A guy wearing a yellow t-shirt works from home using his dining room table as a desk
VMware Workspace ONE Featured Workspace ONE Intelligence Workspace ONE Unified Endpoint Management

Workspace ONE Cloud Services Achieve ISO 27001, ISO 27017, and ISO 27018 Certifications

As businesses and organizations increasingly turn to remote working solutions, the demand for secure and compliant solutions has also intensified. Our customers must meet the challenges of a new remote reality without comprising their cloud-hosted data security. VMware is committed to expanding our compliance portfolio and to improving our holistic security programs, and we are thrilled to announce that Workspace ONE Unified Endpoint Management (UEM), Workspace ONE Access and Hub Services, and Workspace ONE Intelligence services are ISO 27001, ISO 27017, and ISO 27018 certified.

This trio of certifications attests to layered security measures in the VMware Information Security Management System (ISMS), in our cloud security control implementation, and for our personally identifiable information (PII) privacy controls. You can read more about each standard below and you can view the ISO certificate for Workspace ONE cloud services on the VMware Trust Center.


ISO/IEC 27001 ISMS Standard


ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.


ISO/IEC 27017 Code of Practice for Information Security Controls


ISO/IEC 27017 gives guidelines for information security controls applicable to the provision and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002 and additional controls with implementation guidance that specifically relate to cloud services.


ISO/IEC 27018 Code of Practice for Protecting Personal Data in the Cloud


ISO/IEC 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.