TikTok’s U.S. subsidiary, TikTok USDS Joint Venture, has announced another step in its efforts to reassure American users about the safety of the app. The spin-off group has gained ISO/IEC 27001:2022 certification, which verifies that its security infrastructure meets global benchmarks.
ISO/IEC 27001:2022 certification relates to information security management, and the systems that support the protection, operation, and production of a service.
As explained by the International Organization for Standardization: “ISO/IEC 27001 is the world’s best-known standard for information security management systems (ISMS). It defines requirements an ISMS must meet. The ISO/IEC 27001 standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system.”
As such, the certification means that the organization or business has established systems to manage risks related to the security of data owned or handled by the company, and according to ISO, the system “respects all the best practices and principles enshrined in this International Standard.”
TikTok USDS said the certification demonstrates that it has enacted appropriate organizational and people controls to ensure its data management processes meet these requirements.
Which could provide more reassurance for U.S. TikTok users.
TikTok was forced to sell the U.S. segment of its business into U.S. ownership after the U.S. government voted in support of the Protecting Americans from Foreign Adversary Controlled Applications Act in 2024, which stipulates that foreign adversary-controlled applications, such as those owned by ByteDance, cannot operate in the U.S.
The concern was that ByteDance, which is based in China, could be forced to share information on U.S. users with the government in China, due to China’s cybersecurity laws, which relate to data gathering and monitoring.
The U.S. government delayed enactment of the law for more than a year, in order to work out a compromise, which ended with the sale of TikTok’s U.S. operations to a consortium of government-approved U.S. businesses.
This new certification is in line with this push, and ensures that people in the U.S. can feel safe in the knowledge that any information they share in the app is not being misused or accessed by groups outside of the TikTok USDS organization.
Which includes foreign data transfers, which had been a point of contention in talks. The certification confirms that, from a technical standpoint, the TikTok USDS operation is in line with international standards on data storage and security.
