Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

A Crowning Achievement: Cyber Security Essentials Certification in the UK

October 14, 2020 - 3 min read

The National Cyber Security Centre (NCSC) is on a mission to make the UK the safest place to live and work online. I’m excited to say that Zscaler has joined the NCSC’s effort by attaining the organization’s Cyber Security Essentials certification in the UK. This certification is the latest achievement in Zscaler’s compliance expansion initiative that the company is pursuing in support of partners and customers around the world.

Zscaler serves many organizations across the UK and partners closely with BT Group. The NCSC certification enables us to be a provider on the Commercial Crown Services contract supporting UK government agencies.

The NCSC has served as a single resource for government agencies, companies of all sizes, and the general public to help them protect themselves from a range of cyberattacks, and it works with law enforcement, defense companies, the UK’s intelligence and security agencies, and international partners. In 2014, the NCSC established its Cyber Essentials certification, and, since October of that year, the certification has been required for suppliers to UK government agencies that handle certain types of sensitive and personal information. 

Every organization today faces the risk of a cyberattack—no one is immune. But government agencies carry a particular burden as they must protect sensitive data that constituents are required to provide. Furthermore, any downtime as a result of a breach can disrupt the delivery of critical services, such as law enforcement or healthcare. Earlier this year, INTERPOL reported that attackers were targeting hospitals already stretched thin in the fight against COVID-19: “Cybercriminals are using ransomware to hold hospitals and medical services digitally hostage; preventing them from accessing vital files and systems until a ransom is paid.” Attacks against state and local governments in the U.S. increased by 50 percent in 2020, according to GCN.

The good news is that many governments are taking the lead in modernizing IT by shifting their applications and infrastructures to the cloud, which has the added benefit of enhancing security. Zscaler was created for this world in which applications have moved out of the data center and users have moved off the trusted network. By sending user traffic through the Zscaler Zero Trust Exchange, the world’s largest security platform built for the cloud, agencies can reduce cyber risk and significantly improve the user experience for their employees connecting from home—and anywhere.

Zscaler ensures that millions of employees at thousands of enterprise and government organizations worldwide are protected against cyberattacks and data breaches. Each organization faces unique regulatory challenges based upon industry, geography, and other factors, and the Zscaler platform is designed to simplify compliance and reporting, globally. Zscaler is also committed to ensuring that our global customers and partners are able to meet diverse compliance and global privacy requirements, including those defined by GDPR, CCPA, PIPEDA, and many more.

Zscaler meets a range of compliance requirements:

Service Organization Control (SOC) 2, Type II in accordance with the American Institute of Certified Public Accountants’ applicable Trust Services Principles and Criteria.

FedRAMP High certification at multiple levels that meet the requirements of federal government agencies, including civilian, DoD, and intelligence organizations.

FIPS 140-2 Federal Information Processing Standard that meets NIST requirements for cryptographic modules.

CSA – Star Cloud Security Alliance Gold-level Security, Trust & Assurance Registry (STAR) Level 2 Certification

ISO 27701, certification assures that  Zscaler services are based on internationally recognized best practices for information security management systems.

ISO 27018 focuses on the protection of personal data in the cloud

Criminal Justice Information Services (CJIS) compliance ensures the protection of information as required by Criminal Justice Information Services Security Policy

Information Security Registered Assessors Program (IRAP) ensures that appropriate controls are in place for addressing the requirements of the Australian government Information Security Manual (ISM) produced by the Australian Cyber Security Centre (ACSC). 

Learn more at zscaler.com/privacy-compliance/compliance

Stephen R. Kovac is the Zscaler Vice President of Global Government and Compliance

form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.