Logo
Trust Center
Contact
ZenGRC Information Security and Compliance Statement
ZenGRC maintains an unwavering commitment to protecting your information through our comprehensive Information Security Management System (ISMS). Our security program is designed to safeguard all information assets while ensuring business continuity and operational excellence.

Our Security Framework

We have implemented a robust security framework that:
  • Protects against unauthorized access, use, disclosure, disruption, modification, and destruction of information
  • Minimizes operational impacts through proactive risk management
  • Ensures compliance with regulatory and contractual requirements
  • Drives continuous improvement through regular risk assessments

Compliance Standards

Our security program aligns with leading industry standards:
  • SOC 2 Type II Trust Services Criteria
  • NIST Cybersecurity Framework (CSF) 2.0
  • ISO 27001:2022

Compliance Reporting Schedule

We maintain transparency through regular third-party audits and assessments.SOC 2 Type II Audit Report
  • Frequency: Annual
  • Publication: February
Supplier Security and Privacy Assurance (SSPA) Program Audit
  • Frequency: Annual
  • Publication: August
We remain committed to maintaining the highest standards of security and compliance to protect our customers' information assets.
Reports

✅ SOC 2 Type II

✅ Microsoft Supplier Security & Privacy Assurance Program

✅ Application Penetration Test

✅ Network Penetration Test

Self-Assessments

✅ CAIQ

✅ HECVAT

✅ MVSP

Polices

✅ Acceptable Use Policy

✅ Access Control Policy

✅ Asset Management & Equipment Maintenance Policy

✅ Audit Logging and Monitoring Policy

✅ Breach Notification Policy

✅ Business Continuity & Disaster Recovery Policy

✅ Change Management Policy

✅ Data Classification & Handling Policy

✅ Incident Management Policy

✅ Risk Management Policy

✅ Security Awareness & Training Policy

✅ Third-Party Risk Management Policy

Overview
ZenGRC's Security Trust Center is a centralized location for key information and resources on ZenGRC's security posture, compliance and security documentation. The ZenGRC Security Trust Center is used by organizations in these distinct ways:
  • Organizations can access comprehensive documentation about ZenGRC's security controls, compliance certifications, and attestation reports, enabling them to conduct thorough vendor security assessments and maintain their own compliance requirements when using ZenGRC as a critical business system.
  • Security and compliance teams can review detailed information about ZenGRC's security practices, infrastructure security, data protection measures, and privacy policies through an intuitive portal, providing transparency into how ZenGRC safeguards customer data and maintains its security posture.
Compliance
Logo

SOC 2® - SOC for Service Organizations: Trust Services Criteria - 2017 with March 2020 Updates

Logo

General Data Protection Regulation (GDPR) - 2016

Subprocessors
Logo

Marketo

Logo

AWS

Logo

Atlassian

Logo

Cribl

Logo

Elastic

Logo

Fivetran

Logo

Gainsight

Logo

Gong

Logo

Google

Logo

Microsoft

Logo

Okta

Logo

Pendo.io

Logo

Salesforce

Logo

Twilio

Resources

SOC 2 Type II Report - ZenGRC - 2024

White Paper - ZenGRC AI Systems Data Security and Privacy

Network Diagram

2025 ZenGRC Web App + External Network Pentest

Acceptable Use Policy

Powered By

ZenGRC

Copyright © 2025