Compliance

Focus on security

A focus on security and compliance

As industry and government regulations are increasing, you are faced with the challenge of meeting them while battling a growing number of threats. To help, Trend Micro has invested in certifications, security documentation, and company assessments that can help you better understand how we secure our offerings and protect your data.

Focus on security

Certifications are part of our security commitment

C

Centro Criptológico Nacional (CCN)

CCN is the Spanish government certification body focused on ensuring strong security across the country’s government entities. Certification under this program reflects our commitment to delivering secure products for the Spanish government market.

Cloud Computing Compliance Controls Catalogue(C5)

Mandated by the BSI, C5 (Cloud Computing Compliance Controls Catalogue) attestation enables German federal and state government entities and other highly regulated organizations to confidently leverage Trend's powerful SaaS-based security capabilities across the enterprise.

Common Criteria EAL2+

Common Criteria (CC) is an international standard for computer security certification. It provides assurance that the process of specification, implementation, and evaluation of a computer security product has been conducted in a rigorous, standard, and repeatable manner at a level that is commensurate with the target environment for use. Both Trend Deep Security Software and Trend Vision One – TippingPoint have been certified under Common Criteria at the EAL2+ level.

CSA Star Level 2

As the leader in cloud security, the CSA Star Level 2 certification is a reflection to our commitment to secure cloud deployments. The CSA STAR Certification is a rigorous third-party independent assessment of the security of a cloud service provider.

F

FedRAMP

Trend offers the leading cybersecurity platform to protect sensitive government applications, data, and infrastructure. Deploy security across your physical, virtual, and multi-cloud environments to gain unified visibility, management, detection, and prevention with Trend Cloud One™ for Government and Trend Vision One™ for Government.

FIPS 140-2

Deep Security Software and TippingPoint provide settings that enable cryptographic modules to run in a mode compliant with FIPS 140-2 standards. We have obtained certification for our Java crypto moduleNative crypto module (OpenSSL), and Trend TippingPoint.

FIPS 140-2 support

H

HIPAA

HIPAA and HITECH impose requirements related to the use and disclosure of protected health information (PHI). HIPAA regulations require that covered entities enter into agreements with business associates to ensure that PHI is adequately protected.

I

ICSA Labs Certification

Certified organizations demonstrate a high standard of product quality through continuous independent security testing by ICSA Labs. Trend Vision One™ – Deep Discovery™ is tested and certified by ICSA Labs.

ISMAP

The Information System Security Management and Assessment Program (ISMAP) is a Japanese government system for assessing the security of cloud service providers. Trend cloud-based security products are assessed and certified under ISMAP as shown on the official ISMAP cloud services list. Our products and services provide comprehensive compliance assurances to help your organization comply with national, regional, and industry-specific requirements.

IRAP

The Australian Information Security Registered Assessors Program (IRAP) is governed and administered by the Australian Cyber Security Centre (ACSC). Trend Vision One has been assessed at the PROTECTED level under the IRAP program, enabling Australian government agencies to leverage the power of the Vision One platform to secure their "Cloud First" strategy.

ISO 20000

Ensuring quality data through our threat discovery and response teams, Trend is certified under ISO/IEC 20000-1:2018. It specifies requirements for organizations to establish, implement, maintain, and continually improve service management systems (SMS).

ISO 27001, 27014, & 27034

ISO/IEC 27001:2013 is a standard that attests to a product's security operation via an information security management system (ISMS) and security controls. The standard has 2 extensions: ISO/IEC 27014:2020, which focuses on security governance and extends to many other aspects of the business, and ISO/IEC 27034-1:2011, which applies to application-level security controls. Our SaaS offerings and data centers are certified under these global standards.

ISO 27017

Committed to security and privacy in our cloud offerings, Trend is certified under ISO/IEC 27017:2015, which provides guidelines for information security controls applicable to the provision and use of cloud services.

N

NetSecOPEN

NetSecOPEN's transparent testing methodology allows organizations to understand performance under realistic conditions. This testing of TippingPoint provides organizations with the confidence needed for real-world deployments.

NHS England Data Security & Protection Toolkit

All organisations that have access to NHS patient data and systems must use the Data Security and Protection Toolkit to publish an assessment against the National Data Guardian’s 10 data security standards. Trend has completed this assessment and details can be found on the NHS site.

P

PCI DSS Level 1 Service Provider

The Payment Card Industry Data Security Standard (PCI DSS) stipulates that any organization that deals with credit card information must secure payment card data in accordance with PCI standards. Aligned to our commitment to data privacy and security, Trend Vision One - Cloud Security is a certified PCI DSS Level 1 service provider.

PrivacyMark

The PrivacyMark system evaluates private enterprises' ability to take the appropriate measures to protect personal information. Those that pass are then granted the right to display "PrivacyMark" as a way to demonstrate their commitment to privacy to both their customers and partners.

R

Romania Strategic Infrastructure Certification

The Supreme Council of National Defence of Romania approves IT and security vendors for their involvement in key public infrastructure projects. Trend has completed this assessment and is authorized to participate.

S

SOC 2 Type II

As an example of transparency and security, Trend has undergone a SOC 2 Type II audit, which outlines the internal controls we use to safeguard customer data and how well those controls are operating.

StateRAMP

Trend offers the leading cybersecurity platform to protect sensitive government applications, data, and infrastructure. Deploy security across your physical, virtual, and multi-cloud environments to gain unified visibility, management, detection, and prevention with Trend Cloud One™ for Government and Trend Vision One™ for Government.

U

UK Cyber Essentials

Cyber Essentials is a UK government certification that evaluates a vendor's ability to protect against a variety of common cyber attacks.

W

Waste Electrical and Electronic Equipment (WEEE) Directive

Trend is committed to complying with the directive, which places responsibilities on producers and distributors of Electrical and Electronic Equipment (“EEE”) and batteries regarding the collection, treatment, recovery, and environmentally sound disposal of EEE and batteries at their end of life.

JOIN 500K+ GLOBAL CUSTOMERS

Join us