Zendesk has a comprehensive incident management process for handling security events. This process includes a response time under which Zendesk will notify subscribers within 48 hours of verifying a security incident affecting your service data. The incident response program involves 24/7 monitoring systems and on-call staffing to address service incidents promptly. The process also outlines procedures for notification, escalation, mitigation, and documentation.
Zendesk uses encryption to protect your service data during transmission. They maintain commercially reasonable safeguards, including encryption of service data at rest and in transmission using TLS or similar technologies. This ensures the…
Zendesk restricts administrative access to production systems to approved personnel only. Each person is assigned unique IDs and cryptographic keys or complex ephemeral tokens to authenticate and track their activities. Access rights are based on…
Zendesk's data centers employ robust security measures to protect service data. These include a dedicated security organization operating 24/7, restricted access to areas with system components, and industry-standard security policies….
Zendesk requires third-party service providers to implement appropriate technical and organizational security measures. These include physical access controls, system access controls, data access controls, transmission controls, input controls,…
Zendesk provides information on its compliance with security obligations through certifications and audits. Upon request, Zendesk can share its ISO 27001 certification and/or SOC 2 or SOC 3 reports with subscribers, provided they are not…