ZenGRC Trust Center

ZenGRC Information Security and Compliance Statement

ZenGRC maintains an unwavering commitment to protecting your information through our comprehensive Information Security Management System (ISMS). Our security program is designed to safeguard all information assets while ensuring business continuity and operational excellence.

Our Security Framework

We have implemented a robust security framework that:

Protects against unauthorized access, use, disclosure, disruption, modification, and destruction of information
Minimizes operational impacts through proactive risk management
Ensures compliance with regulatory and contractual requirements
Drives continuous improvement through regular risk assessments

Compliance Standards

Our security program aligns with leading industry standards:

SOC 2 Type II Trust Services Criteria
NIST Cybersecurity Framework (CSF) 2.0
ISO 27001:2022

Compliance Reporting Schedule

We maintain transparency through regular third-party audits and assessments.SOC 2 Type II Audit Report

Frequency: Annual
Publication: February

Supplier Security and Privacy Assurance (SSPA) Program Audit

Frequency: Annual
Publication: August

We remain committed to maintaining the highest standards of security and compliance to protect our customers' information assets.

Reports

✅ SOC 2 Type II

✅ Microsoft Supplier Security & Privacy Assurance Program

✅ Application Penetration Test

✅ Network Penetration Test

Self-Assessments

✅ CAIQ

✅ HECVAT

✅ MVSP

Polices

✅ Acceptable Use Policy

✅ Access Control Policy

✅ Asset Management & Equipment Maintenance Policy

✅ Audit Logging and Monitoring Policy

✅ Breach Notification Policy

✅ Business Continuity & Disaster Recovery Policy

✅ Change Management Policy

✅ Data Classification & Handling Policy

✅ Incident Management Policy

✅ Risk Management Policy

✅ Security Awareness & Training Policy

✅ Third-Party Risk Management Policy

Overview

ZenGRC's Security Trust Center is a centralized location for key information and resources on ZenGRC's security posture, compliance and security documentation. The ZenGRC Security Trust Center is used by organizations in these distinct ways:

Organizations can access comprehensive documentation about ZenGRC's security controls, compliance certifications, and attestation reports, enabling them to conduct thorough vendor security assessments and maintain their own compliance requirements when using ZenGRC as a critical business system.
Security and compliance teams can review detailed information about ZenGRC's security practices, infrastructure security, data protection measures, and privacy policies through an intuitive portal, providing transparency into how ZenGRC safeguards customer data and maintains its security posture.

Compliance

SOC 2® - SOC for Service Organizations: Trust Services Criteria - 2017 with March 2020 Updates

General Data Protection Regulation (GDPR) - 2016

Subprocessors

Marketo

AWS

Atlassian

Cribl

Elastic

Fivetran

Gainsight

Gong

Google

Microsoft

Okta

Pendo.io

Salesforce

Twilio

Resources

SOC 2 Type II Report - ZenGRC - 2024

White Paper - ZenGRC AI Systems Data Security and Privacy

Network Diagram

2025 ZenGRC Web App + External Network Pentest

Trust Center

Contact