With more employees working from home and ransomware attacks increasing, the risks to company data have never been higher. For good reason, cybersecurity is front-and-center in the minds of business leaders.

Tech Orchard keenly understands the security concerns and requirements of our customers. We work with highly regulated industries including healthcare and financial services, as well as organizations in government, utilities, education, legal services and other businesses that must protect large amounts of sensitive data. With VMware’s Workspace ONE platform, we can offer businesses tools that meet the highest levels of trust and assurance in cloud services. Keeping your organization’s data secure and compliant is our top priority.

Certifications

Workspace ONE has achieved multiple certifications ensure its security across its full suite: Workspace ONE UEM, Workspace ONE Access and Hub Services, Workspace ONE Intelligence cloud services, Workspace ONE Assist, VMware RemoteHelp, Horizon Cloud Control Plane and Horizon Cloud on Microsoft Azure. Its attainment of ISO 27001, ISO 27017, and ISO 27018 certifications attests to layered security measures in the VMware Information Security Management System (ISMS), in cloud security control implementation and for its personally identifiable information (PII) privacy controls.

Read on to learn what each certification means:

ISO/IEC 27001 ISMS Standard

ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

ISO/IEC 27017 Code of Practice for Information Security Controls

ISO/IEC 27017 gives guidelines for information security controls applicable to the provisioning and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002, as well as additional controls with implementation guidance that specifically relate to cloud services.

ISO/IEC 27018 Code of Practice for Protecting Personal Data in the Cloud

ISO/IEC 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.

Auditing

VMware subjects its tools to regular audits to confirm they meet the highest standards of security. System and Organizational Controls (SOC) reports are independent third-party examination reports that demonstrate how VMware meets compliance controls and objectives. SOC reports also offer VMware a way to report the effectiveness of its cybersecurity programs.

VMware undergoes two types of annual SOC audits for all Workspace ONE services: SOC 2 and SOC 3 reports. These reports are available for download on the VMware Trust Center.

  • The SOC 2 framework includes trust criteria with controls covering security, availability and confidentiality and are used to evaluate the systems VMware leverages to process users’ data.
  • The SOC 3 reports are a more general report that covers the Trust Criteria controls listed in the SOC 2 report.

Additional Solutions

While Workspace ONE fulfills the needs of many businesses for security as well as optimal user experience, we understand that not all are comfortable with a full cloud experience. To satisfy those customers, Tech Orchard offers on-premise and hybrid models to fit any organization’s needs.

Reach out to Tech Orchard at sales@techorchard.com to discover solutions to discuss how we can design a solution to fit your compliance and security objectives.