Compliance at Zoho Projects


ISO/IEC 27001 is one of the most widely recognized independent international security standards. This certificate is awarded to organizations that comply with ISO’s high global standards. Zoho Projects has earned ISO/IEC 27001:2013 certification for Applications, Systems, People, Technology, and Processes.

ISO/IEC 27701 is an extension to the ISO/IEC 27001 and ISO/IEC 27002 standards for privacy management within the context of the organization. The certification standard is designed to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS). This standard enables organizations to demonstrate compliance with the various privacy regulations around the world that are applicable to them.

ISO/IEC 27017 gives guidelines for information security controls applicable to the provision and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002 and additional controls with implementation guidance that specifically relate to cloud services.

Zoho Projects is certified with ISO/IEC 27017:2015 - Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services.

ISO/IEC 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures on safeguarding the PII that is processed in a public cloud. These controls are an extension of ISO/IEC 27001 and ISO/IEC 27002, ISO/IEC 27018 which provide guidance to organizations concerned about how their cloud providers are handing personally identifiable information (PII).

ISO 9001 is defined as the international standard that specifies requirements for a Quality Management System (QMS). Organizations use the standard to demonstrate the ability to consistently provide quality products and services that meet customer and regulatory requirements.

SOC 1 Type 2-Zoho Projects is SOC 1 Type II compliant as per AICPA’s SSAE18 standard and IAASB’s ISAE 3402 standards. SOC 1 reports are primarily concerned with examining controls that are relevant for the financial reporting of customers.

SOC 2 Type II- Zoho Projects is SOC 2 Type II compliant. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA’s Trust Services Principles criteria.

SOC 2 + HIPAA - An independent third-party audit firm has examined the description of the system related to Application Development, Production Support and the related General Information Technology Controls for the services provided to customers, from Zoho offshore development centre, based on Security, Privacy and breach requirements set forth in the Health Insurance Portability and Accountability Act (“HIPAA”) Administrative Simplification. The responsibility of Zoho Projects is limited to the extent it acts as a ‘Business Associate’.

ESQUEMA NACIONAL DE SEGURIDAD (ENS) - Spain also known as National Security Scheme is a regulation in Spain. The ENS refers to the National Security Framework in Spain. It is a set of regulations and guidelines established by the Spanish government to ensure the security of information and communication systems in public administrations. The ENS provides a framework for managing and protecting information assets, promoting risk management, and establishing security measures to safeguard sensitive information. It is applicable to all public entities in Spain, including government agencies, local administrations, and public organizations. Zoho Projects is ENS certified with intermediate category(medium level).

CSA-The Cloud Security Alliance is a non-profit organization formed to define and raise awareness of best practices to help ensure a secure cloud computing environment and to help potential cloud customers make informed decisions when transitioning their IT operations to the cloud.The Consensus Assessments Initiative Questionnaire(CAIQ) is submitted by the cloud providers to document compliance with the Cloud Controls Matrix (CCM) and helps cloud service customers to assess the security capabilities and practices of a cloud service provider.

Zoho Projects has done a Self-Assessment for the cloud services. Download the CSA STAR Self-Assessment from CSA STAR Registry for Zoho Corporation Pvt Ltd

GDPR is a pan-European regulation that requires businesses to protect the personal data and privacy of EU citizens for processing of their personal data.

Zoho Projects has always demonstrated its commitment to its user’s data privacy by consistently exceeding industry standards. Zoho Projects welcomes GDPR as a strengthening force of the privacy-consciousness that already exists in it.

Zoho Projects has privacy features that comply to GDPR, and Zoho Projects processing of its customer’s data adheres to the data protection principle of the GDPR. To know more about how Zoho Projects complies with GDPR, click here.

CCPA is a data privacy law specific to the processing of personal information of California residents that requires businesses to protect their personal information and provides privacy.

Zoho has always demonstrated its commitment to its user’s data privacy by consistently exceeding industry standards. Zoho Projects welcomes CCPA as a strengthening force of the privacy-consciousness that already exists in it.

Zoho Projects have privacy features that enable it’s users to comply with the CCPA, and Zoho Projects’ processing of its Californian customer’s data adheres to requirements of the CCPA. To know more about this, click here.