INTEGRATED TRUST CENTER
Trust Center
Overview
ZenGRC’s Security Trust Center is a centralized location for key information and resources on ZenGRC’s security posture, compliance and security documentation. The ZenGRC Security Trust Center is used by organizations in these distinct ways:
- Organizations can access comprehensive documentation about ZenGRC’s security controls, compliance certifications, and attestation reports, enabling them to conduct thorough vendor security assessments and maintain their own compliance requirements when using ZenGRC as a critical business system.
- Security and compliance teams can review detailed information about ZenGRC’s security practices, infrastructure security, data protection measures, and privacy policies through an intuitive portal, providing transparency into how ZenGRC safeguards customer data and maintains its security posture.
Compliance
SOC 2® – SOC for Service Organizations: Trust Services Criteria 2017 with March 2020 Updates
General Data
Protection Regulation
(GDPR) – 2016
ZenGRC Information Security and
Compliance Statement
ZenGRC maintains an unwavering commitment to protecting your information through our comprehensive Information Security Management System (ISMS). Our security program is designed to safeguard all information assets while ensuring business continuity and operational excellence.
Our Security Framework
We have implemented a robust security framework that:
- Protects against unauthorized access, use, disclosure, disruption, modification, and destruction of information
- Minimizes operational impacts through proactive risk management
- Ensures compliance with regulatory and contractual requirements
- Drives continuous improvement through regular risk assessments
Compliance Standards
Our security program aligns with leading industry standards:
- SOC 2 Type II Trust Services Criteria
- NIST Cybersecurity Framework (CSF) 2.0
- ISO 27001:2022
Compliance Reporting Schedule
We maintain transparency through regular third-party audits and assessments.SOC 2 Type II Audit Report
- Frequency: Annual
- Publication: February
Supplier Security and Privacy Assurance (SSPA) Program Audit
- Frequency: Annual
- Publication: August
We remain committed to maintaining the highest standards of security and compliance to protect our customers’ information assets.
Subprocessors
Marketo
AWS
Atlassian
Cribl
Elastic
Fivetran
Gainsight
Gong
Microsoft
Okta
Pedo.io
Salesforce
Twillo
Policies
- Acceptable Use Policy
- Access Control Policy
- Asset Management & Equipment
- Maintenance Policy
- Audit Logging and Monitoring
Policy - Breach Notification Policy
- Business Continuity & Disaster Recovery Policy
- Change Management Policy
- Data Classification & Handling
Policy
Self-Assessments
- CAIQ
- HECVAT
- MVSP
Reports
- SOC 2 Type II
- Microsoft Supplier Security &
Privacy Assurance Program - Application Penetration Test
- Network Penetration Test
Resources
SOC 2 Type II Report…
White Paper
GenZRC…
Network
Diagram
2025 ZenGRC Web App…
Acceptable Use Policy
Certificate of Insurance