Zoom Security Page Overview

Zoom
Key Takeaways

Data protection

Encryption, audio signature

3rd party identity management

Okta, OneLogin, Gluu

Authentication methods

SAML, OAuth
Based on the page highlights.

Short Overview

Zoom's security page highlights how it protects user data and privacy with measures including 256-bit Advanced Encryption Standard (AES) and optional end-to-end encryption. The overall impression of its page sharply focuses on Zoom's security capabilities and measures rather than a display of compliance badges. Instead, there are quick links to the Compliance, Security Resources, Vulnerability Disclosure Policy, Security Practices, and more corresponding pages.

Highlighted Keywords: Secure, encryption

Security Page Structure

Zoom assembles security and compliance-related efforts under "trust "pages.

Security Page link: explore.zoom.us/en/trust/security/

Compliance Page: explore.zoom.us/en/trust/legal-compliance/

Page highlights

  • A security overview of data protection at Zoom under sub-headings like Protecting Your Data and Protecting Privacy
  • A relatively long bullet list of best practices for protecting meetings with Zoom's security capabilities
  • Data protection capabilities with highlights and brief explanations for each, including Encryption and Audio Signature
  • Authentication methods such as SAML, OAuth as well as the ability to enable two-factor authentication
  • Third-Party identity management platform support including Okta, OneLogin, and Gluu
  • Links to compliance certifications, standards, attestations, and other Security Resources

Compliance Certifications

  • SOC 2 Type II
  • CSA STAR Level 2 Attestation
  • ISO/IEC 27001:2013
  • International Association of Privacy Professionals (IAPP) Silver Member
  • UK Cyber Essentials
  • GDPR
  • Japan's Center for Financial Industry Information Systems (FISC)
  • FedRAMP
  • DoD IL2
  • HIPAA
  • PIPEDA/PHIPA
  • FERPA

Best practices checklist

This checklist is based on the Minimum Viable Secure Product and the information on the concerning platform’s security and compliance pages.

Note that some details might be missing if the information is mentioned in a whitepaper or login-required Trust Portal and not directly on the page.

check icon
Backup and disaster recovery
check icon
Self-assessment
check icon
External testing
check icon
Incident handling
check icon
Single sign-on
check icon
Backup and disaster recovery
By Resmo

Security increases customer trust and sales

Learn how top SaaS companies apply security communication best practices and compare vendors with a free PDF guide.

Pagerduty logo