Zoom Announces Latest Certifications and Innovations for Enhanced Platform Security
April 20 2022 - 8:00AM
Zoom Video Communications, Inc. (NASDAQ: ZM) today announced it has
recently received a variety of third-party certifications and
attestations, unveiled product innovations, and established
programs, which collectively demonstrate the many initiatives
undertaken at Zoom that help protect the security and privacy of
its users.
“Safety, security, and privacy are at the core of how we make
decisions at Zoom and enhance our platform,” said Jason Lee, Chief
Information Security Officer at Zoom. “We remain committed to being
a platform that users can trust for all of their online
interactions, information, and business.”
Third-party certifications and attestations demonstrate
effectivenessAt Zoom, third-party certifications and
standards are integral to its security program’s foundation. Zoom
recently expanded its list of growing attestations with the
following:
- Publication of a Data Protection Impact Assessment
(DPIA) on Zoom’s Meetings, Webinar, and Chat services from
SURF. SURF, the collaborative organization for IT in Dutch
education and research, and Zoom agreed to several actions in the
course of collaborating on the DPIA. These include new features,
improved transparency and documentation, enhanced practices, and a
measurement plan. Learn more about the outcomes here.
- Achievement of the Cyber Essentials Plus
certification. This demonstrates Zoom’s commitment to the
UK by achieving a security scheme, which makes it easier for local
customers to assess the company’s IT systems. Learn more about this
certification here.
- Provisional Authorization (PA) for Zoom for Government
from Defense Information Systems Agency (DISA) for the Department
of Defense (DoD) at Impact Level 4 (IL4). With this PA,
the entire Zoom for Government platform will be available for use
for those organizations in need of IL4-authorized solutions. Learn
more about this authorization here.
- Common Criteria Certification. The Zoom
Meeting Client is the first video communications client to attain
certification for Common Criteria Evaluation Assurance Level 2
(v3.1 rev. 5), issued by the German Federal Office for Information
Security (BSI). Learn more about the certification here.
- ISO/IEC 27001:2013 certification and SOC 2 + HITRUST
requirements. Zoom Meetings, Zoom Phone, Zoom Chat, Zoom
Rooms, and Zoom Webinar are now certified as International
Organization for Standardization (ISO) / International
Electrotechnical Commission (IEC) 27001:2013 compliant. Zoom also
expanded the scope of its SOC 2 Type II report to include
additional criteria to meet Health Information Trust Alliance
Common Security Framework (HITRUST CSF) control requirements. Learn
more here.
Features designed for security and privacy In
addition, Zoom continues to enhance its security features for all
users with the introduction of recent innovations such as
automatic updates in the Zoom client. With
automatic updates, Zoom is helping users to receive important
security fixes and other features, improving their overall
experience with the Zoom platform.
Innovations that will soon be available include a Bring Your Own
Key (BYOK) offering, which will be released this year, and Zoom’s
end-to-end encryption (E2EE) offering will be rolled out to Zoom
Phone, for one-on-one, intra-account phone calls that occur via the
Zoom client later this year.
Industry collaboration for a more secure future
To meet the growing needs of its global customer base, Zoom has
established programs that bring in expertise and skills from around
the world to inform security innovation and identify potential
threats. These include a CISO Council to foster a strategic
feedback loop for upcoming security and privacy innovation, and the
development of a Data Security and Protection (DSP) Toolkit in
support of the National Health Service (NHS). Additionally, Zoom
offers bespoke solutions for specific audiences across industries
and locations, such as:
- Zoom X powered by
Telekom. Zoom and Deutsche Telekom
committed to developing a joint solution specifically for the
German market called Zoom X powered by Telekom, which combines the
experience customers love from Zoom with the trusted network and
service delivered by Deutsche Telekom. Leveraging Zoom’s seamless
video communications platform, customers are enabled to set up and
manage meetings intuitively across all end devices.
- Zoom for Government. Zoom for
Government, which is designed for U.S. federal agencies, is also
available to U.S. state and local government customers, as well as
other approved businesses and organizations that support the U.S.
government. Zoom for Government includes 256-bit AES-GCM encryption
as well as optional end-to-end encryption (E2EE) for Zoom Meetings.
The Zoom for Government platform (which includes Zoom Meetings,
Zoom Webinar, Zoom Chat, and Zoom Phone) has achieved the
following:
- FedRAMP Moderate authorization in February 2019
- An Authorization to Operate with Conditions (ATO-C) at
Department of Defense Impact Level 4 (DoD IL4) for Zoom Meetings
with the Department of the U.S. Air Force in June 2021
- A Provisional Authorization from the Defense Information
Systems Agency for DoD IL4 in March 2022
- A Criminal Justice Information Services (CJIS) attestation in
January 2022
- A HIPAA attestation in March 2021
Tapping into the power of the security
communityIn addition to the daily testing that Zoom
conducts on its solutions and infrastructure, Zoom invested in a
skilled global team of security researchers via a private bug
bounty program. Hosted on HackerOne’s platform, the world’s most
trusted provider of ethical hacking solutions, the program led to
the recruitment of over 800 security researchers whose collective
work resulted in the submission of numerous bug reports, and awards
of over $2.4 million in bug bounty payments since the program was
introduced. In 2021 alone, Zoom awarded over $1.8 million across
401 reports.
Furthering education on Zoom security and privacy
featuresZoom keeps privacy and security top of mind for
all end users. Zoom launched its Trust Center, a one-stop shop for
assets and information on Zoom compliance, privacy, safety, and
security. It includes compliance and corporate governance
resources, a detailed privacy overview, security resources and
certifications, a detailed trust and safety overview, and more.
Zoom also recently introduced its Learning Center, which provides a
series of free courses to get the most out of Zoom. Users can
complete a “Zoom Security Basics” training and earn the “Security
Champion” badge. The Zoom Trust Center and Learning Center also
contain information on Zoom’s security features and how to keep
meetings secure. This includes pre-meeting and in-meeting settings
such as passwords set at the individual meeting, user, group, or
account level; meeting Waiting Rooms; the ability to lock a
meeting, remove, mute or place participants on hold; and much
more.
To learn more about Zoom privacy and security, explore Zoom’s
Trust Center.
About ZoomZoom is for you. Zoom is a space
where you can connect to others, share ideas, make plans, and build
toward a future limited only by your imagination. Our frictionless
communications platform is the only one that started with video as
its foundation, and we have set the standard for innovation ever
since. That is why we are an intuitive, scalable, and secure choice
for individuals, small businesses, and large enterprises alike.
Founded in 2011, Zoom is publicly traded (NASDAQ: ZM) and
headquartered in San Jose, California. Visit zoom.com and follow
@zoom.
Zoom Public RelationsMatt NagelSecurity &
Privacy PR Leadpress@zoom.us
Zoom Video Communications (NASDAQ:ZM)
Historical Stock Chart
From Apr 2024 to May 2024
Zoom Video Communications (NASDAQ:ZM)
Historical Stock Chart
From May 2023 to May 2024