VMware is at the forefront of driving business to the cloud with our SaaS-first approach. As a result, we understand that customers moving from on-premises solutions need reassurance that rigorous security controls are in place and their data is being managed safely in the cloud. Our cloud customers, especially in regulated industries, often rely on our compliance and attestation materials for annual due diligence efforts and for maintaining compliance within their organizations. That’s why VMware End-User Computing has continued to prioritize our trust and assurance programs for our cloud services.
In this article, we will discuss the latest compliance materials and the expansion of our compliance portfolio for Workspace ONE services, including ISO certifications, SOC audit reports, and a new cloud security whitepaper for Workspace ONE Assist and VMware RemoteHelp cloud services.
ISO 27001, 27017, and 27018 Certifications
Last year, we announced the achievement of ISO 27001, ISO 27017, and ISO 27018 certifications for Workspace ONE UEM, Workspace ONE Access and Hub Services, and Workspace ONE Intelligence cloud services. In May of 2021, we have achieved this certification across our remaining EUC cloud services portfolio, including Workspace ONE Assist, VMware RemoteHelp, Horizon Cloud Control Plane, and Horizon Cloud on Microsoft Azure.
This trio of certifications attests to layered security measures in the VMware Information Security Management System (ISMS), in our cloud security control implementation, and for our personally identifiable information (PII) privacy controls. You can read more about each standard below, and you can view the ISO certificate for Workspace ONE cloud services on the VMware Trust Center.
ISO/IEC 27001 ISMS Standard
ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
ISO/IEC 27017 Code of Practice for Information Security Controls
ISO/IEC 27017 gives guidelines for information security controls applicable to the provisioning and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002, as well as additional controls with implementation guidance that specifically relate to cloud services.
ISO/IEC 27018 Code of Practice for Protecting Personal Data in the Cloud
ISO/IEC 27018 establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
SOC Audit Reports
System and Organizational Controls (SOC) reports are independent third-party examination reports that demonstrate how VMware meets compliance controls and objectives. SOC reports also offer VMware a way to report to our customers about the effectiveness of our cybersecurity programs.
VMware undergoes two types of annual SOC audits for all Workspace ONE services: SOC 2 and SOC 3 reports.
The SOC 2 framework includes trust criteria with controls covering security, availability, and confidentiality and are used to evaluate the systems VMware leverages to process users’ data. SOC 2 reports are available for distribution to VMware customers (with a NDA). Please contact your VMware Sales Representative to request a copy of the reports.
The SOC 3 reports are a more general report that covers the Trust Criteria controls listed in the SOC 2 report. These reports are available for download on the VMware Trust Center.
Workspace ONE Cloud Security Whitepapers
Workspace ONE cloud security whitepapers provide a general overview of the security controls implemented in VMware Workspace ONE commercial cloud offerings. The intent is to provide readers with an understanding of how VMware Workspace ONE services approach security, the key mechanisms and processes that VMware uses to manage information security, as well as describing shared responsibilities for providing security in a modern cloud computing environment.
Topics in the cloud security whitepapers include an overview of the VMware information security program, technical architecture of the hosted environment, data management, software development lifecycle, and much more. Cloud security whitepapers are available for all Workspace ONE services, including Workspace ONE UEM, Workspace ONE Access and Hub Services, Workspace ONE Intelligence, and Workspace ONE Assist/VMware RemoteHelp. We also have a publicly available whitepaper that covers Horizon Cloud Services available for download here.
Workspace ONE cloud security whitepapers are available for distribution to current VMware customers or to prospects who have accepted confidentiality terms through POC, Free Trial, or executed NDA. Please contact your VMware Sales Representative to request a copy.