Zoho products (SaaS applications) have been awarded ISO 27018 Certification. Zoho’s practices were vetted by an independent third-party auditing firm to help Zoho in ensuring that Zoho standards of accountability for data-handling meet the difficult and rigid requirements for ISO.
ISO is an independent, non-governmental international organization with a membership of 164 national standards bodies.
The ISO audit included all of Zoho’s cloud offerings, including its ManageEngine and Site24x7 and all the application software that Zoho operates in the cloud – their Software-as-a-Service (Saas).
The auditors were able to take into account the data that is processed by Zoho in their capacity as a Personally Identifiable Information (PII) Processor (‘Service Data’).
Under the ISO/IEC 27018:2019 code of practices for safeguarding the PII that is processed in a public cloud, there are a number of controls which protect consumers, the customers of Zoho. Here are some key controls:
Note: Mentions of ‘we’, ‘our’, ‘us‘, in this blog refer to Zoho.
- You have the right to know what geographical location your data is stored in, information which should be available to you when signing up.
- Your Service Data will only be processed when you tell us it should, and it will not be used for any purpose other than for which you have provided.
- Our application teams have been trained in best practices for processing PII in the cloud, and are committed to providing features and capabilities that help our users secure and effectively manage their data.
- Our applications enable users to access, manage, rectify, export and erase their data.
- We have defined and implemented standards, procedures, and guidelines that detail how to handle data in a manner consistent with all regulatory and contractual obligations.
- The development, testing, and production environments are segregated, and controls have been put into place to minimize any security incidents.
- We comply with the obligations detailed in the Data Processing Agreements that we sign with our users. This agreement aligns with the mandates of applicable data protection laws.
These certifications and audit reports are a testament to Zoho’s commitment to industry requirements regarding data-handling accountability. They exemplify why First Direct Corporation chose to sell Zoho products.