMMI Maturity Level-3 means that the organization is performing at a “defined” level, where processes are thoroughly characterized and understood, as well as documented in standard procedures, tools and methodologies.
HITRUST: Health Information Trust Alliance for ZS Connected Research Platform and ePHI enclave
The HITRUST certification demonstrates an organization’s credibility and status in the healthcare industry based on how it follows the HITRUST Common Security Framework (CSF). It is both risk- and compliance-based, providing a global approach that combines multiple standards and regulations into a single framework.
“We pursue certifications that prioritize the physical safety of our employees and their well-being to maintain a productive, innovative and engaged workforce.”
Mohit Sood, Regional Managing Principal, ZS
ISO 45001 certification: Occupational health and safety management
ZS’s ISO 45001 certification covers our largest offices, which account for nearly 80% of our employees. This certification focuses on establishing robust mechanisms to provide safe and healthy workplaces for our employees and to avoid work-related health risks. Our commitment to this certification ensures that ZSers experience a safe and healthy work environment.
ISO 45003 certification: Psychological health and safety at work
ZS’s ISO 45003 certification covers our largest offices, which account for nearly 80% of our employees. This certification establishes robust mechanisms to set global standards and practices to manage overall employee well-being in the workplace. It provides systemic guidance on how to manage risks related to employee safety as part of an occupational health and safety management system. As of 2023, we are one of the few organizations that have achieved this accreditation.
Do the right thing
Operating equitably, sustainably and responsibly is the right thing to do. Our recent Silver rating from EcoVadis is a testament to the steps we’ve taken to evolve our operations, mitigate our climate impact and improve health outcomes for all to achieve our ESG goals.