· Zammad GmbH, developer and provider of the eponymous open-source helpdesk and ticketing platform, has achieved certification of its information security management system — an important milestone for vendor management in enterprises and public-sector organizations.
Berlin, June 18, 2026 – Zammad GmbH has been awarded ISO/IEC 27001:2022 certification. The international standard sets requirements for an information security management system (ISMS) and, in its current version, explicitly accounts for modern IT environments, cloud architectures, and the constantly evolving cyber threat landscape. As part of the certification process, the processes, responsibilities, and security measures relevant to Zammad GmbH's defined scope were comprehensively audited.
Helpdesk and ticketing systems process vast amounts of sensitive information every day: personal data, contract details, technical log files, internal communications, and business-critical correspondence. Handling this information responsibly is essential for companies and public institutions alike.
With ISO/IEC 27001:2022 certification, Zammad gives its customers independently verified assurance that information security is systematically embedded in the company's processes and responsibilities, with confidentiality, integrity, and availability of information at the core.
The certification is particularly valuable for large enterprises, government agencies, and organizations in regulated industries, where it meaningfully simplifies vendor management and software evaluation. Security questionnaires, vendor assessments, and review procedures led by IT, privacy, or compliance teams are often a standard part of procurement. Zammad's certification documentation provides a solid foundation for these processes, helping streamline internal approvals and software rollout.
"ISO/IEC 27001:2022 certification marks an important milestone for us, especially given the growing demands of the enterprise and public sector," says Martin Edenhofer, founder and CEO of Zammad GmbH. "As an open-source provider, transparency and accountability have always been of our DNA. With a certified ISMS, we're now demonstrating that same commitment to information security at the organizational and procedural level."
As AI adoption in customer support grows, the certified ISMS provides a dependable foundation. Customers retain full flexibility in choosing which large language model (LLM) to connect. The ISO audit specifically covered the APIs and internal data pathways that Zammad provides for AI integration, evaluating and certifying their information security to ensure protected data transfer within the platform infrastructure. The certification applies to Zammad's ISMS and the infrastructure it operates; the security practices of a customer's chosen third-party LLM provider fall outside the audit's scope.
ISO 27001 certification isn't a one-time achievement but an ongoing process. Annual surveillance audits ensure that Zammad's security measures continue to evolve alongside new technological developments and shifting threat scenarios.
Zammad is a modern, open-source helpdesk and ticketing system that helps companies and public institutions manage customer inquiries, internal service processes, and cross-team communication in a centralized, transparent, and efficient way.
Zammad can be deployed as a SaaS solution or hosted on a customer's own infrastructure. With flexible integration options and the freedom to choose connected AI models, organizations retain full control over their systems and data. Founded in 2016, the company is headquartered in Berlin.