Zoom Security and Compliance FAQ

Frequently Asked Questions

In the event your company needs assistance completing a security or compliance assessment or questionnaire, the Zoom Trust Center provides you with self-service access to the resources you need to complete your assessment, including responses to the most common industry standard questionnaires, third-party certifications and attestations, and other artifacts and validated assessments. The resources most frequently used by our customers to complete the security and compliance assessments include:

  • Zoom Trust Center – Compliance: Your go-to resource for security and compliance-related certifications and attestations. On Zoom’s Trust Center, you can find details about our security certifications, attestation reports, and pre-filled industry standard questionnaires. Customers will need to create a Whistic account using their company email address to access and/or download Zoom’s security and compliance documentation.
  • CSA CAIQ Questionnaire: The CSA Consensus Assessments Initiative Questionnaire (CAIQ) provides a set of responses to standard cloud provider security assessments with over 250 questions. This document is available on the Zoom Trust Center.
  • SIG Questionnaire: The Standardized Information Gathering (SIG) questionnaire is intended for use by customers using Shared Assessments’ SIG Questionnaire Tools to standardize their process for third-party risk assessments. Zoom has completed the SIG Core questionnaire, which has over 800 answers to questions around access control, compliance, privacy, application, and network security (among many other sections) that should assist customers with their due diligence processes. Zoom’s SIG questionnaire can be found on Zoom’s Trust Center.
  • CyberGRX Validated Assessment: Zoom has partnered with CyberGRX to answer over 1,000 security questions – and CyberGRX, utilizing their strategic partners Deloitte and KPMG, has validated and reported on Zoom’s assessment.
  • Best Practices for Securing Zoom Meetings: Whitepaper providing customers with details on how to implement best practices for securing Zoom Meetings.
  • Zoom Encryption Whitepaper: Provides customers with details about the encryption methods available on Zoom’s platform.
  • Privacy at Zoom and Privacy Resources – Zoom’s privacy pages contain  privacy statements and whitepapers, along with other global and industry specific privacy resources.

Whistic is a third-party tool Zoom uses to distribute our security and compliance documentation to customers. Customers will need to create a Whistic account using their company email address to access and/or download Zoom’s security and compliance documentation.

Zoom maintains a robust set of security certifications and attestations to help meet the collective needs of our customers in various geographies and industries. For the current list of certifications and attestations maintained by Zoom, please visit the Compliance page on the Zoom Trust Center.

Zoom makes certain third-party audit and attestation reports available to customers through the Zoom Trust Center; these reports can be accessed through the Compliance page.

The SOC 2 Type 2 bridge letter can be accessed on Zoom’s Trust Center via the SOC 2 Type 2 page.