Security and Compliance

We build trust by protecting your data and complying with legislation

ISO 27001:2013 certified

ISO 27001: 2013 is a security standard that governs an organization’s Information Security Management System (ISMS). This includes implementing steps to identify and maintain the assets, technologies and processes needed to protect customer information and to help ensure the confidentiality, integrity and availability of customer data and supporting services.

This standard leverages best practices and comprehensive security controls from ISO 27002. It includes people, processes and IT systems by applying risk management processes. Jahia’s ISO 27001:2013 certification covers Cloud, IT, Support, Professional Services, Legal, HR, Product Development and General Administration company-wide and is available here.

iso27001-coalfire.png

Jahia follows a holistic and collaborative approach to guarantee the confidentiality, availability and integrity of your data. We always consider the big picture when working on the security aspects of our products.

Product development

We included all Jahia development teams in the scope of our ISO 27001:2013 certified information security management system. It means that security is considered throughout the lifecycle of the development and release of our software. Our software code is constantly scanned for security threats and we release security fixes on a frequent basis to ensure your on premise and cloud environment's security.

Cloud hosting

When it comes to Cloud, the security of the infrastructure is just as important as the security of the software you put on top of it. Jahia only works with leading Cloud vendors with trusted security and a solid track record. Jahia hosts all of its Cloud infrastructures on AWS and Azure. All our client data is encrypted at rest, be it live, failover or backup data. Data transfer only occurs through encrypted channels.

The Jahia Cloud infrastructure is highly available and spread across multiple datacenters to ensure no Single Point of Failure.

We conduct frequent penetration tests to ensure a secure Cloud environment. We also perform external penetration tests on a regular basis.

illustrations-03.png

GDPR

Jahia has deep European roots and puts personal data protection at the core of its values. Everything Jahia touches, be it product or website related, has a strict GDPR compliance implementation.

To ensure ongoing compliance with evolving global privacy laws, Jahia reviews how it collects and processes personal data in its internal and external operations with customers, partners, vendors and employees.

Ongoing compliance effort

Jahia recognizes the need for a safe and secure Cloud offering and is involved in several Compliance project expected to be delivered in 2020:

  • SOC 2: The report provides details on the effectiveness of a service organization’s controls focusing on trust principles and criteria containing customer data. Jahia is currently leading a SOC 2 compliance project whose scope will encompasses all aspects of Jahia Cloud. 
  • HIPAA: The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Jahia is working on implementing HIPAA for Jahia Cloud by 2020.
iStock-937135454-resize800x533.jpg