21st April 2015

Zoho Privacy and Security

Satisfy your company about Zoho Privacy and Security

With any IT Solution you should evaluate how secure, safe and private your data is. This is even more relevant with Cloud Solutions where you can’t physically see the servers that your data is stored on. We recommend that you should ask about Zoho Privacy and Security. With any Cloud Solution you should ask and satisfy yourself that the solution is compliant with your business requirements and / or regulation within your country or industry. We recommend that you ask for five key pieces of information:

 

  • Do you have defined Security Practices, Policies & Infrastructure? Are they assessed by an external organisation?
  • What is your privacy policy?
  • Where is your Data stored? Is it Safe Harbor Compliant?
  • Who else uses Zoho?
  • Backups

If a Cloud provider can not answer these questions in detail and to your satisfaction then our advice is to seek an alternative solution. It is our opinion that this information should be easily accessible – published online.

Zoho Security Practices, Policies & Infrastructure

Zoho have published their Security Practices, Policies & Infrastructure online.

 

Zoho data-centres are SAS 70 Compliant and Zoho Corporation is a licensee of the TRUSTe® Privacy Program.

Zoho Privacy Policy

Zoho have published their Privacy Policy online.

Safe Harbor

For a company Head-quartered in the EEA (European Economic Area) this is a critical concern. The (UK) Data Protection Act says that Personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. This is the eighth data protection principle, but other principles of the Act will also usually be relevant to sending personal data overseas.

 

Zoho, as many Cloud providers, store their data outside the EEA so this piece of legislation impacts your decision making. There is a scheme called The Safe Harbor Scheme – it is recognised by the European Commission as providing adequate protection for the rights of data individuals in connection with the transfer of their personal data to signatories of the scheme in the USA.

 

Zoho is Safe Harbor compliant, therefore Zoho complies with requirements of the UK Data Protection Act.

 

For further information about Safe Harbor visit the Information Commissioners page relating to Principle 8.

Satisfy yourself about Zoho Privacy and Security by asking who else?

Current businesses that use Zoho are a good barometer to the Security, Regulation and Compliance of a particular Product. If a customer list is available that demonstrates Government, Finance, Healthcare Industries there is a good probability (although not guaranteed) that they have completed due diligence as their industries are regulated.

 

Zoho publish some customer stories online – ask for more relevant examples to your industry or country.

Backups

How frequently is your data backed up and where is the backup stored?

 

All paid for editions of Zoho CRM have an automatic backup of once a month (note you have to enable this at initial configuration stage). This is stored on Zoho servers, but a download link is e-mailed to the Zoho CRM Administrator so that they can download and store the backup locally.

 

Additional backups and backups for the Free edition of Zoho can be completed at a cost of $ 10 per request.