Meenu Sharma

Pivotal Tracker is now ISO/IEC 27001:2013 certified

Security News Updates

Adhering to security and compliance enterprise standards has been the top focus for many products in uncertain times. Tracker has already been PCI and GDPR compliant, and we’re leaving no stone unturned by investing in securing and making Tracker a much more compliant SaaS offering than before.

We’re excited to share that Pivotal Tracker, under the hood of VMware, is now ISO/IEC 27001:2013 certified.

What’s in the scope of this certification?

The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS) supporting the management of the infrastructure and services used to support VMware’s in-scope cloud services and in accordance with the statement of applicability version 2.0, dated May 25, 2022, and aligned to the control sets in ISO/IEC 27017:2015 and ISO/IEC 27018:2019. Assets within the scope of the ISMS include information, software, databases, hardware, and employees supporting the in-scope VMware cloud services.

Which region and industry this certification is applicable and what is ISO?

ISO 27001 certification is applicable for Global Region and all types of industries. You can click below to access the certificate directly.

Search for ISO/IEC 27001 Certificate

CERTIFICATE OF REGISTRATION Information Security Management System - ISO/IEC 27001:2013

About ISO

The International Organization for Standardization (ISO) is an independent, non-governmental international organization with an international membership of 167 national standards bodies. The ISO/IEC 27000 family of standards helps organizations keep their information assets secure.

ISO/IEC 27001:2013 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO/IEC 27002 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program, at VMware.

ISO/IEC 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.

What’s coming next…??

We’re working on SOC-2 certification for Tracker and will keep you posted on the progress via future blogs.

We hope that sharing such updates makes you more confident in Tracker’s security and compliance commitment. As always, please don’t hesitate to share your feedback by emailing us at or by selecting Provide Feedback under the Help menu in Tracker. We love hearing from you!

–The Tracker Team–