ESG OVERVIEW / GOVERNANCE
Securing Trust
Our approach
As a provider of critical security services, we work to earn our customers’ trust every day.
We build this trust through the quality of our solution and by operating our business with the highest levels of integrity. Our approach includes robust governance structures, ethical business practices and policies, risk management, and a relentless focus on our core business competency of ensuring data privacy and information security.
Growth grounded in ethical business practices
From the company’s inception, Zscaler leaders have recognized the importance of values, ethics, and doing the right thing for our customers and business.
The cornerstone of our ethics program, Zscaler’s Code of Conduct, describes what we stand for. Our Code of Conduct training, which emphasizes respecting others, acting with integrity, and accountability, is mandatory for our employees and contractors globally.
Our Supplier Code of Conduct outlines our expectations for suppliers to operate in an ethical and responsible manner, including by following practices to uphold labor and human rights, as well as environmental protection standards. We conduct a risk assessment of our vendors’ controls for protecting Zscaler information; we do this when they are onboarded, during our engagement with them, and when they are off-boarded.
Other policies and programs that help support our ethical business practices include our privacy, anti-corruption, insider trading, and whistleblower policies. We constantly seek opportunities for improvement and evaluate and address risks as they arise.
Earning our customers’ trust through transparency and accountability
Our customers entrust us with safeguarding their sensitive and critical information, so fostering partnerships built on trust, transparency, and accountability is central to our success. We are also committed to providing real-time platform status updates to our customers through our Trust Portal so that they’re aware of any potential issues that may disrupt their work. We are truly customer obsessed and understand that our success depends on our ability to continuously deliver innovative solutions while being open to feedback and acting on it.
Effective governance and ESG oversight
Our corporate governance framework provides the controls and structure necessary to guide our rapidly growing business while building on our position as the recognized leader in zero trust security. Operationally, internal teams manage risk and provide updates to management and to our board of directors to ensure corporate responsibility.
Our board’s Audit Committee actively oversees risks, including those related to privacy and cybersecurity, among other responsibilities. Our Internal Audit Team continuously reviews company practices and policies to provide reasonable assurance they are in line with best practices and followed throughout our organization. Our board’s Nominating and Corporate Governance Committee oversees and evaluates our ESG policies, programs, and progress. Our ESG team works across our organization to set strategies and goals, build and embed comprehensive programs into operations, and track progress.
Managing risk in a rapidly changing world
Our risk management processes are based on adhering to rigorous security, availability, and privacy standards so customers can adopt our services with confidence. We manage risks in critical areas of our enterprise through internal audits and assessments as well as implementing robust procedures and controls.
We regularly consider, review, and conduct drills to prepare for a wide range of potential threats. Our Facilities Team has developed emergency response plans for our global offices and talent. Our Cloud Operations Team ensures that our Zero Trust Exchange is resilient in the face of disasters or other unplanned emergencies. With more than 150 data centers globally, we build in redundant, dispersed fault tolerance wherever possible.
Our approach to managing risk also includes certifying our solutions to internationally recognized commercial and government standards and accounting and planning for climate risk.
Our approach to cybersecurity risk
We use rigorous risk management processes to maintain the highest levels of confidentiality, integrity, and availability for our customers. Our solution is certified to numerous government and commercial standards, and we constantly evaluate and strengthen the security of our products as the threat landscape evolves.
Zscaler’s Cyber Risk Management Group identifies and prioritizes protective measures across our products and enterprise while continuously driving improvements to our security approach as the threats evolve.
Our in-house global threat research team, Zscaler ThreatLabZ, has a mission to protect our customers from advanced cyberthreats. Armed with insights from more than 500 trillion daily signals from the Zscaler Zero Trust Exchange, this team of more than 100 security experts collectively operates 24/7 to identify and prevent emerging threats using malware reverse engineering, behavior analytics, and data science. In addition to improving Zscaler’s products, the team shares its research with the wider industry to promote a safer internet.
We implement security checks and reviews throughout our development life cycle, and our internal security teams and external auditors continuously evaluate our products. Further, we perform regular vulnerability scans, risk assessments, and penetration tests to maintain the highest standards of security.
Learn more about our approach to privacy here.
