Security and Compliance

We build trust by protecting your data and complying with legislation

Information Security at Jahia

Jahia follows a holistic and collaborative approach to guarantee the confidentiality, availability and integrity of your data. We always consider the big picture when working on the security aspects of our products.

Information security management system

Jahia is committed to preserving the confidentiality, integrity, and availability of all physical and electronic information assets throughout the company. This is defined and managed within an Information Security Management System (ISMS). Download the Jahia ISMS overview to get more details on our data security compliance policies.

Product development

We included all Jahia development teams in the scope of our ISO 27001:2013 certified information security management system. It means that security is considered throughout the lifecycle of the development and release of our software. Our software code is constantly scanned for security threats and we release security fixes on a frequent basis to ensure your on premise and cloud environment's security.

Cloud hosting

When it comes to Cloud, the security of the infrastructure is just as important as the security of the software you put on top of it. Jahia only works with leading Cloud vendors with trusted security and a solid track record. Jahia hosts all of its Cloud infrastructures on AWS and Azure. All our client data is encrypted at rest, be it live, failover or backup data. Data transfer only occurs through encrypted channels.

The Jahia Cloud infrastructure is highly available and spread across multiple datacenters to ensure no Single Point of Failure.

We conduct frequent penetration tests to ensure a secure Cloud environment. We also perform external penetration tests on a regular basis.

Security Certifications

GDPR compliant GDPR compliant

Jahia has deep European roots and puts personal data protection at the core of its values. Everything Jahia touches, be it product or website related, has a strict GDPR compliance implementation.

To ensure ongoing compliance with evolving global privacy laws, Jahia reviews how it collects and processes personal data in its internal and external operations with customers, partners, vendors and employees.

HIPAA compliant HIPAA compliant

The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection for the healthcare and life sciences sectors. Jahia has been assessed by Coalfire Inc., a widely recognized and respected certification body, as being fully compliant with the HIPAA Security Rule within the HIPAA legislation.  A certificate of completion issued by Coalfire is available for download.  A copy of the Coalfire compliance report is available on request.

HIPAA compliant

ISO 27001 certified ISO 27001:2013 certified

ISO 27001: 2013 is a security standard that governs an organization’s Information Security Management System (ISMS). This includes implementing steps to identify and maintain the assets, technologies and processes needed to protect customer information and to help ensure the confidentiality, integrity and availability of customer data and supporting services.

This standard leverages best practices and comprehensive security controls from ISO 27002. It includes people, processes and IT systems by applying risk management processes. Jahia’s ISO 27001:2013 certification covers Cloud, IT, Support, Professional Services, Legal, HR, Product Development and General Administration company-wide and is available here.

ISO 27001

PCI DSS compliant PCI DSS compliant

Jahia complies with all requirements of the PCI DSS SAQ A 3.2.1 standard and performs a compliance evaluation on a yearly basis. The PCI DSS SAQ A standard allows Jahia customers to run e-commerce websites where the payment card processing is fully outsourced to a PCI DSS compliant vendor.

Jahia's Information Security Management System enforces strict controls on policy review, risk evaluation and remediation, server patching, cryptographic controls and access controls, as requested by PCI DSS SAQ A.

PCI DSS