July 25th, 2019
Data security and privacy are critical aspects of any enterprise mobility effort. With Android Enterprise, we’ve built features that give IT teams flexible tools and policies to keep corporate and personal data secure.
These efforts were recently validated by the ISO 27001 certification. This means that Android Enterprise information security practices and procedures for Android Management API, zero-touch enrollment and managed Google Play meet strict industry standards for security and privacy.
Sound privacy, data security, organizational policy and practices are essential to gaining user trust. The ISO 27001 certification and SOC 2 and 3 reports confirm Google’s information security practices so that IT admins, users and other stakeholders have confidence about Android Enterprise security practices.
Granted by the International Organization for Standardization, ISO 27001 outlines the requirements for an information security management system. It specifies best practices and details a list of security controls regarding information risk management.
The SOC 2 and 3 reports are based on the American Institute of Certified Public Accountants (AICPA) Trust Services principles and criteria. To earn this, auditors assess an organization’s information systems relevant to security, availability, processing integrity and confidentiality or privacy.
To earn these certifications, an independent assessor performed a thorough audit to ensure compatibility with the established principles. The entire methodology of documentation and procedures for data management are reviewed during such audits and must be made available for regular compliance review.
Android is invested in a wide range of protections and management tools to help companies secure their data. This external validation, together with our ongoing efforts, is a testament to how Android Enterprise meets the highest privacy and security needs of today’s businesses.