Security is one of the top concerns for businesses moving to a cloud-based solution. To ensure customer and business data is always protected, Zendesk combines enterprise-class security features with comprehensive audits of our applications, systems, and networks. We use best practices and industry standards to achieve compliance with industry-accepted general security and privacy frameworks, which in turn helps our customers meet their own compliance standards.
That’s why we’re excited to share that Zendesk has been granted the Health Data Hosting (HDS - Hébergeur de Données de Santé) certification! This certification enables healthcare providers in France to use Zendesk’s customer service and engagement platform with confidence that our platform has appropriate technical and governance measures in place to secure and protect personal health information (PHI).
The HDS certification was introduced by the French governmental agency for health, “Agence du Numérique en Santé” (ANS), and is required for entities that host personal health data governed by French laws. It provides a framework and aims to strengthen the security and protection of personal health information (PHI). To be HDS certified, service providers must implement measures that keep personal health data secure, confidential, and accessible by patients. These measures include strong authentication and authorization procedures, robust backup systems, and powerful encryption methods. HDS also specifies mandatory provisions that must be included in contracts with the cloud service provider. These requirements apply no matter where the data is stored.
More about Zendesk HDS certification
Zendesk compliance with the HDS requirements has been audited and certified by Ernst & Young CertifyPoint, an independent certifying body accredited by French authorities to conduct HDS audits. Zendesk is now listed on the ANS website as an HDS-certified host.
Zendesk’s HDS certification can be downloaded here.
To be HDS certified, a cloud service provider must also be ISO 27001 certified. Zendesk’s ISO 27001 certification can be downloaded here.
Zendesk products in scope for HDS
See current list of in-scope products below:
Zendesk Suite (excluding Talk)
Zendesk Suite add-ons (excluding Voice usage credits)
- Customer lists & NPS surveys
- Premium Sandbox
- Data storage
- Premium Sandbox
- WhatsApp numbers
- High-volume API
Zendesk Legacy add-ons
- Productivity Pack
- Unlimited Multibrand
- Premium Sandbox
- Social messaging
- WhatsApp phone number hosting fee
- More storage
Impact to our customers
Companies that work in the French healthcare industry and that are subject to the French Public Health Code (Code de la Santé Publique) can confidently store French PHI on the Zendesk Customer Service Platform. There are some requirements (such as Service Plan requisites) in order to benefit from the HDS certification and activate an HDS-enabled account. Moreover, the French Public Health Code requires the execution of specific contractual terms between the health data hosting service provider and its customers.
Eligible customers must reach out to their Zendesk licensing point of contact to enter into these specific contractual terms before hosting French PHIon the Zendesk platform. As per the Shared Responsibility Model, it is our customers’ responsibility to evaluate their own compliance requirements. Please review the HDS Standards on the ANS website for more details.
Want to learn more?
If you’re a healthcare provider in France that is looking to take your customer experience to the next level, you can find out more information about HDS and the requirements to leverage our certification by contacting our Sales team here.