Contact Us

Compliance at ManageEngine

Certifications

 

IS 642819

ISO/IEC 27001

ISO/IEC 27001 is one of the most widely recognized independent international security standards. This certificate is awarded to organizations that comply with ISO's high global standards. ManageEngine has earned ISO/IEC 27001:2013 certification for Applications, Systems, People, Technology, and Processes

Applicable to- All cloud services and on-premise products of ManageEngine and Site24x7.

 

PM 732705

ISO/IEC 27701

ISO/IEC 27701 is an extension to the ISO/IEC 27001 and ISO/IEC 27002 standards for privacy management within the context of the organization. The certification standard is designed to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS). This standard enables organisations to demonstrate compliance with the various privacy regulations around the world that are applicable to them.

Applicable to- All business units, cloud services and on-premise products of ManageEngine and Site24x7 which function in the capacity of a PII controller and/or as a PII Processor.

 

CLOUD 714132

ISO/IEC 27017

ISO/IEC 27017 gives guidelines for information security controls applicable to the provision and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002 and additional controls with implementation guidance that specifically relate to cloud services.

ManageEngine is certified with ISO/IEC 27017:2015 - Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services.

Applicable to- All cloud services of ManageEngine and Site24x7.

 

PII 714133

ISO/IEC 27018

ISO/IEC 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures on safeguarding the PII that is processed in a public cloud. These controls are an extension of ISO/IEC 27001 and ISO/IEC 27002, ISO/IEC 27018 which provide guidance to organizations concerned about how their cloud providers are handing personally identifiable information (PII).

Applicable to- All cloud services of ManageEngine and Site24x7.

ISO/IEC 20000 is the leading international IT Service Management System (SMS) standard, with the objective to ensure the quality of the IT services. It specifies requirements for an organization to establish, implement, maintain and continually improve a service management system and it supports the management of the service lifecycle, including the planning, design, transition, delivery and improvement of services to meet the service requirements and deliver value.

Applicable to- Network Operations Center (NOC) and Data Center (DC) Operations of Zoho Corporation. ManageEngine is the IT management division of Zoho Corporation.

ManageEngine is SOC 2 Type II compliant. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA's Trust Services Principles criteria.

Applicable to- All cloud services and on-premise products of ManageEngine and Site24x7.

 

SOC 2 + HIPAA

SOC 2 + HIPAA - An independent third-party audit firm has examined the description of the system related to Application Development, Production Support and the related General Information Technology Controls for the services provided to customers, from Zoho offshore development centre, based on Security, Privacy and breach requirements set forth in the Health Insurance Portability and Accountability Act (“HIPAA”) Administrative Simplification. The responsibility of Zoho is limited to the extent it acts as a 'Business Associate'.

Applicable to- ManageEngine ServiceDesk Plus, ManageEngine ServiceDesk Plus Cloud, ManageEngine Endpoint Central and ManageEngine Endpoint Central MSP.

The Cloud Security Alliance is a non-profit organization formed to define and raise awareness of best practices to help ensure a secure cloud computing environment and to help potential cloud customers make informed decisions when transitioning their IT operations to the cloud.The Consensus Assessments Initiative Questionnaire(CAIQ) is submitted by the cloud providers to document compliance with the Cloud Controls Matrix (CCM) and helps cloud service customers to assess the security capabilities and practices of a cloud service provider.

Applicable to- All cloud services of ManageEngine and Site24x7.

GDPR is a pan-European regulation that requires businesses to protect the personal data and privacy of EU citizens for processing of their personal data.

ManageEngine has always demonstrated its commitment to its user's data privacy by consistently exceeding industry standards. ManageEngine welcomes GDPR as a strengthening force of the privacy-consciousness that already exists in it.

ManageEngine's offerings have privacy features that comply to GDPR, and ManageEngine's processing of its customer's data adheres to the data protection principles of the GDPR.

CCPA is a data privacy law specific to the processing of personal information of California residents that requires businesses to protect their personal information and provides privacy.

ManageEngine has always demonstrated its commitment to its user's data privacy by consistently exceeding industry standards. ManageEngine welcomes CCPA as a strengthening force of the privacy-consciousness that already exists in it.

ManageEngine's offerings have privacy features that enable it's users to comply with the CCPA, and ManageEngine's processing of its Californian customer's data adheres to requirements of the CCPA.

Zoho Corporation’s privacy policy, platform, website, and support portal have been reviewed by TRUSTe for compliance with their program requirements.

Zoho Corporation is certified to be compliant with the SWISS-U.S. PRIVACY SHIELD FRAMEWORK. ManageEngine is the IT management division of Zoho Corporation.

Signal spam reports help in providing FBL data, primarily technical information for identification of spammers and marketing abuse, from major ISPs like Orange.fr, SFR.fr, and so on. It has many spam reporting plugins for third-party browsers and email clients, focused at the French communities worldwide. It’s important for both Zoho corporation and our customers to know all the recipients who mark or report the emails they receive as ‘spam’, so that we can remove them from the lists. Hence, this certification protects our network reputation in the French region.

Applicable to- Zoho Corporation. ManageEngine is the IT management division of Zoho Corporation.

 

The Compliance certificates/reports can be downloaded from the Zoho Accounts page.

1. Please go to https://accounts.zoho.com/home#compliance/certifications
2. Enter the Zoho Login credentials
3. Click on the Compliance tab.
4. Download the required compliance certificate/reports by agreeing to our online non-disclosure agreement.

NOTE: Only verified organisation admins can download the compliance reports/certificates.