Citrix recognizes the importance of information security and privacy to our globally dispersed customers and prospects. Customers expect strong information security and privacy practices through third-party assessments and certifications. While SOC 2 provides assurance for Citrix controls and meets customers’ expectations within the US, our global customers need similar assurances such as alignment with ISO/IEC 27001:2013 (“ISO 27001”) and ISO/IEC 27701:2019 (“ISO 27701”) to illustrate Citrix’s commitment to information security and privacy against internationally recognized standards.
The International Organization for Standardization (ISO) is an independent, non-governmental body comprised of representatives from numerous national standard organizations (165 member countries) and promotes proprietary, industrial, and commercial standards. ISO is the world’s largest developer of voluntary international standards, publishing over 20,000 standards, providing solutions to global challenges in the areas of manufacturing, technology, agriculture, and healthcare. ISO standards are voluntary, not mandated or regulated. Certifications to ISO standards are evaluated and managed by external certification bodies, not by ISO, and not all standards are certifiable.
The ISO 27000 series of standards focuses on information security, risk management, and privacy management which, when combined, creates a globally recognized framework applicable to organizations of all sizes and sectors.
The ISO 27001 standard outlines fundamental elements of creating, maintaining and continuously improving an information security management system (ISMS). The requirements set out in ISO/IEC 27001:2013 are generic and intended to be applicable to organizations, regardless of type, size or nature. Through certification to this standard, Citrix strives to demonstrate our commitment to effective operation of security controls, continuous risk management, and protection of assets.
The ISO 27701 standard builds upon the foundation laid in ISO 27001 by adding privacy fundamentals in with security and forming a privacy information management system (PIMS). The requirements set out in ISO/IEC 27701:2019 apply to organizations considered PII (personally identifiable information) controllers or processors. ISO 27701 is related to all the requirements stated in the data protection regulations like GDPR. Through certification to this standard, Citrix strives to demonstrate our commitment to effective operation of privacy controls, continuous privacy risk management, and protection of PII, as well as Citrix’s alignment to GDPR requirements.