Confidence through compliance
Zscaler adheres to rigorous security and availability standards,
so that customers may adopt our services with confidence.
The Zscaler Security Cloud was built with compliance in mind.
We are committed to ensuring that our global customers and partners are able to meet diverse compliance requirements.
Zscaler Private Access (ZPA) achieved the FedRAMP-JAB High Authority to Operate, which enables ZPA to meet the requirements of civilian, DOD and Intelligence organizations. Zscaler Internet Access (ZIA) maintains a FedRAMP - Moderate level certification, which enables ZIA to meet the requirements for controlled unclassified information across federal government agencies.
ISO/IEC 27018:2014 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO/IEC information security standard 27002 and provides implementation guidance on ISO/IEC 27002 controls applicable to public cloud Personally Identifiable Information (PII)View Zscaler’s Certification
Zscaler Private Access (ZPA) and Zscaler Internet Access (ZIA) have been audited by a certified IRAP auditor, and can demonstrate Zscaler's compliance with related Australian government standards.View IRAP Report
The ITAR International Traffic in Arms Regulations report provides for its Zscaler Private Access (ZPA) and Zscaler Internet Access (ZIA) Government Cloud (“GovCloud”) platforms.View ITAR Report
Zscaler has joined the NCSC’s effort by attaining the organization’s Cyber Security Essentials certification in the UK. The NCSC certification enables us to be a provider on the Commercial Crown Services contract supporting UK government agencies. The NCSC certification has been required for suppliers to UK government agencies that handle certain types of sensitive and personal information.View NCSC Certificate
TIC 3.0 Vendor Overlay
Zscaler completed the TIC 3.0 Overlay review with DHS CISA. TIC is a federal cybersecurity initiative intended to enhance network and perimeter security across the Federal Government. The goal of TIC 3.0 is to secure federal data, networks, and boundaries while providing visibility into agency traffic, including cloud communications.View TIC 3.0 Vendor Overlay
Data privacy and security are integral to Zscaler
Zscaler ensures that millions of employees at thousands of enterprise and government organizations worldwide are protected against cyberattacks and data breaches. Each organization faces unique regulatory challenges based upon industry, geography, and other factors, and the Zscaler platform is designed to simplify compliance and reporting, globally. Each day, Zscaler secures more than 400 of the Forbes Global 2000 organizations across 185 countries.
Our focus on security
Security is at the heart of the services we offer customers, and as a company we also rely on Zscaler security to protect against malicious attacks and data loss. Not surprisingly, security is central to our company and culture. For more information regarding our compliance practice email us at [email protected].
At Zscaler, we follow industry best practices and we require all employees to undergo extensive annual security trainings. We continuously strive to improve our security programs and controls and seek feedback from customers, body auditors, and internal teams. Because we believe that security and strategic initiatives should be closely aligned, our CISO reports to the Chief Strategy Officer.
Secure product development and maintenance
We have implemented security checks across our development lifecycle and our product is continuously evaluated by internal security teams and external auditors. Our cloud platform is monitored in real time and we provide publicly available insight into the performance and health of our service, globally. In addition, we perform regular vulnerability scans, risk assessments, and penetration tests to maintain the highest standards of security and availability.
Securing customer information
Customer information is protected in accordance with best-of-breed frameworks and standards like ISO 27001. We guarantee that the customer transaction content we inspect as part of our service offering is never written to disk and logs are never stored in clear text.
Our dedicated research team analyzes threats we see across our security cloud and investigates the global threat landscape. We share our research and cloud data with the industry at large to help promote a safer internet.
Get real-time insight into our operations
Our customers entrust us with securing their internet connections, and we take that responsibility seriously. That’s why we believe in transparency, offer a window into the health of the platform to anyone at any time, showing operational status, upcoming maintenance windows, incidents, and security advisories, along with historical data.
Check your internet security with Zscaler Security Preview
Data protection and privacy in a cloud-enabled world
Zscaler is committed to our customers’ success, including compliance with global privacy regulations, and will assist our customers in satisfying their privacy compliance obligations. Learn how Zscaler supports your privacy compliance efforts.