Information Security and Data Privacy at Zenda
Robust security and privacy are core principles at Zenda. We have established policies and procedures governing the use, access, management and operation of the Zenda software. Access to our systems and data is governed on the principle of least-privilege and minimum-necessary required.
SOC 2 Compliant
This achievement indicates that our handling and processing of customers’ data meets key security standards. The protection of customer data is the highest priority for our team and we’re committed to building a robust security & compliance program. We’re thrilled to celebrate this milestone as another way of building trust with our customers. We partnered with Advantage Partners & Vanta to seamlessly guide us through the compliance process.
Third-Party Security Testing
We engage with third-party security vendors in an ongoing basis for routine vulnerability scanning, automated penetration testing, and system monitoring. We engage Advantage Partners for annual external penetration testing.
Layered Security
We maintain an in-depth strategy for securing all layers of our operating and engineering environment. Access to customer environments is tightly restricted and customers are logically separated.
Rapid Resolution
Security vulnerabilities in our environment are monitored, evaluated and triaged as needed. Zenda also maintains a robust incident response and management process that is tested annually.
Annual Security Training
Our team members are required to undergo annual security awareness training to ensure their understanding of company policies and procedures, as well as security best practices.
Data Encryption
All customer data is encrypted at rest with the AES 256-bit standard. Data in transit is encrypted with the TLS 1.2 encryption standard. Encryption keys are systematically managed and are rotated on a routine basis.
Vendor and Partner Security
We maintain a vendor management and due diligence process whereby all potential vendors and partners that may be part of our services are evaluated and monitored in an ongoing basis for changes to their security posture.
