Zendesk Security: Announcing SOC 2 Type 1, and more

Published March 27, 2014
Last updated March 27, 2014

We know how important security is to our customers. It has to be. Your data is sensitive, and you should be able to trust the companies you provide it to.

That’s why we’'re constantly updating our security, and each step we take is aimed at giving our customers as much peace of mind as possible.

Today we'’re happy to announce these new security features and updates:

1) SOC 2 Type 1 Compliance

Zendesk is pleased to announce that our SOC 2 Type 1 report is final and available. (Upon request: This report is a third-party assessment of our security program that we can share with customers and prospects.

The Type 1 report is a very important milestone, but we’re not done yet. Next up is the Type 2 report, which will further validate the strength of our controls over time. Work has begun and will continue throughout the year to complete this next step.

We'’re very happy to have made this essential first step. It goes a long way to giving our customers and prospects even more trust in Zendesk.

2) Cloud Security Alliance

Zendesk is now a member of the Cloud Security Alliance (CSA), whose mission is to promote the use of best practices for security assurance within cloud computing. Our membership demonstrates the commitment we have toward pursuing the highest standards of cloud security. We are now listed as a solution provider, along with other SaaS companies like Workday, Box, Google, and Yammer.

In addition, Zendesk has participated in documenting our security controls within the CSA Security, Trust & Assurance Registry (STAR), a publicly accessible registry that documents the security controls provided by various cloud computing offerings. You can find our entry here.

3) Expanded features for Plus customers

  • IP restrictions - Zendesk allows you to whitelist certain IP addresses to access your Zendesk, enabling you to block the rest of the Internet from accessing your Zendesk. Read more about using IP restrictions.
  • Custom password policy - Our custom password policy gives you more control over the security of your users' passwords. Find out more about Zendesk password security.

These features have always been available to our Enterprise customers, and starting today they'’re available to our Plus customers as well. We’'re expanding these important security features to organizations that typically have a higher risk profile and need more tools to safeguard their larger set of customer data.

4) TLS for SMTP

This security feature allows for end-to-end encryption of email communication between mail servers, and it’'s included in all Zendesk plans. While this doesn’'t guarantee encryption in every instance (since all involved mail servers have to support TLS), it'’s important because your email communications now have the opportunity to be encrypted from end-to-end.

Want to learn more? Check out these security resources:

Security overview

Security best practices

Webinar: "Keeping your Zendesk secure - no IT team required"