Products > Data Pivacy and Compliance

Data Privacy and Compliance

Considerations for a cloud-enabled world

Data privacy, compliance, and security are at the core of Zscaler’s business

Zscaler is designed to address the unique security, data privacy, and compliance challenges each organization faces. Every day, Zscaler protects millions of employees at thousands of enterprises and government organizations, including more than 400 of the Forbes Global 2000.

Read About Our Architecture
image of Zscaler data centers world wide

To make compliance, reporting, and data privacy easier, we built them into our architecture

Zscaler built from scratch an infinitely scalable, cost-effective, multitenant cloud security architecture that comprises three key components for control, enforcement, and logging—all of which are critical for compliance.

Control Plane: Central Authority

Brain of the cloud that manages monitoring, updates, policy and configuration settings, and threat intelligence

Enforcement Plane: Zscaler Enforcement Nodes

Security, management, and compliance policies are enforced consistently, no matter where the user connects

Logging Plane: Nanolog Technology

Transmits logs over secure connections, and may be used to generate reports, streamed to a SIEM, or written to disk according to regulations

image of Zscaler architecture diagram

The Zscaler cloud provides centralized, enterprise-wide visibility to help you manage and maintain your compliance with applicable regulations

Zscaler and PCI DSS

As companies embrace digital transformation and the borders of the enterprise network blur, maintaining Payment Card Industry Data Security Standard (PCI DSS) compliance has become increasingly complex. Zscaler is committed to helping companies secure customer payment data in accordance with PCI DSS.

Zscaler and PCI DSS

Zscaler and HIPAA

Complying with HIPAA regulations and protecting sensitive patient data can be a challenge as patient care methods continue to evolve. Zscaler helps healthcare organizations improve their security postures and enforce consistent security and access policies for all users, wherever their users are working with patients–in a healthcare facility, online, or through a mobile device.

Zscaler and HIPAA

Zscaler’s FedRAMP Authorized cloud architecture securely connects teleworkers to agency applications

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) issued new TIC 3.0 guidance allowing agencies to use direct-to-cloud connections through cloud service providers that meet CISA guidelines. Now, agencies can avoid the risk of a VPN exposing infrastructure, and the latency created by forcing traffic through TIC before going out to cloud destinations.

The Zscaler FedRAMP Authorized telework solution offers agencies a modern cloud architecture that deploys quickly, provides a fast user experience, and scales easily to handle a surge in telework.

Learn More
image of the White House

Zscaler can help you with your GDPR, CCPA, and other regulatory compliance efforts

Zscaler and the General Data Protection Regulation (GDPR)

Zscaler is committed to our customers’ success, including compliance with applicable privacy laws. Like with other existing privacy laws, including the current data protection directive, compliance with GDPR will require a partnership between Zscaler and our customers in their use of our services and products.

flag of EU

Australian and New Zealand Data Privacy

As with GDPR, compliance with data privacy laws in Australia and New Zealand will require a partnership between Zscaler and our customers in their use of our services and products. Zscaler remains committed to protecting personal data in compliance with the highest standards of privacy and security.

flag of Australia and New Zealand

Zscaler EU-U.S. Privacy Shield Certification

As an early adopter of the Privacy Shield, Zscaler furthers its commitment to protecting privacy and customer data. Zscaler customers can be assured that personal data transferred from the EU to the United States will be protected by the safeguards set by the Privacy Shield.

flag of EU & U.S

Zscaler and the California Consumer Privacy Act (CCPA)

Zscaler remains committed to protecting personal data in compliance with the highest standards of privacy and security. As with other privacy laws, compliance with the CCPA will require a partnership between Zscaler and our customers in their use of our services and products.

Learn More
image of the SF Golden Gate bridge
ISO 27001 certified emblem

Zscaler is ISO27001-certified and provides 99.999% availability SLA—with additional SLAs on latency and virus capture too.

NOTE:

While this site is designed to help organizations understand various global regulations in connection with Zscaler's services and products, the information contained herein may not be construed as legal advice and organizations should consult with their own legal counsel with respect to interpreting their unique obligations under applicable global regulations.