Workspace ONE Cloud Services Achieve ISO 27001, ISO 27017, and ISO 27018 Certifications

Jun 25, 2020
Abby Zumstein

Author:

Abby Zumstein is a Program Manager for EUC Cloud Security and Compliance Strategy. She focuses on building certification and audit roadmaps for EUC cloud services and communicating the EUC cloud security posture to customers.

Share This Post On

As businesses and organizations increasingly turn to remote working solutions, the demand for secure and compliant solutions has also intensified. Our customers must meet the challenges of a new remote reality without comprising their cloud-hosted data security. VMware is committed to expanding our compliance portfolio and to improving our holistic security programs, and we are thrilled to announce that Workspace ONE Unified Endpoint Management (UEM), Workspace ONE Access and Hub Services, and Workspace ONE Intelligence services are ISO 27001, ISO 27017, and ISO 27018 certified.

This trio of certifications attests to layered security measures in the VMware Information Security Management System (ISMS), in our cloud security control implementation, and for our personally identifiable information (PII) privacy controls. You can read more about each standard below and you can view the ISO certificate for Workspace ONE cloud services on the VMware Trust Center.

 

ISO/IEC 27001 ISMS Standard

 

ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

 

ISO/IEC 27017 Code of Practice for Information Security Controls

 

ISO/IEC 27017 gives guidelines for information security controls applicable to the provision and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002 and additional controls with implementation guidance that specifically relate to cloud services.

 

ISO/IEC 27018 Code of Practice for Protecting Personal Data in the Cloud

 

ISO/IEC 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.

 

 

468 ad