Zendesk requires third-party service providers to implement appropriate technical and organizational security measures. These include physical access controls, system access controls, data access controls, transmission controls, input controls, data protection, and logical separation. Zendesk also maintains a vendor security review program to assess and manage potential risks associated with these providers.
Zendesk uses encryption to protect your service data during transmission. They maintain commercially reasonable safeguards, including encryption of service data at rest and in transmission using TLS or similar technologies. This ensures the…
Zendesk has a comprehensive incident management process for handling security events. This process includes a response time under which Zendesk will notify subscribers within 48 hours of verifying a security incident affecting your service data….
Zendesk restricts administrative access to production systems to approved personnel only. Each person is assigned unique IDs and cryptographic keys or complex ephemeral tokens to authenticate and track their activities. Access rights are based on…
Zendesk's data centers employ robust security measures to protect service data. These include a dedicated security organization operating 24/7, restricted access to areas with system components, and industry-standard security policies….
Zendesk provides information on its compliance with security obligations through certifications and audits. Upon request, Zendesk can share its ISO 27001 certification and/or SOC 2 or SOC 3 reports with subscribers, provided they are not…