TikTok US Joint Venture Earns Security Certification

TikTok’s U.S. subsidiary, TikTok USDS Joint Venture, has obtained ISO/IEC 27001:2022 certification for its information security management systems.

The certification, granted by the International Organization for Standardization, verifies that the company has established appropriate controls to manage risks related to data security, including protection, operation, and service delivery. It confirms that TikTok USDS follows globally recognized best practices for safeguarding user data.

The development is part of ongoing efforts to address concerns about data privacy and potential foreign access to U.S. user information. TikTok was required to separate its U.S. operations following the 2024 passage of the Protecting Americans from Foreign Adversary Controlled Applications Act. The law addressed fears that ByteDance, TikTok’s Chinese parent company, could be compelled to share data with the Chinese government under that country’s cybersecurity regulations.

The U.S. operations were subsequently sold to a consortium of U.S. businesses approved by the government. The ISO certification provides an independent verification that the U.S. entity maintains robust data management and security practices, including controls over foreign data transfers – a key point of contention during negotiations.

While the certification does not eliminate all concerns about platform security, it offers a formal benchmark for data protection processes. Whether or not this will lead to chagnes in how TikTok operates or handles data remains to be seen, but for now, it acts as confirmation that the platform is following specific regulations regarding its data.