Company > Compliance

Confidence through compliance

Zscaler adheres to rigorous security, availability and privacy standards, so that customers may adopt our services with confidence

The Zscaler Security Cloud was built with compliance in mind.

We are committed to ensuring that our global customers and partners are able to meet diverse compliance requirements. Download all available full reports.

ISO 27001

Zscaler has achieved the ISO 27001 certificate, including the ISO 27701 extension, attesting to the fact that our services are based on internationally recognized best practices for both Information Security Management and Privacy Information Management Systems. Full Report
View Zscaler’s Certification

ISO 27701

Zscaler has achieved the ISO 27001 certificate, including the ISO 27701 extension, attesting to the fact that our services are based on internationally recognized best practices for both Information Security Management and Privacy Information Management Systems. Full Report
View Zscaler’s Certification

Service Organization Control (SOC) 2, Type II Report

The SOC 2, Type II report provides independent validation that our security controls are in accordance with the American Institute of Certified Public Accountants’ applicable Trust Services Principles and Criteria. Full Report
View Zscaler’s Report


Zscaler Private Access (ZPA) achieved the FedRAMP-JAB High Authority to Operate, which enables ZPA to meet the requirements of civilian, DOD and Intelligence organizations. Zscaler Internet Access (ZIA) maintains a FedRAMP - Moderate level certification, which enables ZIA to meet the requirements for controlled unclassified information across federal government agencies.

FIPS 140-2

Zscaler is compliant with the Federal Information Processing Standard (FIPS 140-2), meeting NIST requirements for cryptographic modules.
View Zscaler’s Certificates #3154 for Zscaler Mobile Cryptographic Module, #3159 for Zscaler Crypto Module, and #3188 for Zscaler Java Crypto

CSA - Star

Zscaler is awarded CSA (Cloud Security Alliance) Security, Trust & Assurance Registry (STAR) Level 2 Certification at the Gold level.
View CSA STAR Level 2 Certificate

ISO 27018

ISO/IEC 27018:2014 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO/IEC information security standard 27002 and provides implementation guidance on ISO/IEC 27002 controls applicable to public cloud Personally Identifiable Information (PII). Full Report
View Zscaler’s Certification

IRAP Report

Zscaler Private Access (ZPA) and Zscaler Internet Access (ZIA) have been audited by a certified IRAP auditor, and can demonstrate Zscaler's compliance with related Australian government standards. Full Report
View IRAP Report

ITAR Report

The ITAR International Traffic in Arms Regulations report provides for its Zscaler Private Access (ZPA) and Zscaler Internet Access (ZIA) Government Cloud (“GovCloud”) platforms.
View ITAR Report

CJIS Report

Zscaler maintains compliance with Criminal Justice Information Services, ensuring the protection of information as required by CJIS Security Policy. Full Report
View CJIS Report

NCSC Certificate

Zscaler has joined the NCSC’s effort by attaining the organization’s Cyber Security Essentials certification in the UK. The NCSC certification enables us to be a provider on the Commercial Crown Services contract supporting UK government agencies. The NCSC certification has been required for suppliers to UK government agencies that handle certain types of sensitive and personal information.
View NCSC Certificate

TIC 3.0 Vendor Overlay

Zscaler completed the TIC 3.0 Overlay review with DHS CISA. TIC is a federal cybersecurity initiative intended to enhance network and perimeter security across the Federal Government. The goal of TIC 3.0 is to secure federal data, networks, and boundaries while providing visibility into agency traffic, including cloud communications.
View TIC 3.0 Vendor Overlay

VPAT / Section 508

Section 508 was enacted to eliminate barriers in information technology, to make available new opportunities for people with disabilities, and encourage the development of technologies that will help achieve these goals.

NIST  800-63C

National Institute of Standards and Technology Special Publication 800-63C, provides requirements to identity providers (IdPs) and relying parties (RPs) of federated identity systems.
View Zscaler's Certification

Data privacy and security are integral to Zscaler

Zscaler ensures that millions of employees at thousands of enterprise and government organizations worldwide are protected against cyberattacks and data breaches. Each organization faces unique regulatory challenges based upon industry, geography, and other factors, and the Zscaler platform is designed to simplify compliance and reporting, globally. Each day, Zscaler secures more than 400 of the Forbes Global 2000 organizations across 185 countries.

Zscaler Compliance Cloud Map

Our focus on security

Security is at the heart of the services we offer customers, and as a company we also rely on Zscaler security to protect against malicious attacks and data loss. Not surprisingly, security is central to our company and culture. For more information regarding our compliance practice email us at [email protected].

Security awareness

Security awareness

At Zscaler, we follow industry best practices and we require all employees to undergo extensive annual security trainings. We continuously strive to improve our security programs and controls and seek feedback from customers, body auditors, and internal teams. Because we believe that security and strategic initiatives should be closely aligned, our CISO reports to the Chief Strategy Officer.

Secure product development and maintenance

Secure product development and maintenance

We have implemented security checks across our development lifecycle and our product is continuously evaluated by internal security teams and external auditors. Our cloud platform is monitored in real time and we provide publicly available insight into the performance and health of our service, globally. In addition, we perform regular vulnerability scans, risk assessments, and penetration tests to maintain the highest standards of security and availability.

Securing customer information

Securing customer information

Customer information is protected in accordance with best-of-breed frameworks and standards like ISO 27001. We guarantee that the customer transaction content we inspect as part of our service offering is never written to disk and logs are never stored in clear text.

Our dedicated research team analyzes threats we see across our security cloud and investigates the global threat landscape. We share our research and cloud data with the industry at large to help promote a safer internet.

Trust Portal

Get real-time insight into our operations

Our customers entrust us with securing their internet connections, and we take that responsibility seriously. That’s why we believe in transparency, offer a window into the health of the platform to anyone at any time, showing operational status, upcoming maintenance windows, incidents, and security advisories, along with historical data.

Check your internet security with Zscaler Security Preview

Data protection and privacy in a cloud-enabled world

Zscaler is committed to our customers’ success, including compliance with global privacy regulations, and will assist our customers in satisfying their privacy compliance obligations. Learn how Zscaler supports your privacy compliance efforts.