Zoom, the videoconferencing platform that faced a barrage of criticism over the security of its platform when it soared to prominence at the beginning of the Covid-19 pandemic, has added the National Cyber Security Centre’s (NCSC’s) Cyber Essentials Plus certification to a growing list of accreditations.
The government-backed, industry-supported Cyber Essentials Plus certification scheme is designed to help organisations demonstrate to existing and potential customers that their operational security is up to the job of defending against the most common cyber threats, as well as ensuring the holder has a clear picture of their own security posture. Cyber Essentials is also a requirement to bid for some UK government contracts.
At the same time, the organisation has been working to align with the NHS’ Digital Technology Assessment Criteria (DTAC) and DBC0129 standards – in addition to having recently gained ISO/IEC 27001:2013, SOC 2 + HITRUST and Common Criteria certification.
The NHS-specific DTAC badge will help Zoom reassure clinicians and patients that the digital health tools they use meet clinical safety, data protection, technical security, interoperability, usability and accessibility standards, while DBC0129 is a clinical risk management standard applicable to manufacturers and suppliers of health IT software.
It is also putting in place a DSP toolkit, an online self-assessment tool that lets it measure performance against the National Data Guardian’s 10 data security standards. All organisations that have access to NHS patient data and systems are required to use the toolkit.
Zoom, which at the height of the UK’s first national lockdown boasted more than 13 million daily users, said: “Our dedication to these UK standards, as well as the ongoing evolution of our products and programmes, helps demonstrate our commitment to data protection and user security.
“Our unified communications experience is built with security in mind, and our users’ safety, security and privacy help guide the new platform updates we make. We’re committed to being a platform users can trust – with their online interactions, information and business.”
Zoom said that whatever users were leveraging its platform for, they can now access a multitude of security and privacy features.
Among these features are data routing control, giving users the ability to opt out of specific datacentre regions where data protection rules may be less stringent, end-to-end encryption, using 256-bit AES-GCM encryption to safeguard all communication between all meeting participants using the Zoom client, and advanced chat encryption features.