Information Security and Data Privacy at Zenda
Robust security and privacy are core principles at Zenda. We have established policies and procedures governing the use, access, management and operation of the Zenda software. Access to our systems and data is governed on the principle of least-privilege and minimum-necessary required.
SOC 2 Type II Compliant
Your data security is our priority. ZENDA is fully committed to industry-leading protection and maintains SOC 2 Type II compliance, ensuring our controls operate effectively over time. You can learn more about our security practices in our Trust Center.
Third-Party Security Testing
We engage with third-party security vendors in an ongoing basis for routine vulnerability scanning, automated penetration testing, and system monitoring. We engage Advantage Partners for annual external penetration testing.
Layered Security
We maintain an in-depth strategy for securing all layers of our operating and engineering environment. Access to customer environments is tightly restricted and customers are logically separated.
Rapid Resolution
Security vulnerabilities in our environment are monitored, evaluated and triaged as needed. Zenda also maintains a robust incident response and management process that is tested annually.
Annual Security Training
Our team members are required to undergo annual security awareness training to ensure their understanding of company policies and procedures, as well as security best practices.
Data Encryption
All customer data is encrypted at rest with the AES 256-bit standard. Data in transit is encrypted with the TLS 1.2 encryption standard. Encryption keys are systematically managed and are rotated on a routine basis.
Vendor and Partner Security
We maintain a vendor management and due diligence process whereby all potential vendors and partners that may be part of our services are evaluated and monitored in an ongoing basis for changes to their security posture.
