“Safety, security, and privacy are at the heart of how we make decisions at Zoom and enhance our platform,” he said
Third-party certifications and attestations demonstrate effectiveness
At Zoom, third-party certifications and standards are integral to its security program’s foundation. Zoom recently expanded its list of growing attestations with the following:
- Publication of a Data Protection Impact Assessment (DPIA) on Zoom’s Meetings, Webinar, and Chat services from SURF. SURF, the collaborative organization for IT in Dutch education and research, and Zoom agreed to several actions in the course of collaborating on the DPIA. These include new features, improved transparency and documentation, enhanced practices, and a measurement plan. Learn more about the outcomes here.
- Achievement of the Cyber Essentials Plus certification. This demonstrates Zoom’s commitment to the
UKby achieving a security scheme, which makes it easier for local customers to assess the company’s IT systems. Learn more about this certification here.
- Provisional Authorization (PA) for Zoom for Government from
Defense Information Systems Agency(DISA) for the Department of Defense( DoD) at Impact Level 4 (IL4). With this PA, the entire Zoom for Government platform will be available for use for those organizations in need of IL4-authorized solutions. Learn more about this authorization here.
- Common Criteria Certification. The Zoom Meeting Client is the first video communications client to attain certification for Common Criteria Evaluation Assurance Level 2 (v3.1 rev. 5), issued by the
German Federal Office for Information Security(BSI). Learn more about the certification here.
- ISO / IEC 27001: 2013 certification and SOC 2 + HITRUST requirements. Zoom Meetings, Zoom Phone, Zoom Chat, Zoom Rooms, and Zoom Webinar are now certified as
International Organization for Standardization(ISO) / International Electrotechnical Commission(IEC) 27001: 2013 compliant. Zoom also expanded the scope of its SOC 2 Type II report to include additional criteria to meet Health Information Trust Alliance Common Security Framework (HITRUST CSF) control requirements. Learn more here.
Features designed for security and privacy
In addition, Zoom continues to enhance its security features for all users with the introduction of recent innovations such as automatic updates in the Zoom client. With automatic updates, Zoom is helping users to receive important security fixes and other features, improving their overall experience with the Zoom platform.
Innovations that will soon be available include a Bring Your Own Key (BYOK) offering, which will be released this year, and Zoom’s end-to-end encryption (E2EE) offering will be rolled out to Zoom Phone, for one-on-one , intra-account phone calls that occur via the Zoom client later this year.
Industry collaboration for a more secure future
To meet the growing needs of its global customer base, Zoom has established programs that bring in expertise and skills from around the world to inform security innovation and identify potential threats. These include a
- Zoom X powered by Telekom. Zoom and Deutsche Telekom committed to developing a joint solution specifically for the German market called Zoom X powered by Telekom, which combines the experience customers love from Zoom with the trusted network and service delivered by Deutsche Telekom. Leveraging Zoom’s seamless video communications platform, customers are enabled to set up and manage meetings intuitively across all end devices.
- Zoom for Government. Zoom for Government, which is designed for
USfederal agencies, is also available to USstate and local government customers, as well as other approved businesses and organizations that support the USgovernment. Zoom for Government includes 256-bit AES-GCM encryption as well as optional end-to-end encryption (E2EE) for Zoom Meetings. The Zoom for Government platform (which includes Zoom Meetings, Zoom Webinar, Zoom Chat, and Zoom Phone) has achieved the following:
- FedRAMP Moderate authorization in
- An Authorization to Operate with Conditions (ATO-C) at
Department of Defense Impact Level4 (DoD IL4) for Zoom Meetings with the Department of the US Air Forcein June 2021
- A Provisional Authorization from the
Defense Information Systems Agency for DoD IL4in March 2022
- A Criminal Justice Information Services (CJIS) attestation in
- A HIPAA attestation in
- FedRAMP Moderate authorization in
Tapping into the power of the security community
In addition to the daily testing that Zoom conducts on its solutions and infrastructure, Zoom invested in a skilled global team of security researchers via a private bug bounty program. Hosted on HackerOne’s platform, the world’s most trusted provider of ethical hacking solutions, the program led to the recruitment of over 800 security researchers whose collective work resulted in the submission of numerous bug reports, and awards of over
Furthering education on Zoom security and privacy features
Zoom keeps privacy and security top of mind for all end users. Zoom launched its Trust Center, a one-stop shop for assets and information on Zoom compliance, privacy, safety, and security. It includes compliance and corporate governance resources, a detailed privacy overview, security resources and certifications, a detailed trust and safety overview, and more. Zoom also recently introduced its Learning Center, which provides a series of free courses to get the most out of Zoom. Users can complete the “Zoom Security Basics” training and earn the “Security Champion” badge.
To learn more about Zoom privacy and security, explore Zoom’s Trust Center.
Zoom is for you. Zoom is a space where you can connect to others, share ideas, make plans, and build toward a future limited only by your imagination. Our frictionless communications platform is the only one that started with video as its foundation, and we have set the standard for innovation ever since. That is why we are an intuitive, scalable, and secure choice for individuals, small businesses, and large enterprises alike. Founded in 2011,
Zoom Public Relations
Source: Zoom Video Communications, Inc.