Zoom gets a host of extra security certifications

Zoom Events log in page
(Image credit: Zoom)

Video conferencing and collaboration platform Zoom seems to be going above and beyond to prove that its data security practices are up to standard. 

After settling a class-action lawsuit that alleged the company was in breach of privacy laws and put its users’ data at risk, it has now announced compliance with two industry-recognized certifications and security attestations.

In a press release, Head of Security Standards, Compliance, and Customer Assurance at Zoom, Heather Ceylan, said the company expanded its list of security certificates, adding ISO/IEC 27001:2013 and SOC 2 + HITRUST.

"Rigorous" security

Zoom Meetings, Zoom Phone, Zoom Chat, Zoom Rooms, and Zoom Video Webinars are now certified as International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) 27001:2013 compliant. 

An independent, third-party auditor analyzed these products, the video conferencing company said, adding that the certificate requires developing and implementing a “rigorous security program”, including operationalizing an Information Security Management System (ISMS). 

Such a system is necessary to manage, monitor, review, and iterate on a company’s security program, Zoom added.

Settling lawsuits

After expanding the scope of its existing SOC 2 Type II report, it now includes additional criteria, finally meeting the control requirements for the Health Information Trust Alliance Common Security Framework, or HITRUST CSF. 

This security framework takes advantage of both domestic, and international regulation, including GDPR, ISO, and the likes. 

Wrapping up the announcement, Ceylan said the introduction of these standards demonstrates the company’s “commitment to data protection and user security”. 

“As we continue to evolve our security program here at Zoom, third-party certifications and attestations will continue to serve as a critical component of our work to create a platform built on trust.”

In the lawsuit that was settled in early December, it was claimed that Zoom Meetings shared certain user information with third parties, did not do everything it could to prevent unwanted meeting disruption by third parties, and that the company falsely advertised its service as end-to-end encrypted.

Even with the settlement, Zoom denied any liability whatsoever and said it believes that no member of the Settlement Class, including the Plaintiffs, has sustained any damages or injuries due to these allegations.

  • You might want to check out our list of the best webcams right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.