Zimit Security

Regulatory and Compliance

Zimit has successfully completed its 2021 Service Organization Control 2 (SOC 2) Type II audit. This certification reinforces our commitment to maintaining the highest standards of security, availability, processing, integrity, privacy and confidentiality. In addition, Zimit data privacy policy is designed to meet the requirements for most major regulations including GDPR and California Consumer Privacy Act (CCPA).

Data Collected by Zimit

All information collected is classified as confidential as defined by Zimit’s Data Classification and Protection Policy and encrypts this data in transit using HTTPS (TLS 1.2) and at rest via AES-256. Each respective customer retains ownership of their data as identified in the Master Services Agreement between the customer and Zimit.

Physical Security

All data is stored in highly secure data centers that hold multiple certifications such as SOC, ISO-27001, and others.  All servers are equipped with anti-malware detection and monitored by an intrusion detection system (IDS).

Disaster Recovery

An Application Disaster Recovery Plan, a Corporate Disaster Recovery Plan, and a Business Continuity Plan are maintained with a 1-hour Recovery Point Objective (RPO) and 12 hour Recovery Time Objective (RTO) in the event of a complete regional failure.

Data Availability

Zimit consistently delivers 99% application availability.  Our backup and recovery policy plan ensures that all data is backed up at regular intervals and backups are tested regularly to validate the quality and availability of backup data.

Data Retention

Data is retained based on each customer’s documented retention schedule as defined in each customer’s services agreement. Customers may submit a custom request for data deletion which will be executed upon request.

Information Security Policy and Procedures

Our overall Information Security Policy ensures the security and availability of our customer’s data.  We utilize industry best practices and standards (such as NIST, CIS, and OWASP) in the development of the security model covering governance, construction, verification, and deployment.