Product Security and Certifications

Our deep commitment to security

Security by design

As new threats emerge and the number of laws and regulations continue to grow, our commitment to your security is unwavering. We are dedicated to ensuring our offerings meet critical industry certification and compliance requirements.

In addition to developing market-leading security offerings designed to enable digital transformation, we ensure that security is at the core of our development and SaaS management processes. From employee vetting, to how our development teams access resources – and so much more – security best practices are at the root of everything we do to securely deliver trustworthy products to the market.

Certifications

ISO 27001:2013 & ISO 27014:2013

System Certification ISO/IEC 27001 SGS

ISO/IEC 27001:2013 is a standard focused on having an information security management system (ISMS) in place, including security controls, for the secure operation of an offering. An extension of the standard, ISO/IEC 27014:2013 is focused on security governance, extending to many other aspects of the business. Demonstrating our commitment to security and privacy, Trend Micro has certified our SaaS offerings and data centers under both of these global standards.

ISO 27017:2015

System Certification ISO 27017 SGS

Committed to security and privacy in our cloud offerings, Trend Micro is certified under ISO/IEC 27017:2015, which provides guidelines for information security controls applicable to the provision and use of cloud services.

ISO 20000-1:2018

ISO 20000-1:2018 Certified

Ensuring quality data through our threat discovery and response teams, Trend Micro is certified under ISO 20000-1. It specifies requirements for organizations to establish, implement, maintain, and continually improve service management systems (SMS).

SOC 2 Type II

SOC2 Type II

As an example of transparency and security, Trend Micro has undergone a SOC 2 Type II audit, which outlines the internal controls we use to safeguard customer data and how well those controls are operating.

PCI DSS Level 1 Service Provider

PCI DSS Level 1 Service Provider

The Payment Card Industry Data Security Standard (PCI DSS) stipulates that any organization that deals with credit card information must secure payment card data in accordance with PCI standards. Aligned to our commitment to data privacy and security, Trend Micro Cloud One™ is a certified PCI DSS Level 1 service provider.

FIPS 140-2

FIPS 140-2

The Federal Information Processing Standard (FIPS) is a set of standards for cryptographic modules.

Trend Micro™ Deep Security™ and Trend Micro™ TippingPoint™ provide settings that enable cryptographic modules to run in a mode compliant with FIPS 140-2 standards. We have obtained certification for our Java crypto module, Native crypto module (OpenSSL), and Trend Micro TippingPoint.
 

Common Criteria EAL2+

FedRAMP

Common Criteria

Common Criteria (CC) is an international standard for computer security certification. It provides assurance that the process of specification, implementation, and evaluation of a computer security product has been conducted in a rigorous, standard, and repeatable manner at a level that is commensurate with the target environment for use. Both Trend Micro Deep Security and Trend Micro TippingPoint have been certified under Common Criteria at the EAL2+ level.

Fedramp

Trend Micro, in partnership with Smartronix, Inc., delivers a FedRAMP certified offering for securing server and cloud workloads, operating at a Moderate impact level. This enables organizations to purchase market-leading security for the cloud and meet the requirements for controlled unclassified information across federal government agencies.

ICSA Labs certification

ICSA Labs certification

Certified organizations demonstrate - through continuous independent third-party security testing performed by ICSA Labs - a high standard of security product quality. Trend Micro™ Deep Discovery™ has been tested and certified by ICSA Labs.