Citrix recognizes the importance of information security to our globally dispersed customers and prospects. Customers expect strong information security practices through third-party assessments and certifications. While SOC 2 provides assurance for Citrix controls and meets customers’ expectations within the US, our global customers need similar assurances such as alignment with ISO/IEC 27001:2013 (“ISO 27001”) to illustrate Citrix’s commitment to information security against internationally recognized standards.
The International Organization for Standardization (ISO) is an independent, non-governmental body comprised of representatives from numerous national standard organizations (165 member countries) and promotes proprietary, industrial, and commercial standards. ISO is the world’s largest developer of voluntary international standards, publishing over 20,000 standards, providing solutions to global challenges in the areas of manufacturing, technology, agriculture, and healthcare. ISO standards are voluntary, not mandated or regulated. Certifications to ISO standards are evaluated and managed by external certification bodies, not by ISO, and not all standards are certifiable.
The ISO 27000 series of standards focuses on information security, risk management, and privacy management which, when combined, creates a globally recognized framework applicable to organizations of all sizes and sectors.