Compliance & Certifications

Zero is designed to help organizations meet regulatory compliance requirements through technical controls, audit capabilities, and certifications.

Certifications

Certification Status Scope
SOC 2 Type II ✅ Certified Cloud management platform
ISO 27001 ✅ Certified Information security management
GDPR ✅ Compliant EU data protection
HIPAA ✅ Compliant Healthcare data (BAA available)
CCPA ✅ Compliant California privacy
FedRAMP 🔄 In Progress US Federal requirements

GDPR Compliance

Data Minimization

Zero collects only necessary data for functionality:

  • Device metadata for management
  • User identity for authentication
  • Audit logs for security

Data Subject Rights

  • Access: Export user data via API or dashboard
  • Rectification: Update user information
  • Erasure: Delete user and associated data
  • Portability: Export in machine-readable format

Data Processing Agreement

Zero provides a standard DPA for EU customers. Contact sales@zero.io for the agreement.

HIPAA Compliance

Technical Safeguards

  • ✅ AES-256 encryption at rest
  • ✅ TLS 1.3 encryption in transit
  • ✅ Unique user identification
  • ✅ Automatic logoff
  • ✅ Audit controls and logging

Administrative Safeguards

  • ✅ Security policies and procedures
  • ✅ Workforce training
  • ✅ Contingency planning
  • ✅ Access management

Business Associate Agreement

Zero signs BAAs with covered entities. Contact us for HIPAA-compliant deployment options.

SOC 2 Type II

Trust Service Principles

  • Security: Protection against unauthorized access
  • Availability: System uptime and recovery
  • Confidentiality: Data protection measures
  • Privacy: Personal information handling

Audit Reports

SOC 2 Type II reports are available under NDA. Contact security@zero.io to request.

Compliance Features

Audit Logging

  • Immutable audit trail
  • Configurable retention (30 days - 7 years)
  • Real-time streaming to SIEM
  • Tamper-evident logs

Data Loss Prevention

  • Clipboard isolation
  • Screenshot prevention
  • USB device blocking
  • Sensitive data detection

Access Control

  • Role-based access control (RBAC)
  • Multi-factor authentication
  • Just-in-time access
  • Privileged access management

Compliance Reporting

# Generate compliance report
zero reports compliance --standard gdpr

# Export audit logs
zero reports audit --from 2024-01-01 --to 2024-12-31

# Device compliance status
zero reports devices --filter non-compliant

Compliance Documentation

Available compliance documentation:

  • Security Whitepaper
  • SOC 2 Type II Report (NDA required)
  • Penetration Test Summary (NDA required)
  • Data Processing Agreement

Related Documentation