Trust is priority one for Omnissa cloud services

Omnissa is at the forefront of driving business to the cloud with our SaaS-first approach to digital workspace technologies. As an industry leader, customers expect us to implement rigorous security practices and manage their data safely in the cloud. Many rely on our compliance and attestation materials for their annual due diligence efforts. That’s why Omnissa is pleased to announce our first set of certifications as an independent company. 

After months of hard work by our product, cloud operations, and compliance teams, Omnissa has achieved certification under internationally recognized standards for information security management and privacy, including ISO 27001, 27017, 27018, 27701, in addition to our first set of audit reports. These certifications are proof of our commitment to protecting our customers' data and complying with data security best practices.  

International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 

ISO/IEC 27001 Information Security Management System (ISMS): ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

ISO/IEC 27017 Code of Practice for Information Security Controls: ISO/IEC 27017 gives guidelines for information security controls applicable to the provision and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002 and additional controls with implementation guidance that specifically relate to cloud services.

ISO/IEC 27018 Code of Practice for Protecting Personal Data in the Cloud: ISO/IEC 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.

ISO/IEC 27701 Privacy Information Management System (PIMS): ISO/IEC 27701 outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage privacy controls to reduce the risk to the privacy rights of individuals.

You can download the Omnissa ISO certificates by visiting the ISO certification page within the Omnissa trust center.

System and Organizational Controls (SOC) audit reports

SOC audit reports are independent third-party examination reports that demonstrate how we meet compliance controls and objectives. SOC reports also offer Omnissa a way to report to our customers about the effectiveness of our cybersecurity programs and to provide assurance that the controls are appropriately designed to meet the relevant Trust Services categories, including security, availability, processing integrity, confidentiality, and privacy. 

These reports cover in detail important cloud security control procedures, including access controls, physical and environmental security, system acquisition, development, and maintenance, communications security and many more. 

During our spring audit season, Omnissa underwent a SOC 2 Type 1 audit. A SOC 2 Type 1 report focuses on the design of controls at a specific point in time.  A SOC 2 Type 2 report focuses on the design of controls over a period of time. Omnissa intends to undergo SOC 2 Type 2 audits in the fall.

These reports are available for Omnissa cloud services; to see a list of available reports by service, visit the Omnissa trust center.