A focus on security and compliance

Industry and government regulations are increasing. That means in addition to facing an increasing number of threats, you will likely have to comply with a growing number of data privacy and security compliance requirements. To help, Trend Micro has invested in certifications and assessments that can help you better understand how we secure our offerings and protect your data.

Commitment to GDPR

The General Data Protection Regulation (GDPR) is legislation that protects European Union (EU) citizens’ personal data. The regulation applies whether the EU citizen interacts electronically in the EU or globally. Trend Micro is committed to the principles of the regulation, leveraging it as a part of our baseline security practices.

Certifications are part of our security commitment

ISO 27001:2013 & ISO 27014:2013

ISO 27001, 27014, & 27034

ISO/IEC 27001:2013 is a standard focused on having an information security management system (ISMS) and security controls in place to ensure the secure operation of an offering. There are 2 extensions of the standard – ISO/IEC 27014:2013, which focuses on security governance, and extends to many other aspects of the business, and ISO/IEC 27034-1:2011, which applies to application-level security controls. Trend Micro has certified our SaaS offerings and data centres under these global standards.

ISO 27017: 2015

ISO 27017

Committed to security and privacy in our cloud offerings, Trend Micro is certified under ISO/IEC 27017:2015, which provides guidelines for information security controls applicable to the provision and use of cloud services.

ISO 20000-1:2018

ISO 20000

Ensuring quality data through our threat discovery and response teams, Trend Micro is certified under ISO/IEC 20000-1:2018. It specifies requirements for organizations to establish, implement, maintain, and continually improve service management systems (SMS).

SOC 2 Type II

SOC 2 Type II

As an example of transparency and security, Trend Micro has undergone a SOC 2 Type II audit, which outlines the internal controls we use to safeguard customer data and how well those controls are operating.

PCI DSS Level 1 Service Provider

PCI DSS Level 1 Service Provider

The Payment Card Industry Data Security Standard (PCI DSS) stipulates that any organisation that deals with credit card information must secure payment card data in accordance with PCI standards. Aligned to our commitment to data privacy and security, Trend Micro Cloud One™ is a certified PCI DSS Level 1 service provider.

FIPS 140-2

FIPS 140-2

Trend Micro™ Deep Security™ and Trend Micro™ TippingPoint™ provide settings that enable cryptographic modules to run in a mode compliant with FIPS 140-2 standards. We have obtained certification for our Java crypto moduleNative crypto module (OpenSSL), and Trend Micro TippingPoint.

FIPS 140-2 support

Common Criteria

Common Criteria EAL2+

Common Criteria (CC) is an international standard for computer security certification. It provides assurance that the process of specification, implementation, and evaluation of a computer security product has been conducted in a rigorous, standard, and repeatable manner at a level that is commensurate with the target environment for use. Both Trend Micro Deep Security and Trend Micro TippingPoint have been certified under Common Criteria at the EAL2+ level.



Trend Micro, in partnership with Smartronix, Inc., delivers a FedRAMP certified offering for securing server and cloud workloads, operating at a Moderate impact level. This enables organisations to purchase market-leading security for the cloud and meet the requirements for controlled unclassified information across federal government agencies.

ICSA Labs certification

ICSA Labs Certification

Certified organisations demonstrate - through continuous independent third-party security testing performed by ICSA Labs - a high standard of security product quality. Trend Micro™ Deep Discovery™ has been tested and certified by ICSA Labs.



NetSecOPEN's transparent testing methodology allows organisations to understand performance under realistic conditions. This testing of Trend Micro TippingPoint provides organisations with the confidence needed for real-world deployments



HIPAA and HITECH impose requirements related to the use and disclosure of protected health information (PHI). HIPAA regulations require that covered entities enter into agreements with business associates to ensure that PHI is adequately protected.

WEEE logo

Waste Electrical and Electronic Equipment (WEEE) Directive

Trend Micro is committed to complying with the directive, which places responsibilities on producers and distributors of Electrical and Electronic Equipment (“EEE”) and batteries regarding the collection, treatment, recovery, and environmentally sound disposal of EEE and batteries at their end of life.