Raising the bar for enterprise-grade security in AI-powered CX: Zendesk gets Cyber Essentials Plus certified

Security and resilience are essential for CX platforms as AI‑powered support operations scale up. At Zendesk, protecting sensitive customer and employee data and upholding high security standards are non‑negotiable. We continuously validate and improve our controls. Last month, we achieved ISO 42001 certification – the world’s first international standard for AI management systems – making Zendesk among the first CX providers to do so.

We’re proud to announce we are now also Cyber Essentials Plus certified. Independently verified by IASME under the UK’s National Cyber Security Centre (NCSC), this certification provides audit‑ready evidence that our core safeguards work against common cyberattacks. This provides security and governance teams with transparent information to evaluate and helps service teams move faster with confidence.

How does Cyber Essentials Plus validate Zendesk security?

Cyber Essentials is a government‑backed, industry‑supported certification program overseen by the UK’s National Cyber Security Centre (NCSC) and assessed by IASME, the UK government’s trusted partner for this initiative. It establishes a baseline for cybersecurity by confirming five control areas are in place and effective:

• Firewalls: Acting as a protective barrier, these tools help control and limit the flow of incoming and outgoing internet traffic.
• Secure configuration: Ensuring that systems and devices are set up safely to minimize vulnerabilities and protect against unauthorized changes.
• User access control: Managing who can access data and services, making sure only authorized users have the necessary permissions.
• Malware protection: Implementing anti-virus and anti-malware solutions to detect and block threats.
• Security update management: Keeping software and systems up-to-date to protect against known vulnerabilities.

Cyber Essentials is a self-assessment graded by an independent assessor. Cyber Essentials Plus is more rigorous, including a technical audit to verify controls are in place, with hands-on testing of user devices, internet gateways, and externally facing servers. Zendesk has received both certifications.

Why it matters: Privacy-by-design for the future of AI

Independent validation that Zendesk’s essential security controls operate reliably is critical as organizations scale AI‑driven support operations. They emphasize our commitment to embedding privacy‑by‑design principles across all AI‑powered customer and employee experiences, helping organizations manage emerging risks and build trust at every touchpoint. A trusted security foundation further strengthens confidence in our platform to protect customer data, so your teams can focus on providing exceptional service with assurance, backed by independently validated controls.

How Zendesk stands out

Not all industry vendors go this far. As of Oct 28, 2025 the IASME registry shows many providers, including major players like Salesforce, Genesys, Sprinklr, Intercom and Decagon are not listed for Cyber Essentials Plus or hold only self‑assessed Cyber Essentials.

By choosing a fully certified partner like Zendesk, service leaders in the UK and globally can confidently demonstrate to their CIO, CISO, and AI Governance Councils that their organization is committed to using vendors whose security controls have been independently tested and verified by IASME, the official partner of the NCSC. Pair this with Zendesk’s broader security posture – and you get a platform designed to run secure operations at scale.

Ongoing commitment to customer trust & security

Security is never static, which is why we continuously test, monitor, and improve our security controls as threats and regulations evolve. That includes recognized frameworks like Cyber Essentials Plus, ISO 42001, ISO 27001/27018, and SOC 2 Type II.

To learn more about how Zendesk protects your data – and how our ongoing commitment to customer trust translates into security practices and certifications – visit the Zendesk Trust Center.