Appendix

SOC 2 Type 2

ZPE Cloud achieved SOC 2 Type 2 certification after being audited throughout November 1, 2022, to April 03, 2023, by an independent party, IS Partners, LLC. Before that, it achieved SOC 2 Type 1 after being audited on September 30, 2022, by the same independent party.

This auditing was "based on the criteria for a description of a service organization’s system in DC section 200, 2018 Description Criteria for a Description of a Service Organization’s System in a SOC 2® Report (AICPA, Description Criteria) (“description criteria”) and the suitability of the design of controls [...], to provide reasonable assurance that ZPE’s service commitments and system requirements were achieved based on the trust services criteria relevant to security and availability (“applicable trust services criteria”) outlined in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria)".

SOC stands for System and Organization Controls, and "SOC 2 examination is a report on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy", as defined by the American Institute of Certified Public Accountants (AICPA).

The auditing report for SOC 2 Type 2 can be found at https://zpesystems.com/soc-2-type-2/.

You can also fine the auditing report of SOC 2 Type 1 at https://zpesystems.com/soc-2-type-1/.

ISO/IEC 27001:2022

ZPE Cloud is now ISO/IEC 27001:2022 compliant. This means ZPE Cloud has implemented a robust Information Security Management System (ISMS) to safeguard your data, committed to protecting your information assets' confidentiality, integrity, and availability. This certification demonstrates comprehensive risk management and adherence to the highest international security standards ensuring that your data is in safe hands with ZPE Cloud.

The certificate is available at ISO/IEC 27001:2022 - ZPE Systems.

Vulnerability Disclosure Policy

ZPE Systems is committed to ensuring the security of our products and services. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us.

This policy describes what systems and types of research are covered under this policy, how to send us vulnerability reports, and how long we ask security researchers to wait before publicly disclosing vulnerabilities.

The policy is available at Vulnerability Disclosure Policy.

Terms of Use and Privacy Policy

Except for the users facing the cloud portal, all servers are deployed within private networks.

The terms of use and privacy policy documents are available on:

https://www.zpesystems.com/privacy-policy/

https://www.zpesystems.com/legal-documents/

The privacy policy appears directly on the login page.