Zuora RevPro is ISO Compliant

By Saloni Madhok February 17, 2019

RevPro, the industry’s leading revenue recognition automation solution, is now ISO 27001 and ISO 27018 compliant, meaning, “We care about security!”

Zuora continues to be at the forefront when it comes to security and compliance. Our security team has won several awards and the culture of security is embedded in our products, operations, and technology. Every year, our team puts in significant effort to renew all of our security certifications and reports (e.g. PCI, HIPAA, SOC) to ensure we are providing industry-best levels of security.

That’s why we’re proud to announce that RevPro has earned ISO 27001 compliance as part of our growing list of security certifications.

ISO 27001 is an internationally-recognized standard for security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. ISO 27018 is a code of practice that focuses on protection of Personally Identifiable Information (PII) in the public cloud.

ISO Compliance: The “Hows” and the “Whats”

The ISO/IEC 27000 family of standards helps organizations keep information assets secure. Using this family of standards helps our organization manage the security of assets such as financial information, intellectual property, employee details, or information entrusted to us by our customers.

ISO/IEC 27001 is the best-known standard in the family, providing requirements for an information security management system (ISMS).

Most high-tech companies have information security controls. However, without the help of an information security management system, controls become unsystematic and fragmented, having often been implemented only as point solutions to specific situations or simply as a matter of convention.

In operations, security controls classically address certain aspects of IT or data security, leaving non-IT information assets (such as paperwork and proprietary knowledge) less protected overall. An ISMS includes people, processes, and IT systems by applying a risk management process and provides a framework for information security management best practices.

The Benefits of ISO 27001

Specifically, ISO 27001 helps Zuora:

  • Protect client and employee information
  • Manage risks to information security effectively
  • Achieve compliance with regulations such as the European Union General Data Protection Regulation (EU GDPR)
  • Reassure our customers that their information is secure

RevPro’s ISO 27001 certification also provides benefits to our customers, including but not limited to:

  • Security of confidential information
  • Access to service managers with enhanced risk management tools
  • Secure exchange of information
  • Compliance with other regulations (e.g. SOX)
  • Continued consistency in the delivery of products and services
  • Minimal risk exposure

Zuora has also worked to combine the Zuora and RevPro SOC 2 certifications into one report and increased the scope of the trust service principles to include: Security, Availability, Confidentiality, and Processing Integrity.

Learn more about Zuora RevPro, automated revenue recognition for ASC 606 and IFRS 15.