Product Security & Certifications

As a global leader in security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. With more than 30 years of security expertise, we're recognised as a global leader in enterprise and small business security. Trend Micro is dedicated to ensuring its security products and services meet or exceed critical industry certifications and security compliance requirements. The following resources are examples of our formal commitment to security, privacy, transparency, and compliance to industry-recognised security standards.

Security Best Practices

Trend Micro not only develops market-leading security products to help our customers solve some of the most challenging issues; we also ensure that security is at the core of our development and SaaS management processes. From employee vetting, to how our development teams access resources, and so much more, security best practices are at the root of everything we do to securely deliver trustworthy products to the market.

ISO 27001

ISO/IEC 27001 is a security standard that outlines and provides the requirements for an information security management system (ISMS). It specifies a set of best practices and details a list of security controls concerning the management of information risks.

The in-scope applications, systems, people, and processes are globally implemented and operated by the Trend Micro Data Centre Service and Deep Security as a Service teams and are specifically defined in the scope and bounds. The Trend Micro ISMS scope includes the following services:

Endpoint Application Control Active Update
Deep Discovery Analyser as a Service Mobile App Reputation Service
Deep Discovery Analyser as a Service Add-on Cloud App Security
Deep Security as a Service   DirectPass
Email Reputation Service Mobile Security
Web Reputation Service Encryption Service
File Reputation Service Remote Manager
Smart Protection Network Worry-Free Business Security Service
Hosted Email Security IoT Security
Hosted Mobile Security Home Network Security
InterScan Web Security as a Service Yamato Backend (VPN, NBA, ISC)
Apex One as a Service Email Security
Product Licensing Service Cloud Edge Cloud Management
Threat Investigation Centre Email Security Platform for Service Provider

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
PCI DSS applies to all entities that store, process, or transmit cardholder data (CHD) or sensitive authentication data (SAD), including merchants, processors, acquirers, issuers, and service providers. The PCI DSS is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.
Trend Micro Deep Security as a Service is certified as a PCI DSS level 1 service provider. Coalfire, a Qualified PCI Auditor, has certified Deep Security as a Service according to version 3.2 of the PCI Data Security Standard. The Attestation of Compliance is available on request. Deep Security as Service is hosted on AWS, which is also PCI certified.

For more information, see Meet PCI DSS requirements with Deep Security.

Common Criteria EAL2+

Common Criteria (CC) is an international standard for computer security certification. It provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous, standard, and repeatable manner at a level that is commensurate with the target environment for use.
Trend Micro Deep Security provides, in both virtualised and physical environments, the combined functionality of a Common Criteria EAL2 validated Firewall, Anti-Virus, Deep Packet Inspection, Integrity Monitoring, Log Inspection, and support for multi-tenant virtual environments.

More information about how to configure and deploy Deep Security in a CC EAL2+ can be found at:
Deep Security Help Centre Common Criteria Configuration

FIPS

Federal Information Processing Standard (FIPS) is a set of standards for cryptographic modules. For in-depth information about FIPS, see the National Institute of Standards and Technology (NIST) website.

Trend Micro Deep Security provides settings that enable cryptographic modules to run in a mode that is compliant with FIPS 140-2 standards. We have obtained certification for our Java crypto module and Native crypto module (OpenSSL).

For more information on configuration of Deep Security in FIPS mode, see:
FIPS 140-2 support