Confidence Through Compliance
Zscaler adheres to rigorous security, availability, and privacy standards so customers can adopt our services with confidence.
Our compliance team works to ensure all Zscaler products are aligned and certified against internationally recognized government and commercial standards—frameworks to build customers' confidence by providing pertinent solutions. Zscaler compliance enablers are built on foundational programs focusing on data protection and regulatory requirements, including ISO 27001, ISO 27701, SOC 2, FedRAMP and various others, depending on the specific Zscaler product and customer needs.
We are committed to ensuring that our global customers and partners can meet diverse compliance requirements. To download any compliance certification reports for IT standards Zscaler complies with, please submit this request form.
Global commercial certifications
Global government certifications
White papers and attestations
Data privacy and security are integral to Zscaler
Zscaler ensures that millions of employees at thousands of enterprise and government organizations worldwide are protected against cyberattacks and data breaches. Each organization faces unique regulatory challenges based on industry, geography, and more, and the Zscaler platform is designed to simplify compliance and reporting globally. Each day, Zscaler secures more than 30% of the Forbes Global 2000 across 185 countries.
Our focus on security
Security is at the heart of our services, and we also rely on Zscaler security to protect against attacks and data loss. Security is central to our company and culture. For more information about our compliance practice, email us at [email protected].
At Zscaler, we follow industry best practices and require all employees to undergo extensive annual security training. We continuously strive to improve our security programs and controls, and we seek feedback from customers, auditors, and internal teams. Because we believe that security and strategic initiatives should be closely aligned, our CISO reports to the chief strategy officer.
We have implemented security checks across our development lifecycle, and internal security teams and external auditors continuously evaluate our products. Our cloud platform is monitored in real time, and we provide publicly available insight into the performance and health of our service, globally. In addition, we perform regular vulnerability scans, risk assessments, and penetration tests to maintain the highest standards of security and availability.
Customer information is protected in accordance with best-of-breed frameworks and standards like ISO 27001. We guarantee that the customer transaction content we inspect as part of our service offering is never written to disk and logs are never stored in clear text.
Our dedicated research team analyzes threats we see across our security cloud and investigates the global threat landscape. We share our research and cloud data with the industry at large to help promote a safer internet.
Get real-time insight into our operations
Our customers entrust us with securing their internet connections, and we take that responsibility seriously. That’s why we offer a window into the health of the platform to anyone at any time, showing operational status, upcoming maintenance windows, incidents, and security advisories, along with historical data.